last executing test programs: 26.997254868s ago: executing program 2 (id=707): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) syz_mount_image$fuse(0x0, &(0x7f0000000000)='./bus\x00', 0x300f401, 0x0, 0x2, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) r1 = fanotify_init(0xf00, 0x1000) fanotify_mark(r1, 0x105, 0x5000003a, r0, 0x0) 24.859840367s ago: executing program 2 (id=709): syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x80201) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fec000/0x14000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x1c79, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x3, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 23.022910687s ago: executing program 2 (id=722): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x88b02, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000440)={0x1, &(0x7f0000000000)=[{0x6, 0x4, 0x0, 0x7fff8000}]}) close_range(r1, 0xffffffffffffffff, 0x0) 22.452033376s ago: executing program 2 (id=714): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nobarrier}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x2}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x3, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file7\x00', 0x18b) chdir(&(0x7f00000003c0)='./bus\x00') renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file7/file0\x00', 0x0) 21.599215984s ago: executing program 2 (id=721): r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0x88) openat$cgroup_pressure(r1, &(0x7f0000000200)='cpu.pressure\x00', 0x2, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'veth1\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xf, [0xa, 0x1, 0x7fff, 0x1, 0x4, 0x9, 0xa4, 0xffb, 0x7, 0xb69, 0xc1, 0x4, 0x1, 0x3, 0x5, 0x101, 0x0, 0x9, 0x3, 0x3, 0x1, 0xfffffffa, 0x0, 0x6, 0x9, 0x4, 0x7, 0x5, 0x100000, 0x762, 0x3, 0xd, 0xe, 0x2b12, 0x100, 0x6, 0x1c00, 0xb, 0x7, 0xbed4, 0x8, 0x8000100, 0x3, 0x0, 0x11000, 0x8, 0x5, 0x79b, 0x2, 0x1, 0x7f, 0x4, 0xa, 0x7, 0xf, 0x101, 0xd7, 0x1fa0860a, 0x7, 0xaa, 0x81, 0x2, 0x180000, 0x4007, 0x8b, 0x5, 0x2af, 0xf7, 0x5, 0x2, 0x6, 0x9, 0x4, 0x7, 0x4009, 0x0, 0x4, 0x100002, 0x8, 0x752, 0x0, 0x3, 0x0, 0x10001, 0x2, 0xffffffff, 0x6, 0x6, 0x9, 0x80000000, 0xfdffffff, 0x2, 0x2, 0x84, 0x100, 0x5, 0x252, 0x0, 0xb, 0x5, 0x20006, 0x5, 0x2, 0xb, 0x2, 0x9, 0xd, 0x2a2, 0xfffffffd, 0x3, 0x2, 0x5, 0x8, 0x0, 0x4, 0x2, 0x40, 0x8, 0x4, 0x4, 0x401, 0x66cd, 0x8, 0x8, 0x1, 0x1fc, 0xc5c, 0xffffffff]}}) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) 20.448140702s ago: executing program 2 (id=730): syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB="00000100000022"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000007"], 0x50) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 19.625593188s ago: executing program 32 (id=730): syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB="00000100000022"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000007"], 0x50) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 17.664157733s ago: executing program 1 (id=736): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000580)={[{@max_batch_time={'max_batch_time', 0x3d, 0x4}}, {@max_batch_time={'max_batch_time', 0x3d, 0x2}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@block_validity}, {@errors_remount}, {@nombcache}]}, 0x1, 0x44f, &(0x7f0000000640)="$eJzs28tvG8UfAPDvrpP219cvoSqPPoBAQVQ8kiYtpQcuIJA4gIQEh3IMSVqVug1qgkSrCAJC5YgqcUcckfgLOMEFASckrnBHlSoUIbVwMlp7N7Ed23nUiaH+fKRtZ3bXnfl6drwzO90A+tZI9kcSsTcifo2IoVq28YSR2l+3lxam/lpamEqiUnnjj6R63q2lhani1OJze4rMQET6SRKHW5Q7d+XqhclyeeZynh+bv/ju2NyVq8+cvzh5bubczKWJ06dPnhh/7tTEs12JM4vr1qEPZo8cfOWt669Nnbn+9o9fJ0X8TXF0yUing49XKl0urrf21aWTgR5WhA0p1bppDFb7/1CUYqXxhuLlj3taOWBLVSqVyn3tDy9WgLtYEr2uAdAbxY0+m//mW3Hr34bRR+/dfKE2Acpiv51vtSMDkebnDDbNb7tpJCLOLP79RbbFRp9DpFtUKQDgrvZtNv55umH8l48/0qh/LvT/fA1lOCLuiYj9EXEqIg5ExL0R1XPvj4gHWhWStC+/eZFk9fgnvbHp4NYhG/89n69tNY7/lgdXw6U8t68a/2By9nx55nj+nRyLwZ1ZfrxDGd+99Mtn7Y7Vj/+yLSu/GAvm9bgxsLPxM9OT85N3EnO9mx9FHBpoFX+yvBKQNd/BiDi0yTLOP/nVkSJ9uNR4bO34O+jCOlPly4gnau2/GE3xF5LO65Nj/4vyzPGx4qpY7aefr73ervw7ir8Lsvbf3fL6X45/OKlfr53beBnXfvu07Zxms9f/juTNhn3vT87PXx6P2JG8Wqt0/f6JpvMmVs7P4j92tHX/3x8r38Th7PpPIx6MiIci4uG87o9ExKMRcbRD/D+8+Ng7HeP/s138Ozv8q92RxT/d0P7FD1+79l9J7IjmPa0TpQvff9NQ6HBT/Gu2/8lq6li+Zz2/f+up1+auZgAAAPjvySb7eyNJR5fTaTo6Wvs//Adid1qenZt/6uzse5ema+8IDMdgWjzpGqp7HjqeT+uL/ERT/kT+3Pjz0q5qfnRqtjzd6+Chz+1p0/8zv5d6XTtgy3lfC/qX/g99q/49AKDPuP9D/2rR/3f1oh7A9mt1//+wB/UAtl9T/7fsB33E/B/6l/4P/Uv/h740tyvWfkleQmJVItJ/RTUktijR618mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA7vgnAAD//wW66qg=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000d80)='./file1\x00', 0x143042, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305829, &(0x7f0000000240)={0x17c04, 0xffffffffffffffff, 0x4, 0x100000003, 0x1}) lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f00000001c0)=ANY=[], 0x361, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x161281, 0x0) lsetxattr(&(0x7f0000000300)='./file1\x00', &(0x7f00000003c0)=@random={'trusted.', '@\x00'}, &(0x7f0000000440)='$\x9c@*\x00', 0x5, 0x1) 16.950669606s ago: executing program 1 (id=740): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000440)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x4008054) write$nci(r0, &(0x7f0000000dc0)=@NCI_OP_RF_INTF_ACTIVATED_NTF={0x1, 0x0, 0x3, 0x5, 0x3, @b={0x23, 0x3, 0x5, 0x1, 0x0, 0x7, 0x7, {}, 0xff, 0x6, 0x4, 0xe, 0xd, "b29b279dfd63b645d0a05abff2"}}, 0x1d) 16.263094298s ago: executing program 1 (id=743): write$RDMA_USER_CM_CMD_BIND(0xffffffffffffffff, &(0x7f0000000840)={0x14, 0x88, 0xfa00, {0xffffffffffffffff, 0x0, 0x0, @in6={0xa, 0x4e22, 0x272b, @mcast2}}}, 0x90) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x899, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x15, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="dbaa00fea0"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd}, 0x94) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 16.003492987s ago: executing program 1 (id=745): openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f0000000040), 0x10001, &(0x7f00000001c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}}) syz_mount_image$exfat(&(0x7f0000002bc0), &(0x7f0000000880)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x804, &(0x7f0000000040)={[{@allow_utime={'allow_utime', 0x3d, 0x6}}, {@dmask={'dmask', 0x3d, 0x8}}, {@sys_tz}, {@iocharset={'iocharset', 0x3d, 'cp932'}}, {@umask={'umask', 0x3d, 0xd}}, {@namecase}, {@keep_last_dots}, {@namecase}, {@gid}, {@errors_continue}]}, 0x1, 0x152f, &(0x7f00000008c0)="$eJzs3AuYjlXXOPC19t43Q9LTJIdh771unuSwSUIOSXJIkiRJckpIkrySkBhyShqSkByG5DA0JIeJSeN8PktCkjRJEpJTsv/XxPzVW+/X+31vb77vnfW7rueavWY/a9/rnuV57sM85ptuw2s1qV29ERHBvwQvfokHgBgAGAwA1wBAAADlYsvFZsznkBj/r22E/bkeTLrSFbArifuftXH/szbuf9bG/c/auP9ZG/c/a+P+Z23cf8aysi0zC1zLj6z74Pv/WRkf//+DpJca/8W6Utd3B8j2z6Zw///vw38hl/v/H6nbpQPvH+L+Z23c/6wq5koXwP4X4Nd/VpD9H85w/7M27j9jWdkv7wXHwJW/H/1XPyDy7/wdiO9z8ad85ffzH+4/Y4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDH2FzjjL1MAkDm+0nUxxhhjjDHGGGPsz+OzX+kKGGOMMcYYY4wx9u+HIECCggCyQXaIgRyQEwRAtsz5ayEWroM8cD3khXyQHwpAHBSEQqDBgAWCEApDEYjCDVAUboRiUBxKQElwUApKw01QBm6GsnALlIPyUAFuhYpQCSpDFbgNqsLtUA3ugOpwJ9SAmlALasNdUAfuhrpwD9SDe6E+3AcN4H5oCA9AI3gQGsND0AQehqbwCDSD5tACWkKr/1H+89ALXoDe0AfioS/0gxehPwyAgTAIBsNLMARehqHwCiTAMBgOr8IIeA1GwuswCkbDGHgDxsKbMA7GwwSYCIkwCSbDWzAF3oapMA2mwwxIgpkwC96BZJgNc+BdmAvvwTyYDwtgIaTA+7AIFkMqfABL4ENIg6WwDJbDClgJq2A1rIG1sA7WwwbYCJtgM2yBrbANtsMO+Ah2wsewCz6B3bAH9sKnsA8++2/mn/67/O4ICChQoEKF2TAbxmAM5sScmAtzYW7MjRGMYCzGYh7Mg3kxL+bH/BiHcVgIC6FBg4SEhbEwRjGKRbEoFsNiWAJLoEOHpbE0lsGbsSyWxXJYDitgBayIlbASVsEqWBWrYjWshtWxOtbAGlgLa+FdeBf2xbpYF+thPayP9TNvT2EjbISNsTE2wSbYFJtiM2yGLbAFtsJW2BpbYxtsg+2wHbbH9tgBO2BH7IidsBN2xs7YBbtgV+yK3bAbdsce2CP9+eyAL+AL2AdriL7YD/thf0zIPhAH4SB8CYfgy/gyvoIJOAyH46v4Kr6GI/EUjrowGsfgGKwq3sRxOB5JTMRETMTJOBmn4BScitNwGs7AJJyJs3AWJuNsnI3v4lx8D9/D+TgfF2IKpuAiXIypmIpL8DSm4VJchstxBa7EFbga1+BqXIfrcR1uxI24GTfjVtyK23E7foQf4ceoAPAT3IN7MAH34T7cj/vxAB7Ag3gQ0zEdD+EhPIyH8QgewaN4FI/hcTyBx/EknsRTeBrP4Bk8h+fwPD4b91Xjj4uvTQCRQQmFl17wIqfIKXKJXCK3yC0iIiJiRazII/KIvCKvyC/yizgRJwqJQsIII0iEGe8UIiqioqgoKoqJYqKEKCGccKK0KC3KiDKirCgryonyooK4VVQUlURbV0VUEVVFO1dN3CGqi+qihqgpaonaoraoI+qIuqKuqCfqifqivmgg7hcNRV8ciA+KjM40EcOwqRiOzURzIS8V3FqMxDairWgnHhejcRR2EK1dR/GU6CTGYWfxNzEenxFdxUTsJp4T3UUP0VM8L3qJNq636COmYl/RT8zA/mKAGCgGiWSsKd7FuTlqiVdEghgmhotXxUJ8TYwUr4tRYrQYI94QY8WbYpwYLyaIiSJRTBKTxVtiinhbTBXTxHQxQySJmWKWeEcki9lijnhXzBXviXlivlggFooU8b5YJBaLVPGBWCI+FGliqVgmlosVYqVYJVaLNWKtWCfWiw1io9gkNostYqvYJraLHeIjsVN8LHaJT8RusUfsFZ+KfeIzsV98Lg6IL8RB8aVIF1+JQ+JrcVh8I46Ib8VR8Z04Jo6LE+J7cVL8IE6J0+KMOCvOiR/FefGTuCC8AIlSSCmVDGQ2mV3GyBwyp7xK5pJB5vu/jJXXyTzyeplX5pP5ZQEZJwvKQlJLI60kGcrCsoiMyhtkUXmjLCaLyxKypHSylCwtb5Jl5M2yrLxFlpPlZQV5q6woK8nKsoq8TVaVt0uIXNxGDVlT1pK15V0yHu6WdeU9sp68V9aX98kG8n7ZUD4gG8kHZWP5kGwiH5ZN5SOymWwuW8iWspV8VLaWj8k2sq1sJx+X7eUTsoN8UnaUT8lO0l/6J/KM7Cqfld3kc7K77CF7yp/kBellb9lHQl+Q/eSLsr8cIAfKQXKwfEkOkS/LofIVmSCHyeHyVTlCviZHytflKDlajpFvyLHyTTlOjpcT5ESZKCfJyfItOUW+LafKaXK6nCGT5Ew58NJKc6T8w/y3fid/6M9b3yy3yK1ym9yefPbijshdcpfcLXfLvXKv3Cf3yf1yvzwgD8iD8qBMl+nykDwkD8vD8og8Io/Ko/KYPC7Pyu/lSfmDPCVPy9PyrDwnz8nzl34GoFAJJZVSgcqmsqsYlUPlVFepXOpqlVtdoyLqWhWrrlN51PUqo4D8qoCKUwVVIaWVUVaRClVhVURF1Q2Z7x+qhCqpnCqlSqubfpWfV+VT/0W+KqpuVMVU8V/lZ9YX/w/qa6VaqdaqtWqj2qh2qp1qr9qrDqqD6qg6qk6qk+qsOqsuqovqqrqqbqqb6q66q56qp+qleqneqreKV/Gqn3pR9VcD1EA1SA1WL4mMfRiqhqoElaCGq+FqhBqhRqqRapQapcaoMWqsGqvGqXFqgpqgElWimqwmqylqipqqpqrparpKUklqlpqlklWymqPmqLlqrpqn5qkFaoFKUSlqkVqkUlWqWqKWqDS1VC1Vy9VytVKtVKvVarVWrVXr1Xq1UW1UaWqL2qK2qW1qh9qhdqqdapfapXar3Wqv2qv2qX1qv9qvDqgD6qA6qNJVujqkDqnD6rA6oo6oo+qoOqaOqRPqhDqpTqpT6pQ6o86oc+qcOq/OqwvqQsZpXyACEahABdmCbEFMEBPkDHIGuYJcQe4gdxAJIkFsEBvkCa4P8gb5gvxBgSAuKBgUCnRgAhuIS02PBjcERYMbg2JB8aBEUDJwQamgdHBTUCa4OSgb3BKUC8oHFYJbg4pBpaByUCW4Laga3B5UC+4Iqgd3BjWCmkGtoHZwV1AnuDuoG9wT1AvuDeoH9wUNgvuDhsEDQaPgwaBx8FDQJHg4aBo8EjQLmgctgpZBqz91fe9P5XvM9dZ9dLzuq/vpF3V/PUAP1IP0YP2SHqJf1kP1KzpBD9PD9at6hH5Nj9Sv61F6tB6j39Bj9Zt6nB6vJ+iJOlFP0pP1W3qKfltP1dP0dD1DJ+mZepZ+Ryfr2XqOflfP1e/peXq+XqAX6hT9vl6kF+tU/YFeoj/UaXqpXqaX6xV6pV6lV+s1eq1ep9frDXqj3qQ36y16q96mt+sd+iO9U3+sd+lP9G69R+/Vn+p9+jO9X3+uD+gv9EH9pU7XX+lD+mt9WH+jj+hv9VH9nT6mj+uy+nt9Uv+gT+nT+ow+q8/pH/V5/ZO+oH3GyX3G4d0oo0w2k83EmBiT0+Q0uUwuk9vkNhETMbEm1uQxeUxek9fkN/lNnIkzhUwhk4EMmcKmsImaqClqippippgpYUoYZ5wpbUqbMqaMKWvKmnKmnKlgKpiKpqKpbCqb28xt5nZzu7nD3GHuNHeamqamqW1qmzqmjqlr6pp6pp6pb+qbBqaBaWgamkamkWlsGpsmpolpapqaZqaZaWFamFamlWltWps2po1pZ9qZ9qa96WA6mI6mo+lkOpnOprPpYrqYrqar6Wa6me6mu+lpeppeppfpbXqbeBNv+pl+pr/pbwaagWawGWyGmCEXLn082gw3w80IM8KMNCPNKDPajMk4UTVvmnFmvJlgJppEk2gmm8lmiplippqpZrqZbpJMkpllZplkk2zmmDlmrplr5pl5ZoFZYFJMillkFplUk2qWmCUmzaSZZWaZWWFWmFVmlVlj1ph1Zp3ZABvMJrPJbDFbzDazzewwO8xOs9PsMrvMbrPb7DV7zT6zz+w3+80Bc8AcNAdNukk3h8whc9gcNkfMEXPUHDXHzDFzwpwwJ81Jc8qcMmfMGXPO5Lt0vPQmxuawOe1VNpe92ua219i/j/PbAjbOFrSFrLZ5bb5fxcZaW8wWtyVsSetsKVva3vSbuKKtZCvbKvY2W9Xebqv9Jq5j77Z17T22nr3X1rZ3/Squb++zDezDtiEigG1uG9uWtol92Da1j9hmtrltYVva9vYJ28E+aTvap2wn+/Rv4kV2sV1j19p1dr3dbffYM/asPWy/sefsj7a37WMH25fsEPuyHWpfsQl22G/iMfYNO9a+acfZ8XaCnfibeLqdYZPsTDvLvmOT7ezfxCn2fTvXptp5dr5dYBf+HGfUlGo/sEvshzbNBrDMLrcr7Eq7yq7+/7UutxvtJrvZ7rKf2G12u91hP7I7M0+E7R67135q99nP7CH7tT1gv7AH7RGbbr/6Oc7YvyP2W3vUfmeP2eP2hP3enrQ/qMzsjH3/3v5kL1hvgZCAJCkKKBtlpxjKQTnpKspFV1NuuoYidC3F0nWUh66nvJSP8lMBiqOCVIg0GbJEFFJhKkJRuoEyyytBJclRKSpNN1EZupnK0i1UjspTBbqVKlIlqkxV6DaqSrdTNbqDqtOdVINqUi2qTXdRHbqb6tI9VI/upfp0HzWg+6khPUCN6EFqTA9RE3qYmtIj1IyaUwtqSa3oUWpNj1Ebakvt6HFqT09QB3qSOtJT1Imeps70N+pCz1BXepa60XPUnXpQT3qeetEL1Jv6UDz1pX70IvWnATSQBtFgeomG0Ms0lF6hBBpGw+lVGkGv0Uh6nUbRaBpDb9BYepPG0XiaQBMpkSbRZHqLptDbNJWm0XSaQUk0k2bRO5RMs2kOvUtz6T2aR/NpAS2kFHqfFtFiSqUPaAl9SGm0lJbRclpBK2kVraY1tJbW0XraQBtpE22mLbSVttF22kEf0U76mHbRJ7Sb9tBe+pT20We0nz6nA/QFHaQvKZ2+okP0NR2mb+gIfev70Hd0jI7TCfqeTtIPdIpO0xk6S+foRzpPP9EF8gQhhiKUoQqDMFuYPYwJc4Q5w6vCXOHVYe7wmjASXhvGhteFecLrw7xhvjB/WCCMCwuGhUIdmtCGFIZh4bBIGA1vCIuGN4bFwuJhibBk6MJSYenwprBMeHNYNrwlLBeWDyuEt4YVw0rhw/dWCW8Lq4a3h9XCO8Lq4Z1hjbBmWCusHd4V1gnvDuuG94T1wnvDsuF9YYPw/rBh+EDYKHwwbBw+FDYJHw6bho+EzcLmYYuwZdgqfDRsHT4Wtgnbhu3Cq8L24RNhh/DJsGP4VNgpfPrn+fsWZ84//pv5+LBv2C98MXwx9P4euSC6MJoSfT+6KLo4mhr9ILok+mE0Lbo0uiy6PLoiujK6Kro6uia6Nrouuj66Iboxuim6Oep97ezg0AknnXKBy+ayuxiXw+V0V7lc7mqX213jIu5aF+uuc3nc9S6vy+fyuwIuzhV0hZx2xllHLnSFXREXdTe4ou5GV8wVdyVcSedcKVfatXStXCvX2j3m2ri2rp173D3unnBPuCfdk+4p18k97Tq7v7ku7hnX1T3rnnXPue6uh+vpnne93KTcF1+T8a6f6+f6u/5uoBuYcQxzQ9wQN9QNdQkuwQ13w90IN8KNdCPdKDfKjXFj3Fg31o1z49wEN8ElukQ32U12U9wUN9VNddPddJfkktwsN8slu2RXdfbFrcxz89wCt8CluBS3yGWcM6a6JW6JS3Npbplb5la4FW6VW+XWuDVunVvnNrgNbpPb5La4LW6b2+Z2uB1up9vpdrldbre/5uKibp/b7/a7A+6AO+i+dOnuK3fIfe0Ou2/cEfetO+q+c8fccXfCfe9Ouh/cKXfanXFn3Tn3ozvvfnIXnHeJkUmRyZG3IlMib0emRqZFpkdmRJIiMyOzIu9EkiOzI3Mi70bmRt6LzIvMjyyILIykRN6PLIosjqRGPogsiXwYSYssjSyLLI+siKyMeF9wW+gL+yI+6m/wRf2Nvpgv7kv4kt75Ur60v8mXuVh3mvflfQV/q6/oK/nK/hHfzDf3LXxL38o/6lv7x3wb39a384/79v4J38E/6Tv6p3wn/7Tv7P/mu/hnfFf/rO/mn/PdfQ/f0z/ve/kXfG/fx8f7vr6ff9H39wP8QD/ID/Yv+SH+ZT/Uv+IT/DA/3L/qR/jX/Ej/uh/lR/sx2d7wYzMvkWGiT/ST/GT/lp/i3/ZT/TQ/3c/wSX6mn+Xf8cl+tp/j3/Vz/Xt+np/vF/iFPsW/7xf5xT7Vf+CX+A99ml+aedPYr/Kr/Rq/1q/z6/0Gv9Fv8pv9Fr/Vb/Pb/Q7/kd/pP/a7fP87sfwev9d/6vf5z/x+/7k/4L/wB/2XPt1/5Q/5r/1h/40/4r/1R/13/pg/7k/47/1J/4M/5U/7M/6sP+d/9Of9T/4C/581xhhjjLF/yqTLQ/HrmYu38/v+To74xZP7AcDV2wuk/3I+44xyQ96L4wEiLibj61N9uj2Y+ahRIz4+/tJz0yQEReYDZP4mKMPPHz24FC+FdvAEdIS2UOZ36x8gepyjP1g/Wh4g5y9yMgrKjC+v/zkAxv/O+o8+PmZRhfBM7H+x/nyAYkUu5+SAy/FSaPfz/ZW2UPYf1J+v9R/Un+OLRIA2v8jJBZfjy/WXhsfgaej4q2cyxhhjjDHGGGMXDRCVu2Ref2Z+4vP3rs/j1OWc7HA5/qPrc8YYY4wxxhhjjF15z/To+eSjHTu27fLfH1T7H2X904Om8O9amQe/O/AeIPM7CgD+xQUBMgbyr9yLrX/JthIuvXT+fmrFWR/A/45W/hmDK/zGxBhjjDHGGPvTXT7p//X31ZUqiDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYy4L+ij8ndqX3kTHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGLvS/l8AAAD//w39+qA=") fchownat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0xffffffffffffffff, 0x100) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)=ANY=[]) 15.495814613s ago: executing program 1 (id=746): bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f0000000500)=""/148}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) 13.234713507s ago: executing program 1 (id=759): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = epoll_create1(0x80000) r2 = fcntl$dupfd(r0, 0x406, r1) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000040)={0xa0000001}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000001c0)={0x20000014}) epoll_pwait2(r1, &(0x7f0000000000)=[{}, {}], 0x2, 0x0, 0x0, 0x0) 12.719249923s ago: executing program 33 (id=759): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = epoll_create1(0x80000) r2 = fcntl$dupfd(r0, 0x406, r1) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000040)={0xa0000001}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000001c0)={0x20000014}) epoll_pwait2(r1, &(0x7f0000000000)=[{}, {}], 0x2, 0x0, 0x0, 0x0) 4.036904847s ago: executing program 4 (id=731): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000000)="77690addcfbe1fbb66ec", 0xfd9c}], 0x1, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg$unix(r2, &(0x7f0000001fc0)=[{{0x0, 0x0, &(0x7f0000001280)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1}}], 0x1, 0x100, 0x0) splice(r2, 0x0, r1, 0x0, 0x10000008ebc, 0x0) splice(r0, 0x0, r3, 0x0, 0x80000025a5, 0x0) 3.713587988s ago: executing program 4 (id=793): r0 = socket$kcm(0x11, 0x2, 0x0) close(r0) r1 = socket$kcm(0x11, 0x2, 0x0) r2 = socket$kcm(0x11, 0x200000000000002, 0x300) setsockopt$sock_attach_bpf(r2, 0x107, 0x12, &(0x7f00000000c0)=r1, 0x8) setsockopt$sock_attach_bpf(r1, 0x107, 0x12, &(0x7f00000000c0)=r0, 0x4) 3.446429186s ago: executing program 4 (id=795): mkdir(&(0x7f0000000040)='./file0\x00', 0x110) mkdir(&(0x7f0000000300)='./bus\x00', 0x68) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000240)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101142, 0xeaff) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f00000000c0)={{r0}, 0x200000000000300, 0x4, 0x100000}) 3.151346196s ago: executing program 4 (id=797): syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x8, &(0x7f0000005a40)=ANY=[@ANYBLOB='nodiscard,nocheckpoint_merge,alloc_mode=default,active_logs=6,background_gc=on,fault_injection=00000000000000000016,discard,noacl,noinline_dentry,alloc_mode=default,noextent_cache,active_logs=2,fault_type=00000000000000003444,smackfsdef=fault_injection,audit,fsuuid=f362c\x0047-7ce8-eaab-0ae6-21\x0015a33,uid<', @ANYRESDEC=0x0, @ANYBLOB="2c7375626a5f726f6c653d5e617461647630002c6f626a5f747970653d6e6f643be1d2491fb1d1f0696e6c696e655f64656e7472792c7063723d3030303030307f003030303030303030303032392c00"], 0x1, 0x5505, &(0x7f0000000340)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000700)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) lseek(r0, 0xab07, 0x1) getdents64(r0, 0x0, 0x0) 2.614171064s ago: executing program 5 (id=760): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000040c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000700)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x24000850}, 0x40) close_range(r0, 0xffffffffffffffff, 0x0) 2.456037909s ago: executing program 3 (id=801): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da", 0x33}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001500)=""/4096, 0x1000}], 0x1}, 0x40002103) 2.395032571s ago: executing program 5 (id=802): syz_mount_image$udf(&(0x7f0000000100), &(0x7f0000000f00)='./file0\x00', 0x810000, &(0x7f0000000140)=ANY=[], 0xfe, 0xc32, &(0x7f0000000fc0)="$eJzs3UFsHNd9B+D/Gy3Fld1UTJyodhu3m7ZIZcVyZUkxFatwVzXNNoAsE6GYWwCuyJW6MEUSJNXIRtowvfTQQ4Ci6CEnAq1RIEUDoymCHtnWBZKLD0VOPREtbARFD2wRIKeAxcy+FZeUZNGmSFHW99nUb3f2vZn33tAztMA3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiN975cKp59ODbgUAsJ8ujX/l1Gn3fwB4pFyu/v/fDwAAAAAAAAAAAAAAAHCApSjiiUgxf2k9TVbvu+oXO7M3bk6MjN652pFU1TxUlS+/6s+fPnP2iy8Mn+vlB9e/356K18YvX2i8PHd9fqG9uNiebkzMdqbmpts73sNu6293ohqAxvXXb0xfvbrYOP3cmS0f3xx6f/DxY0Pnh585+XSv7MTI6Oh4X5nawEc++m3uNsHjcBRxMlI8+72fpFZEFLH7sbjH985eO1J14kTViYmR0aojM53W7FL54VhvIIqIRl+lZm+M9uFc7EozYrlsftngE2X3xudbC60rM+3GWGthqbPUmZsdS93Wlv1pRBHnUsRKRKwN3r67gSiiFim+c3Q9XYmIQ71x+EI1Mfju7Sj2sI87ULazMRCxUjwE5+wAG4wiXo0UP32niKlyzPJXfD7i1TJ/EPFWmS9FVLPEzka8d4fvIx5OtSjiz8vzf349TUfExtHu9tHGxa82vjx7da6vbO+68tDfH/bTAb821aOIVnXFX08f/YcdAAAAAAAAAAAAAAAAAO63I1HEU5HilX//o2pecVTz0o+eH/79oU/0zxl/8h77Kcs+FxHLxc7m5B7OU4jH0lhKD3gu8aOsHkX8cZ7/960H3RgAAAAAAAAAAAAAAAAAAIBHWhE/jhQvvns8rUT/muKd2WuNy60rM91VYXtr//bWTN/Y2NhopG42c07mXM65knM151rOKHL9nM2ckzmXc67kXM25ljMO5fo5mzkncy7nXMm5mnMtZ9Ry/ZzNnJM5l3Ou5FzNuZYzDsjavQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHydFFPHzSPHtr6+nSBHRjJiMbq4O9soAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/SYCri+5Gi8QfNW9tqEZGqf7uOl3+cjebhMj8VzeEyX4rmhZytKmvNb93zaGlP+sBHN5CK+FGkGKy/fevs5PM/0H23ec7e+sbmu1+udfNQ78Oh9wcfP3b0/PDorz55t9dV3YFtDThxsTN742ZjYmR0dLxvcy2X+1TftqF83CK//8T9GYJH2uIbb77emplpL3jxaLyodV/U4oC0Z79e5OtVHJT2bH/RPBjN2HzxgC9M7Ivy/v9epPjtd//j1q053/9/ofvu1h0+fvYnm/f/F7fvaKf3/+3ucf9/om/bi/mnkYFaRH3p+vzAsYj64htvnuxcb11rX2vPnj116kvDw186c2rgcET9amem3fdq10MFAAAAAAAAAAAAAAAAsL9SEb8bKVo/Wk+NiLhZzdcaOj/8zMmnD8Whar7Vlnlbr41fvtB4ee76/EJ7cbE93ZiY7UzNTbd3erh6Nd1rYmR0TzpzT0f2uP1H6i/Pzb+x0Ln2h0t3/Pyx+oUri0sLrak7fxxHooho9m85UTV4YmS0avRMpzVbVR27T49SGEhF/GekmDrbSJ/L2/L8v+0z/LfM/1/evqM9mv/3yb5t5TFTKuJnkeK3/uLJ+FzVzsfitjHL5f4mUpw499lcLg6X5Xpt6D5XoDszsCz7v5HiH36+tWxvPuQTm2Wf3/HAPiTK8380Unz/z74bv563bX3+w53P/2Pbd7RH5//Tfdse2/K8gl13nXz+T0aKl554O34jb/ug538UsbGx8c2I47nwredz7NH5/0zftqHoHvc371/3AQAAAAAAAAAAHloDqYi/jRRPj9bSC3nbTn7/b3r7jvbo979+qW/b9D6tV7TrQQUAAACAA2IgFfHjSHFt6e1bc6i3zv/um//5O5trr4+kbZ9Wf8/3i9VzA+7n3//1G8rHndx9twEAAAAAAAAAAAAAAAAAAOBASamIF/J66pP3WE99NVK88t/P5nLpWFmutw78UPVn/dLc7MkLMzNzU62l1pWZdmN8vjXVLut+OlKs//Vnc92iWl+9t958d433+kZvLfaFSDH6d72y3bXYe2uTd9cD767FXpb9ZKT4r7/fWra3jvVnNsueLsv+VaT42j/dueyxzbJnyrLfjRQ//FqjV/axsmzv+ajdZ5LWazHTfm5qbua2R6ECAAAAAAAAAAAAAAAAAADAhzWQivjTSPE/11diOU/7z+v/91bgr/XKvvWNvvX+t7lZrfM/VK3/f7fXH2X9/6H71lMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHh4pCjizUgxf2k9rQ6W77vqFzuzN25OjIzeudqRVNU8VJUvv+rPnz5z9osvDJ/r5QfXv9+eitfGL19ovDx3fX6hvbjYnm5MzHam5qbbO97DbutvDl3XiWoAGtdfvzF99epi4/RzZ7Z8fHPo/cHHjw2dH37m5NO9shMjo6PjfWVqAx/i6B+qcZsORxF/GSme/d5P0j8PRhSx+7G4x/fOXjtSdeJE1YmJkdGqIzOd1uxS+eFYbyCKiEZfpWZvjPbhXOxKM2K5bH7Z4BNl98bnWwutKzPtxlhrYamz1JmbHUvd1pb9aUQR51LESkSsDd6+u4Eo4vVI8Z2j6+lfBiMO9cbhC5fGv3Lq9N3bUexhH3egbGdjIGKl2Dxn9YN6zg6wwSjiHyPFT985Hv86GFGL7ld8PuLVMn8Q8VaZL0WkFLHxzYj37vB9xMOpFkX8X3n+z6+ndwbL60HvunLxq40vz16d6yvbu67s6P7wa3c/5gO/P+ynA34/qUcRP6yu+Ovp3/x3DQAAAAAAAAAAAAAAAHCAFPErkeLFd4+nan7wrTnFndlrjcutKzPdaX29uX+9OdMbGxsbjdTNZs7JnMs5V3Ku5lzLGUWun7OZczLncs6VnKs513LGoVw/ZzPnZM7lnCs5V3Ou5Yxarp+zmXMy53LOlZyrOddyxgGZuwcAAAAAAAAAAAAAAAAAAHy8FNU/Kb799fW0MdhdX3oyurlqPdCPvf8PAAD//+3T/oE=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0xc0086c43, &(0x7f0000000080)=0x6ff) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3801008, 0x0, 0x1, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x10000, 0xffffffffffffffff, 0x0, 0x0, 0x0) rename(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='./bus\x00') 2.282252905s ago: executing program 0 (id=803): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x2, 0x0, 0x25dfdbfb, {{@in6=@private0, @in=@empty, 0x0, 0x4, 0x1, 0x0, 0xa, 0x60, 0x80, 0x3b, 0x0, 0xee01}, {0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0xfffffffffffffffe, 0x4}, 0x9, 0x0, 0x0, 0x1, 0x2}}, 0xb8}}, 0x50) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000040)=ANY=[@ANYRESDEC=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x71, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}}, 0x0) 2.031401763s ago: executing program 0 (id=804): prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r0, &(0x7f0000000a40)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$NFT_BATCH(r0, &(0x7f0000005cc0)={0x0, 0x0, &(0x7f0000005c80)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001800010000000000000000000100000a140000000b0a0102"], 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x800) 1.933639216s ago: executing program 5 (id=805): r0 = syz_usb_connect$uac3(0x0, 0xa0, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x40, 0x1235, 0x10, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8e, 0x3, 0x1, 0x0, 0x20, 0x40, {0x8, 0xb, 0x2, 0x1, 0x1, 0x21, 0x30, 0xc6}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x30, 0x0, {{0xa, 0x24, 0x1, 0x4, 0x2a, 0xfff}, [@output_terminal={0x13, 0x24, 0x3, 0x5, 0x100, 0x2, 0x6, 0x2, 0x8002, 0x7, 0x10, 0x2}, @processing_unit={0xd, 0x24, 0x9, 0x2, 0x2, [0x0, 0x1]}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x6, 0xd, 0xb, {0xa, 0x25, 0x25, 0x401, 0xe, 0x8}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x3df, 0x2, 0xff, 0x0, {0xa, 0x25, 0x25, 0x5, 0x7, 0x8}}}}}}}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac3(r0, 0x0, &(0x7f00000005c0)={0x44, &(0x7f0000000240)={0x20, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000b40)={0x8a, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000a80)={0x84, &(0x7f0000000500)={0x0, 0x19}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac3(r0, 0x0, 0x0) 1.80643502s ago: executing program 0 (id=806): bind$inet(0xffffffffffffffff, 0x0, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, 0x94) syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaa280180c200000086dd60080008000844160000000000000000000000000000000100000000000000000000000000000001"], 0x0) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x26}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0xfffffffffffffd2e, &(0x7f0000000000)='e', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x48) 1.50606326s ago: executing program 3 (id=807): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000008c0)='./file1\x00', 0x1008490, &(0x7f0000000040), 0x4, 0x4eb, &(0x7f0000001500)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x10507e, 0xa6) fallocate(r0, 0x0, 0x0, 0x1000f4) io_setup(0x7d, &(0x7f0000000600)=0x0) io_submit(r2, 0xfdef, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000)="96", 0x1, 0x0, 0x0, 0x0, r1}]) 1.274362548s ago: executing program 4 (id=808): keyctl$KEYCTL_WATCH_KEY(0x6, 0x0, 0xffffffffffffffff, 0xfffffffdffffffff) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r0, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) ppoll(&(0x7f00000000c0)=[{r0, 0x60}], 0x1, 0x0, 0x0, 0x0) 1.149830152s ago: executing program 0 (id=809): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000200)={0x15, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f00000002c0)={0xc, r1}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x6, r1, 0x0, &(0x7f0000ffe000/0x2000)=nil, 0x2000}) ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x1) ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r0, 0x3b72, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000ff"]) 999.172997ms ago: executing program 0 (id=810): r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a3b370086d04ae08581101020301090212000d000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_disconnect(r0) 886.26323ms ago: executing program 3 (id=811): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50", 0x4b}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000002c0)=""/87, 0x57}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) 584.05253ms ago: executing program 3 (id=812): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[0x0], &(0x7f0000000180)=[0x0], 0x0, 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000280)=[r1, r2], 0x2, 0x0, 0x0, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x0, 0x0, 0x0, 0x102, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb=0x1}, 0x94) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000580)={&(0x7f0000000480)=[0x0, 0x0, 0x0], 0x0, 0x0, 0x0, 0x3}) ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f00000005c0)={0x0, 0x0, r1, r4, 0xf8, 0x8, 0x7ff, 0x3, {0x8, 0x8, 0x0, 0x5, 0x0, 0x2, 0x1, 0x1, 0x0, 0xffff, 0x8, 0x7c0, 0xffffffff, 0x77, "ba9a42184edc4097e01b52f22e2cbb318719fb31f6699332292cc81f89f07580"}}) 484.764834ms ago: executing program 3 (id=813): bpf$MAP_CREATE(0x0, 0x0, 0x48) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000001c0)={{{@in, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0xfffd, 0x808, 0xf7ff, 0x3, 0xa, 0x50, 0x60, 0x3c}, {0x0, 0x0, 0x0, 0x3}, {0x0, 0xfffffffffffffffe, 0x101}, 0x0, 0x0, 0x1}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x2, 0x0}, 0x0, 0x6c}, 0x2, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x4}}, 0xe8) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x42001) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000780)={0xfffffffe, 0x0, 0x0, 'queue0\x00', 0x48}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f0000000100)={0x80, 0x1, 'client1\x00', 0xffffffff80000004, "00000000ffffffe3", "71a19060009f0000000000005c4100a0200010040400", 0x800000, 0x40}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) 6.029829ms ago: executing program 0 (id=814): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x899, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1c, 0x3, &(0x7f0000000000)=@framed={{0xdb, 0xa, 0xa, 0xfe00, 0xa0, 0x71, 0x10, 0x1d}}, 0x0, 0xb, 0x0, 0x0, 0x0, 0x6f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) setsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, &(0x7f0000000040)=0x8, 0x4) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 0s ago: executing program 3 (id=815): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x7, 0x7}}]}}]}, 0x48}}, 0x20000000) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003a00)=@newtfilter={0x273c, 0x2c, 0xd27, 0x70bd2d, 0x2, {0x0, 0x0, 0x0, r2, {0x0, 0x10}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x270c, 0x2, [@TCA_FLOW_BASECLASS={0x8, 0x3, {0xffe0, 0x10}}, @TCA_FLOW_EMATCHES={0x2700, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x3}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xbcd6}}, @TCA_EMATCH_TREE_LIST={0x1b8, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x8, 0x7, 0x7}, {{0x3, 0x1}, {0x2, 0x0, 0x1}}}}, @TCF_EM_IPT={0x178, 0x3, 0x0, 0x0, {{0x2, 0x9, 0x4}, [@TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x6}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x8}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x4}, @TCA_EM_IPT_MATCH_DATA={0xc7, 0x5, "89f720f3e2479b35693cb7eeea693f57e069baa3c575fb12d5d53d99ec3d3a328bba3468e45818fcf42f1060cab2e7e56476b4a457c410f2c509b8f824f9348089c33f1c29cf259346e5ab7b564a3c45662f474fe055d87ce34baed4411da0759f6a813eea19631b3f4c328ada4668321957fa22c79374d6a73ecda62aae9c550887d8556859d881d71666ee037585627375d6ae511c1634b5537309069f8850c6aaf55207e9a2db6924827b65136f46bbb8d39e450e4c9ed13240bc2390580e3042d5"}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x5}, @TCA_EM_IPT_MATCH_DATA={0x83, 0x5, "43d2e34b0f23c47f7eaa2acbb39932a0349d9fec9245a3c983afc71cbacd837fc515414a9da680cf0b6ee24b45141f20a1b4e7f620e2c1501529462734446fde835d29f653a089efc1a1df3d82777c4a29059229e151457fc2afa5d24247965ef2123f9f3c3a1db353d0c5c590ea5d048196955a06de7dbfcdbb25705cdc4f"}]}}, @TCF_EM_NBYTE={0x14, 0x3, 0x0, 0x0, {{0x7, 0x2, 0x48}, {0x8, 0x1, 0x0, "93"}}}, @TCF_EM_NBYTE={0x14, 0x3, 0x0, 0x0, {{0x5, 0x2, 0x3}, {0x4, 0x3, 0xca12872cf35cb80, "98a56e"}}}]}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x0, 0x2, 0x0, 0x0, {{0x7, 0x8, 0x2}, {0x2, 0x5, 0x3}}}, @TCF_EM_IPT={0x1c, 0x2, 0x0, 0x0, {{0x2, 0x9, 0x100}, [@TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x5}, @TCA_EM_IPT_HOOK={0x8}]}}]}, @TCA_EMATCH_TREE_LIST={0x1174, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x4, 0x8, 0x8001}, {0x2, 0x1, 0x4}}}, @TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x8, 0x8, 0x1}, {0x4}}}, @TCF_EM_U32={0x1c, 0x2, 0x0, 0x0, {{0xffff, 0x3, 0x4769}, {0x8, 0x7, 0x200, 0x2}}}, @TCF_EM_CONTAINER={0xa4, 0x2, 0x0, 0x0, {{0x8001, 0x0, 0x3}, "a91d046603061d0999bb16f5b1768b69b87b0e65346fdd34baccc3cc65014e22f23887a66c9ee887fce7bbc4482065471ad64a87e1cb0b425d7689bb58d9bf550a97e0453113f32cdd619e4a1f2ac2de4d25786eaa78b78a2b3a7269afc1b30f89a2c3f87c893e52eab08a8694f2ddb4a2ccc174930a39e9d2e74f093935cbf72f01117319ce55cafe2f453ceb3fb3a2d74a2ce06505a8bc"}}, @TCF_EM_NBYTE={0x0, 0x2, 0x0, 0x0, {{0x0, 0x2, 0xfff}, {0x3ff}}}, @TCF_EM_CANID={0x14, 0x3, 0x0, 0x0, {{0xf, 0x7, 0x81}, {{0x0, 0x0, 0x1, 0x1}, {0x2, 0x1, 0x0, 0x1}}}}, @TCF_EM_CANID={0x14, 0x2, 0x0, 0x0, {{0x1, 0x7, 0xffff}, {{0x4, 0x0, 0x0, 0x1}, {0x3, 0x0, 0x1}}}}, @TCF_EM_CONTAINER={0x100c, 0x3, 0x0, 0x0, {{0x1b, 0x0, 0x6}, "706e1d7d0b143c730f587035eddca8a3c0208164c6ef33d7e8bc95002cc28cb005b5e831e31f244b7b3e0c0f07bf462931297907c9c2d9f58ed8c5237c99e8849ca3500c978814e1e156c12d275972bc3ccb502401706ccc5086dd6581553ff93bdd42bb2e02033aa2c1d645012f0cb1a78ce51bc5cf9029a9af5ad2e4cb695914ac274fbd410a1dd42ff7f59f731ce12de3def4f40419bf423e659ce25b7a040c599742f9f641b37cd4074e2d3b019e1969134782d3f02052d3e0e7ae7eaf11b54fb05d5d37455c726fcd065e03c4c9b3802b71f179e5571d20412ffff2f92486fce7d61fbd6504a130b76e2dc66968be8044f3c9d46907c82c0797676af32322db0e3810e05aaba7798f56f3436825849c4b7e1b56336735eea695ad5b86215a4b4bbbd62f9ff48bf84637c4243e15ef57a099bb69b317292fe0d8d17c5351631afb6156d2fb0ec08507c735efb3b6d966a27f51d4745395832d0b5908be7864f9da767c89c05364e580345bb812c3290735016d258ddf9619232714375d0ebfb697aa035596813d9b0db269f6e8bc4e1d24659a8bea0bd4bf904e7df23f0a94d4a268ad4217a168791b732e5308ce2e403dabbfdfa9788e5bfae2daa7ebe9ac4e13a14a0a0118d1dec1a431c7dd5704c2dfd0b88bca0a4ee7a61611f6ae6a9954398c49c23c1b4e6e9f3bf5acfdae626e9f83ef289eea269207909dd54f9657bc318702badd2106b1d04c6405925edff0be4beb1b132fcf90d42c17b6dadfb83a77cfb3fde8eaf0eadf335a62044e4d64a63bbad982adbac09f65348dfb385dfb65b0baa2cc9804e94cc2eb2a93eb0124a2206228ba2094809806fe48802325f6e3ad938e4784ac05b91ae802ac7f98e55ea166af60a90ff9e6adf7e7691779113919209271091da3292be65b608e3739be606cdc4a245902bf8a4c517b84609e2abceeae6ccc6195ecb8a7efae7cd5e4f9a3d91a0e682746df9cc96d4c44ac70fb6baec31a4b3964a0fc12e75993759169d871db34abc72bb1a5709a20f1032c129c12c3a99f3a45dc45892dd7dc4d78482d9162817e59b30b81966fb00a07fab1987a30dc1bbe2ee035cc9e7468ff6a03b35af3da2ff5e7997fcb141748ad8f4d1c833178869f9c973330db7f8e60e4ab69489855050a311adf2553868a4b343bc6f820de24dd712fcd2b9df5b9b9a1ee2f8423aa94c40c81b42cde4db6c70f5cb200bcd3619a24d68b4a676d05c07175ff04c7f57d72539b67766e2306cae3a134d006a4eca15531aad235fc586e19aaf583d4aa9a38fe7cfba739acc3a8339a143368eb0baa61caf47aff0854eb021e7b90620102508ea146c066671375b05b752c996d724ea87b3a55db31754be17269913ca2b1655d8bb4336ff518490c3b6d2d075c7146d5dd1a9c58576f0e2791ac28fdce7d5fca935a38c9386cb1f0e0f56fa803eaf8742739d49f3edf4b45a5707824a96a76b911bbdcb88720b7130b4ebe5c0bac0eb78cca46a86b1c0a8c6005a74e3bc66e45b2a829de4619e29970f42b84b3a374a96d0f8b2302e9f9eab82bef960a05b6e502cca37a344c76eb28f1e96145b1459558e5babf3c2da6855b48ce14eca2f26e51ee422447253f374028fdecb2e6685286f6ca7bbd706b711e5c0e53b35eac41bb6637cd6e5953d4ca64974f6daf8485c067253b25ade84a53fd3ded897f8b4267c93cfb232d4bcfb0b20ad8e6ae0709a98a486de500f8d351c2258d427d6c34557222bef2aa8785fa92fb0245c0548f88720f94fe2d51076da84a782bb67406602a6c17ddb80e39e47f5a95c930134c823b49e7450d51aa93b9107e112b31d811f0a721e3ea4f46b15434926fe3cf16b624a2354bfdb121ec7c29f307d3d7bf5dfc6567996e481c2972c850ed760b4a8b3cd600ba94912bc60156ac030d577f2a037f3c2d09e3ab82335bcbb2c934971acf6b17e333b77a9f83e4c4903b98de1423f9d107e9bcf4a1de79469b8b3f89a181c9c1b2a709eaa189c152f2bc178231ab49500608a5a738167ced7791d0db0ee7032d8727fb41034e8842e331bb053aed4573f1ecbd44fd54b9104f24a462ceb130aa00e49fc1ceb47a00555901a3711ff96b73b0e39a0822c8ca79e4d39dde28a81e1661c4327a7e67a69d7ebed08a2facbb57a760ec1ca1113583d6173efada29756cc8ba2cb574e25b9719bfb49243a1b1fabbbead20c0537df160d3ac1266ccd8972fccc2b04391d644d5405bcbea93984e950aed8e1a8485644ea9b5daf955bdd7a896dac8526f97ce4c409fa4c3050e6d6b84722136aa5a97fc827eb8ffa3bd1b784e891bfa57053628824552f787f3379a47c2c85ee0f0709ef224a95bcb65ee11761dfa492cb50c09d1f132ca6010db94407adfcc0e75f566668492bdce4b3afff25dd227ad86f32e77d2a8b1623879fd122433edb0cdf329c713ebf4ac81a09872198dcb69a6b34192f55010d578d03f1cdfeacca02ce6beab88993b9ab6dcdf2101f617767c2926258e0316f5167869368f9612cdd45521037f37af6bd2693ff2b3e9598e9ab50e197f0737d54da3b7976bdfbf4cc80a9e22683fdbb086b1f38f106f464e95fa5d94291f3424bf831eb4c754ac45d6979864c8cddb7e91c5a09d7895d892b03bd85409df47113275e5e17a5922e739c7e199c3daeeaa4b1cbe16182c31b4bc85c8d4936f602186a76bbf00de508dc6e8063f3969f52dd2f0e8bb333ff251e7c3485e4f210fc364d4362da090c3991a2b18545c2d08cb1aa46cc0077c367912824ce5918811fafc551eaa75902ef35f4f27c692a214c8456c3177b1a817b241088b08db36e5c5b36b5d8d13f807110432f2cb34771ad28820da2abd68ac1e92e9fe41dd33e28ca0bf818659187205ee0df902337507437d3d74ab3ade1e54b00610263e6c7c235cbe2784ef08a36adebe5a71e83038e1d5314279661f5abfa2210c42948838472436958d98323710c77acefb7351c7533b2048502f45bc52e3545668eef77a97d638268db919a70e158653174fe309bd7dfb301296ef3b7e7e5287962b077ca0a506da6b36d880aea51c5875e7f93b38b8b6742e70436f26d19c28610b23fd8e7c68fbd64a4dc477b5366dfd394976cd9a0c6b10f5f2005a67676cb7f81f3317388628dfe13d2690100e04ca9e912bcf1675a4a7c66fe7332a88d26d19892907ffdfb3f3400f880823e0fbb0b136014ab3c4e27a875c25bd1e0e03e4feffd72aad1d60540a89772113f85083d39a022ec6a0b2df5981c6f9f81d84ccabe5d83fbd7b5098df278eeb47d9cd23123219fec3f5314011bb714a1e1f514fc1f806b0b1154d226332bf86a661cd94dbcf22ee2304589684afa9b43aee9f5cff8947decca557d7e7411290a80458d5a09e624c01152ad97613a741c3249fd21e86b8576035929bf1563c04881d75efd507b802519895eada7d2715a903b082941c1efabcd76b3b821c8946be6900f02ee6a28f541c05736b23df74b38e8b76dc805aa9427feee66a18d9392248002f92e7ca7e34f79c410c12f2e315d8e3983afeb2b2778235a48616fdae1b30c80bd60eb7fcf8e89be633326070cc6b3f4ad1c1fa661eeaf2830b4af63fe836625f1207cbf2cf1add68d0400289a460dee20be595ff84e44b276f877426481fe3176fbfae1daceef30140f6dad0f4d3e1a85af7f8cc6a2082443819cd757c10eb86c7dccb8ed08b400b8b0f505270a4a2aac7be5bc3aea58bb2aff7b497c134f1d3d207cdc51c405091b60695c396b82b96421dc1bf0b289a1ae11a7e86001e95870357688e88a3aef9ba4b16df26945f09770d4edc39e7262e1d128eef9077fe24d35c6f591b05289a803f6f6c9a14d2efe8a97e78c77aa9be8c1331f5fa07a5da59e63dd8a4739185d5a696588ba9df2c360e8770850e62d31a8cc197ff6e4dca9175376b69ebb0a5e7f53dce4a4491d32fd49d3464f3bee534f7aa16a639687894478e94738afbe8750ba55ea755ed5b7f451e0478f8fabea6f7d01397a92b7c7337b5ab75288c129757bb9eae1b8cfca198c7adfd5fe23311c9fffdb0ef8393df5b42ac914c9b0aa15dd6eb8380f4e9859e0778ac31e04a940231644bc0277645caed22646084e43375f0adb446019cb9aa478a406cd92fb845f2dd9d64dc3dc85b1c85b53c69acd552649ca5526d578009081aa3d6c5122b7ad2bc40f4283ad89afc71e0917dabddc7c6c8dd2fd4fead1b3a3bfe72dd10dc93cf1770f3ea738d4bf57f8ef25420d23454f51999d9c461123d9e0d370e83db12aa1f750099b433ee10d9091bf93d5041a26b9bb0f0e2e6af70f442d42633c2713bfc384b34c0bad263f15069672a08136b5ea431af45f9eff1d013617065004f44c8a7a8847f424ac453fb143906d198dae5ec7b41657b25ea2c2daacd12299406d7ce7627630b5894c096984616657239cb68ef3a5454d9c1609684d0a755989dbf21e6e007f05190d793899ab18a978bd6c429a2335bdbca7106b088f46ca79c39cd985d705c67c8f378336e1a269315e6b07f0c3635c12886a53880a1c5a2c8e1ad91d835344b98d9a6e4e250227ccd4360e29ef0f8345eaa176b442da2925e88fdcf03a7057ae0567b4f039316725666d09b8a2c904f0b00a7290d363a51ba5513af21dd1ccaa1c642bc30c9cff1f1d1b3d50a11c181cb4ac02f491750de3032e29ad4c33e56098bf96b6fa77231ddd6100b3a1d69384a2b6bfa28f33d3a0966654a0c092b37c89544a4e6460c96a7cf7286d4bb8dcaba49625ee753929230d9533945d3dab2915317dd50b5076762501b5f495637a88cf9b4557e7a0e1088e005d168cf9ce36d34ea916c45b2fbf644140f415f4c0f5509cf8d4740a85bab2380efa6166a11863f9a92c21f4b27464a545a94ff092314c5525b667fe32690c6d53312ec92776dbad3414322ff9b8e4c61a27a5ed43bc4440b862e765354e119048859e4bbe556c30a9b5077a3934013cffe6bbc524c0520c3557fbcd8084ff3caacd95388add4c03c10d5e2899fed60a78106a2e624e4459c07ce5c44a1ae32c5dc10e3acbdf3acdb3edb27de17a60e62b79882df799107fed67b4b3a42494dcafb7ec8685eb8d91dbf1bfb28922f22003f0f6e1c68d5d5cc5328c258b7b51dd00c3a07aa9ea4c3645b9b379435fdcb8a431c2c834aa6d3273e11122643639b9c502004289a9add621b80878d7a6e2c12b41661be8db481965bf76c95f6c49ded998f84aa1062501d089319d88240979ec255213c543db4e967a5ebb351fe14c07cbda0579de4ab5e9871ccf21df1f8b5108867c653d7033ea3e898ba9d5baf3241a96baf651357cea537b90ede2aa642a6bbb4bf85575d73928fbc1f3fcc0dab2d6fc8231b3f7e53326fa64fedeeff72d7e20e14b1337af9bdb29b8551809af180b63bed7ffd8a297e58f1d912e40f1564cd08170a670a181f6b7db93d9fa3dd655f9dfcbfd00d57026991be90a919e954280f17745e5f022af5554ce3e743d1211c2b38bd2e1792fc1cf7b4498869f3da1dfb8976e864f3ad73eb15c567e0655f075a828dd6a03f97e58344031974a6d66d893c73c605d88b0fbec296e0d4771fbe41988622f8267da103033dc63624c1551c4f645ac4ae045c26ab085c94d0e3962fd4cda85492391dac5216a21a740ad2f549e4979801dd127fdd7afdf7c91ddf244a3388c295aae99b94b1e26fbf74a1f57b046ee2e516e5df14b901ab95e9bd26c646c4f1ef35b2dbe465892167402c78ec38e192d9bab2"}}]}, @TCA_EMATCH_TREE_LIST={0x1cc, 0x2, 0x0, 0x1, [@TCF_EM_META={0xa4, 0x1, 0x0, 0x0, {{0x9, 0x4, 0x2}, [@TCA_EM_META_HDR={0xc, 0x1, {{0xfa4, 0x5}, {0xf3, 0x2, 0x1}}}, @TCA_EM_META_LVALUE={0x22, 0x2, [@TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_VAR="e36f259ed6e7f44de3c5", @TCF_META_TYPE_VAR="f2", @TCF_META_TYPE_INT=0xffffffff, @TCF_META_TYPE_VAR="5a97435ec9ffbb", @TCF_META_TYPE_VAR, @TCF_META_TYPE_INT=0x1]}, @TCA_EM_META_RVALUE={0x2e, 0x3, [@TCF_META_TYPE_VAR="a34c43f0b5b1", @TCF_META_TYPE_INT, @TCF_META_TYPE_VAR="4b06dd558beb79", @TCF_META_TYPE_VAR="1f1e8d177e91584e", @TCF_META_TYPE_INT=0x8, @TCF_META_TYPE_VAR="7e5bc847", @TCF_META_TYPE_VAR="24b046520ebc90e75c"]}, @TCA_EM_META_LVALUE={0x8, 0x2, [@TCF_META_TYPE_INT=0x5]}, @TCA_EM_META_RVALUE={0x23, 0x3, [@TCF_META_TYPE_VAR="9d25", @TCF_META_TYPE_VAR="e33f2a4a87a4", @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_INT=0x2000006, @TCF_META_TYPE_VAR="9cf096387f3a", @TCF_META_TYPE_INT=0x8, @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_VAR="ca"]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x81, 0xbb}, {0xffff, 0x8}}}]}}, @TCF_EM_IPT={0xf4, 0x3, 0x0, 0x0, {{0x2, 0x9, 0x1}, [@TCA_EM_IPT_MATCH_DATA={0xe8, 0x5, "0f4c8e90a260b02ff69bdea7a422ecd7e04ca1b06fa73b389734b64b4654500ebb49d21b38358b0230b1c598d886eeec6845f44343224e71605a5276a3581c6c943551b6c3893946e04792a6511be067782791460a295815d81d4b6e56e99b85c23f2737d9201e2f6a211724d5f7db9cbf901abb588f73905d6b48af60a20390489fdac6bfe92183031ae0c723588ee87641737cd0fdee55701b2a68ad68e51d3dca641e6eb5a287b3df37bd52201a55933f694b32018345c3db53925e6cefa8932825bd8c1bf6574d79e94fd337ba76b711091bd8fe6f3cc889fd7dadbb59ef772448ef37d627be38c0bad6d9e42dd28974b842a8023ce50e6c283f8832f3b40b37e12ab03b"}]}}, @TCF_EM_IPT={0x1c, 0x3, 0x0, 0x0, {{0x40, 0x9, 0xe}, [@TCA_EM_IPT_NFPROTO={0x5, 0x4, 0xd}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x81}]}}, @TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0xb, 0x7, 0x8}, {{0x2, 0x1, 0x0, 0x1}, {0x4, 0x1}}}}]}, @TCA_EMATCH_TREE_LIST={0x5c, 0x2, 0x0, 0x1, [@TCF_EM_META={0x0, 0x2, 0x0, 0x0, {{0x6, 0x4, 0x9}, [@TCA_EM_META_HDR={0x0, 0x1, {{0x3, 0xf4, 0x1}, {0x3, 0x8, 0x1}}}]}}, @TCF_EM_CMP={0x18, 0x3, 0x0, 0x0, {{0x7, 0x1, 0x1ab}, {0x400, 0x4, 0x4, 0x5, 0x3, 0x2}}}, @TCF_EM_META={0x3e, 0x3, 0x0, 0x0, {{0x0, 0x4, 0x5}}}, @TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0xf0, 0x3, 0xfae}, {0x4, 0x5, 0x7, 0x3cec}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x4}}, @TCA_EMATCH_TREE_LIST={0x1158, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x100c, 0x1, 0x0, 0x0, {{0x5, 0x0, 0x3}, "0d76c34c8d7a94c0161d118b794a3739743aa8f7f36a9a309a32096e935905585e29b94ddbfe97b0a043c0d3fa358a470d997394a637acc6d56821e8cdb9b9b65746d743027e3734b55751677c9f29120b4aa9861448a0a1266cc3d59ffd2e9cd9aee331cba235e87b1b5e4f2e37dd596cfa86b3797f9d3494ec87fe3ca7cb6ac694d53b9bd4702ed67efe27c3a9b8728a17d5adcd978041e2a668b6d4c72ba441a5a98f6d3aaafe99b8cde39de5e207f811ef92ba8027318bdad46b32d38676bcacd17402739384c9b45a5afb56b68a2740958a0fd2c8d6a4daf5227ad57cfa89212a9ca86a417c94d94cea8b915a744f1c37434da5444a750d460e97b05dd6bcbeb6a2aaf67c01d3a1ea50b4e25d26d19293377516af73031bb24e7548b37cfe95c453d0e9425c61b4c9eead0cb869dbc794d315c8451546fc289ad2bec29bca72f8d3bbca92b510401868ca9341bb95fda3209aecf5bef323ee090e91fd10a237a1a23ad18cdfeca416e12d76efb2e4b289db35c3d2848ed989b4da9b79f10a6c2890cd4b4609bf8d080ff513dea4287cb50f85ff237f1f592c210cb4e9e65b442d92c5ee082c5a4e36505a9ddbb64d8c8f856c29a392eec9bf6807faeeeafc2306cf2884a4b275d6eb476093f4995be9a1e5eceae2ac573daf81ec5ba8c9f0716e5be30f27dc1227e88380056521ad836ec0ff31085202165482a0f423c4597ef54e4479d253a2bdfd7966072818cd6e52cf49c2cf2f0d8ecee959b0b501e4c0d21db0e181c1cfba4e504d583126c6ebfacccef33115ca6cf7aea0b30e5f5240a26256e119add66dc1f820d3fc6623b9ca2fc2bcd6f8adc610a4f2f1764f315949319b2fac0cdb05af685345cb724a4a2e940cd5012711f613a93b32ce4edc9dff65dacc7473c74fac83ea65e3878b7d00cec779111c71e176d6c8afca36ea00bfb78dbc34d9d770c1a9c135c6f53104ca41da66902f991e23d64e8839b56431be5a27a2111eae4c19eda0e5535ae583d77f4ec6b8389ffdd427ef2bfdbb2e31243cb95c19b92b5665722ba4cd33e0c51e3bf3635109837adebd4baca9a7c65712dbfba930a20bd0f9f16782fb1cd64910afce6baa5e2e7728304ded7ee4c59fe25542dc4799e468e9c93f0f3adc417a4ae2ef78b7269bc5ddc825ca53ba47f087a236106fc5ee17568340fa285d7b8a83ef089b2b8ebb1d7c59a87da9b825d95b74263fbea99a9716c586501848e1c590bf474ba2b0288e5324b006c2c9070f9eff7d4e3163dcdae4c0b6f39baa167171142d20e2ba6fefe97f42ac00adfa8351bc995a2f215c8a4a40690a6a60348d215aa3827a28fcc579cf3bbf45682cd2a7051267457cd3b0ff504c3e3b1e67ee0cf31efa269ff83700f38919d65dc60e13a4cb95cf78c6a70cca3bcdd02637e440aa3cdcdc381357777126158b28770d58e429fc90ac57bacb385a2663f73456dc7e049e3c1e6ccb3801eb566df840dd183833721e203419be89c44287dacd6684cf3f25899ed693ead525e7d82a4eb0d62ef21655ca4e83495ece8beb013db5b186d43f6272db4399f67863bf82dc70d8c768dbeece4cb997e261d196772778a8a537f56ecc38688070753b51fd08b3e240a1c80c726b76dea17de12d88b402db6cf2ae64fbcfd4898474c552edeab8d3c8f646ceb92831e80a523e132366c4b313786f53dce76d2e3d32df599cb97dbfbc89508e562dab2ecc14063190b35b66b3da138f5772e75a3a831a8c17bc6753e7c0926dedefa4baea586ca162dbc7dcdb1edcb1405a3c7ed57a0604ba27f79bce6671b6b3a8d40039a6ed0abc2d424f334bba2b2acb7b901ac194dcc728f2b1042015bdea6a85b9d8e63fb0527c175d67ffecabbd1d0941adb5c2fdb60cf2a33e2c58deb4f53b061579f21ab9f06debc9914420d9452c40940b7733b1584f91ac3004e16e42d5350179747f96cbed20a73313391d4574e9e4cfdfb65b160acdea827e8e53342132c080af1893775396d2b959efa837483f046bd09c74783ca5117c617452132558c97f9c22ce776ea7db6321d589d6a48a9087fcf739fdc239d9523618ed73fe32b48d4a283a624a3d06082c01b6e480d0dfd3d6cf389f515ae4020b776b3257a7102e1ec4a2892e7c8107a34dddddd923fd9758199be62c8475364dfe0ecba57de7dfe566384848513f50e199b27921a33bf8ec56378ed447619b9136ffdacbccdc58fcb243b635e6cffe47b5b5226b7843f2bd9c776090bc28fcce6572652ad47d7b85e9359a4c9ce01b0890f10b6dac2d2a051b92c7495115c521f0789310649bbb6e6e680735ce954b6c224d3a7ad62157e66cc073e425541a52336d3704feae2757ba84c19bd90d0f0b1d65e71ef657a859da67434d8188e80f233d2b80a70d8f57d1d92a2ac27951dfd45096ac1cd02c3f1eff3f503610b652f022426e87eb621d741fb1a66770cfc1035056f46ea8f0df4830ed448bdecf149e6c2cc3224ec0005f833b7bbd4d9366074640bbdc1cd6800caf5b5cf672c8d55c750ec5e3763cab7c80609940fde58929e67cf9e2afc7388220b60705db8fde37c75ea7eeb8412a7d0993f58822752ae8a9e634054ff7e5146eaa0a1ca7626c34a45add56d0af941f783f3d6bda04ae0fbfaee3ff4e84803f102c351b0351d1bb39c50ca6531a35c149d4167c9dcff04bbbf3232b252f9736975bb839efab09578dd3f353bc600738e8d8d04b2541c510517779b2b370240dc67665d90566eebf12a1ed34704ac212cbd42e1612cc09e968696c15b285c3082a29bbd6f37e324e1625cbad9544acd5eaec60f76923f06f35972c5357cb18788a297f90e9ef5e15377289b5ee580972bf8383164537bebcd6b56cc78d1e5d75d8bfe08d3aaf07b91a6c98845bb8f94f841d023859949e5f331a98566a7334e47a4399739334fd779de4aeae70faef72e46af30e0d0791951c482f86c28f11631d5aedd98a2eec961a018e45346ebb889d9d268c234bb049127d7ddaee29c92f05a4c3b3a12803bcda642ccbdf34eab988597d746be4eb84345a69489f3f706d501d1c78172e06ef2687c0008322e2dbedcc4288383661bf79f84b364679fd7f997894f848f3a637757b4bf62e385959a7131345f50df7dfcb7f4e1b5f766655d9142544dc34bd817c79ce07d020f42b105ff8512160a1808891fbec047bb16d49ce12b411bc575ea73995da7aae859c3a26038da0f50cc3fc5668e15d483270b50d050cff555afce8565c7957e4f037a002825ade1a83584fc78869b19bd7f88ed45312efab84c0a2a2a184b887e7539620ab0a4355374ecd9253569e5043206028f6d1dd22a6fdc2df6a7d47c2ee959e98183b6df13633d7d6ddaa1bb57a6be3f9939954f9a82657d760f41699a64a909fe5c0982b52e938d347dc9217b60b6f8f5e58044a1cb2e3dc49228ac9bc7a0046a53fee4217b0d65b8d10f769365185f7e8e9eba46b0519564e1ce6da9975bed7e46ffdf70266e6597b9a7bae776a86dd2e1796c7c930a5d725a1359538af29f090c314cc807975a0a4f43768568b86c998e8fc2ab72f547ce5b84d0cb49a45191a37f5d7cca9d520ec484b9fbb4c13a00008f38fb41e65e98ad92b205afe44e42417d8083ec365556b0eff1aed1a615bd875d91168997d1b741eae5e70c2e4eeccbd36df1bb957cef5f850d000727d16b095faa16a6ec0574842aea8c202a4e43f3b099cde7cb22ea6f89ba438c6547f2553ea74ab519f6f5b38631404ff88e632ed2df358dc40f02ecb674b7e208e291278f496a2efcde781b8d7828a9a75639e6b6095df39fa12620bb29b2cdad5ee20306edad831b164a1c17eb3f1d4eeac830c359bee7d8397313c46b00a9e1a828a869700b4dccb13245ace6567ffc3045199fc824bfe8b0f20c4e1a60288cd4668a8f11bbca60035a0281719434357c952d01e5ee93127a0b32b324a8b4d12d912632a9c0f422520171a80a4f8635f27e5f516eb6f7f9db305e94f927534126a28004b968aba3c345d3c2ff346fe7a59adf9d67a92f12b7907799a5fcbb990f6a3dd798e3dc2f3eca96fa6d66d3b9880a3518a066566c42938a58ae118780fa9f03f906498c7d20fa8fedd8cdbd8c8d7d9046e6dccfa1828d90cd33a0d93d3dbf92199b1b3fb7ee174e6534e9e14403a3456ce2ce47082213e20091aa2eac36b357b8d0693a119648fa9cea030cb72ee2a8d22a40daf088e0ebc76f91ed5ce8145d806ddc14655e48b48d6edfb9a3dff4223b1e9eaedb012efb7728471d68f225d56e419342edad431aa8d9e2103cf738656ea08cb92018d4698914d6ac93b40b33d758a63038876bc9905cbbf4925f7480f5a2d02f59ba1ba92c8f80f7f408d3e7cbce01b1457c3553a7e88429f24a32d3ccdcb0fff5ae02894a4867fcdc71341aa248ea9e66d103254854ef910d3ab2e99b5463712e2df35f40f622280db988997e13e24ca504f0364c5e5df5d5c33c0c948ce27fe1c3e1ea718caa63c34a14db215d7074a168d46876b44fcf1829f982f00b46b0bc973dac5b754c01b2af1cf2ef7389aa4c7ca63edc8cb1d47ce02a73e186c8345d0bf5c2b4e0667854a98411402cdf6ad1f63c771d17af8a7bb006e72cb5eb9023684aff393540d8ac4507837b954d9b8d431cbc639fc1ee6392d8dbdebc4522e403ddfe346ba78f6f2efa4f431c23a7df6a24ec44c83225975bf4ce8d86408e79abab3034a0f69dacbb07edf100f09cd09c0fc89f82ff8d28391273bfe08dea624788736e181100fe58c4b1f5889720f35fb083faee8cad69619e460080ebfd186203b649f119c0ceae50e5835c4885d33f9f9b59908c581a7c08e9f8250bec27d553852f63a19f2c785340c5fd28963327a7b4d9a5fc92196e19b232da7c832c31d07e0e636fe8de8257d11be3d775ff773e3819b248f589bce435a355c9f5fce0070edcfe0432df0bf4237a2b034565578be39b72adf305d239cb081cec80fd5f86f9bacde0dcc82b42107247f5a37e3ab6b034132694dc4f8a746639ec45bd91351d4e1dce7e1526ea91bc47f656b93d0e7ad847785ebe41c7cc6993e72420c055fc4be6b59f0dabb9752c59aaa5dcb260289f045a9a7da0ed32fc9fafcb9e0f8776e0d690687f4e0e80b543337b97b562315d50284e0826ce33627241c739d7b949a8d18b10517495759ea6b11484843ba412f5f5bc10332f5698637ba24feee8cc2ada887050fe63d4a7f9d651685d290b7da38d93d96f5c201d86fd1e4445b0e20d4192c9134d88bbfb1d78e3642f6728d2ee047d13816be3357f6505a3e2c68f2e3bda56af1256524985926efaed16435d2af3da061b1888a06c9af5194731fd6045e6613d2aad6b2878819de9c1b7fdbe0a9d08f6c1ae422bc8f8a23abbe702257024d943f93279e7ffe438c263c001aa0fe23b6e4faadc18847c4352bf0fb35b4ecfdcf8326317e948fec91a5d476313fb71214f1492d63b17f9ce0e17a1996defecf6df853468d84a2b2d1ebacbfb16b2c5040b5829dd3cfa76178f75a3a69d04df977cf266014f862a11316eb40e11eb07227c564312fbdf252ac02fb46045099392771811205788f05c3e4fa7784f2a67b0a9736213b535e44898e0c097238eb48bfcae1141a8b4a7e07e04d9bbc089ef0c2ab183993cd71a814577d5a119ecaec31b7476ff3f7e053845438e202faa93e4d2b7fc4e774571ba444e7245b70eca1052595bee85c8f2de1cb10c1ba35cd7ffdf56dcd035a50baddfca4fb6611de36b9b5"}}, @TCF_EM_NBYTE={0x18, 0x3, 0x0, 0x0, {{0x8, 0x2, 0x1000}, {0xfff8, 0x6, 0x0, "ec70350ec058"}}}, @TCF_EM_IPT={0xc, 0x3, 0x0, 0x0, {{0x2, 0x9, 0x8}}}, @TCF_EM_CONTAINER={0x9c, 0x3, 0x0, 0x0, {{0xeb3}, "8d469aebb17c93f49ebef859540f6ccb26e6cc40dba5db433da689b6b668febdf23d54dfc9f6a2d6b03f2245daa6094c7089b9098ecc2897d8854ed2473bd7f1d8db92e1cca5fcf46510c4f03bb10b0e886ebb981092f9f4811a45a154a3ba13933409555a3325703f1be101554ea3b526e86e069afd0639606a755ee800097464711e2fa491f6fce47f8718f59e62"}}, @TCF_EM_CONTAINER={0x88, 0x2, 0x0, 0x0, {{0x1}, "5f9e62523512f548de08bee15639de944cedf9536ba5ae1876affe4c77a14ce25db7f7c968501ed20585374afa41133645b1db007449e5bc5c6984edf92e70ea7f42766f8a18bfdfb122de75bdccca2bad173c3ea7be1b8274e729d5baa4070c027224ffdfb9f05712be8a70fa8cf064acb1f52bb2045172e0fa"}}]}]}]}}]}, 0x273c}}, 0x1d56ce4333ce878e) kernel console output (not intermixed with test programs): devsim2: renamed from eth2 [ 77.354165][ T5772] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 77.432182][ T5775] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 77.451269][ T5775] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 77.461773][ T5775] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 77.479209][ T5775] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 77.522717][ T5773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.577333][ T5773] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.598490][ T1102] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.605795][ T1102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.624805][ T33] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.632072][ T33] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.659732][ T5774] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.735157][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.748342][ T5774] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.779370][ T1102] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.786556][ T1102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.817556][ T1102] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.824808][ T1102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.914143][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.946640][ T33] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.953828][ T33] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.984856][ T5775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.023949][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.031250][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.124564][ T5775] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.158981][ T998] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.166265][ T998] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.219648][ T998] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.226868][ T998] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.258149][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.350397][ T5775] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 78.374364][ T5774] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.442656][ T5773] veth0_vlan: entered promiscuous mode [ 78.477933][ T5773] veth1_vlan: entered promiscuous mode [ 78.547807][ T5774] veth0_vlan: entered promiscuous mode [ 78.560374][ T5773] veth0_macvtap: entered promiscuous mode [ 78.584552][ T5774] veth1_vlan: entered promiscuous mode [ 78.605104][ T5773] veth1_macvtap: entered promiscuous mode [ 78.667904][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.677033][ T5781] Bluetooth: hci0: command tx timeout [ 78.694186][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.703606][ T5774] veth0_macvtap: entered promiscuous mode [ 78.714824][ T5773] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.725984][ T5773] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.735932][ T5773] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.744719][ T5773] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.753647][ T5781] Bluetooth: hci3: command tx timeout [ 78.772797][ T5774] veth1_macvtap: entered promiscuous mode [ 78.819152][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.831965][ T5781] Bluetooth: hci1: command tx timeout [ 78.841603][ T5781] Bluetooth: hci2: command tx timeout [ 78.876970][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.901974][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.914151][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.943095][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.956090][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.967317][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.010082][ T5774] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.019745][ T5774] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.029387][ T5774] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.038522][ T5774] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.057067][ T1102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.075868][ T1102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.134277][ T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.147368][ T5775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.158762][ T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.185429][ T5772] veth0_vlan: entered promiscuous mode [ 79.259761][ T5772] veth1_vlan: entered promiscuous mode [ 79.283924][ T1131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.292990][ T1131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.399160][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.425037][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.466400][ T5775] veth0_vlan: entered promiscuous mode [ 79.516859][ T5772] veth0_macvtap: entered promiscuous mode [ 79.532465][ T5775] veth1_vlan: entered promiscuous mode [ 79.578715][ T5772] veth1_macvtap: entered promiscuous mode [ 79.633362][ T5836] syz.0.1[5836]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 79.666868][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.688383][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.709116][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.730282][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.733641][ T5836] loop0: detected capacity change from 0 to 2048 [ 79.753182][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.819259][ T5836] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 79.858670][ T5775] veth0_macvtap: entered promiscuous mode [ 79.875761][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.908504][ T5833] capability: warning: `syz.2.3' uses 32-bit capabilities (legacy support in use) [ 79.912724][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.933300][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.944592][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.957992][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.991436][ T5775] veth1_macvtap: entered promiscuous mode [ 80.040491][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.071596][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.085192][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.105996][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.126281][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.137093][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.149770][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.162068][ T5772] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.173629][ T5772] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.188127][ T5774] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 80.190594][ T5772] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.211847][ T5772] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.268766][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.305585][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.326482][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.358672][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.373188][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.383847][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.398640][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.443364][ T5775] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.459393][ T5775] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.468679][ T5775] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.482402][ T5775] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.632384][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.647731][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.706183][ T1102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.717805][ T1102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.751732][ T5781] Bluetooth: hci0: command tx timeout [ 80.769218][ T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.783747][ T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.823145][ T1082] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.832172][ T5781] Bluetooth: hci3: command tx timeout [ 80.843400][ T1082] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.921688][ T5781] Bluetooth: hci2: command tx timeout [ 80.926587][ T5084] Bluetooth: hci1: command tx timeout [ 81.060659][ T5851] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 81.147301][ T5853] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'. [ 81.640200][ T5861] loop0: detected capacity change from 0 to 8192 [ 81.734122][ T5861] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 81.829550][ T5861] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 81.921715][ T5861] REISERFS (device loop0): using journaled data mode [ 81.929353][ T5861] reiserfs: using flush barriers [ 82.117335][ T5861] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 82.223112][ T5873] loop1: detected capacity change from 0 to 1024 [ 82.247151][ T5861] REISERFS (device loop0): checking transaction log (loop0) [ 82.270656][ T5873] EXT4-fs: Ignoring removed bh option [ 82.322996][ T5861] REISERFS (device loop0): Using r5 hash to sort names [ 82.370822][ C0] sched: RT throttling activated [ 82.394153][ T5861] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 82.476169][ T5873] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.519035][ T5861] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 82.543274][ T5863] loop3: detected capacity change from 0 to 131072 [ 82.604552][ T5863] F2FS-fs (loop3): invalid crc value [ 82.636539][ T5863] F2FS-fs (loop3): Found nat_bits in checkpoint [ 82.702286][ T5863] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 82.841322][ T5084] Bluetooth: hci0: command tx timeout [ 82.847388][ T5861] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 82.880070][ T5861] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 82.907814][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.921094][ T5084] Bluetooth: hci3: command tx timeout [ 82.991059][ T5084] Bluetooth: hci1: command tx timeout [ 82.991995][ T5781] Bluetooth: hci2: command tx timeout [ 83.514283][ T5898] loop1: detected capacity change from 0 to 128 [ 83.594256][ T5781] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 83.717741][ T5898] netlink: 4 bytes leftover after parsing attributes in process `syz.1.21'. [ 84.367861][ T5900] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 84.381327][ T5900] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 84.454628][ T5900] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 84.499344][ T5900] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 84.512429][ T5900] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 84.533667][ T5900] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 84.569346][ T5900] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 84.603249][ T5900] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 84.630058][ T5900] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 84.649944][ T5900] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 84.658121][ T5900] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 84.671847][ T5900] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 84.689970][ T5919] Bluetooth: MGMT ver 1.22 [ 84.711427][ T5919] Bluetooth: hci0: unsupported parameter 256 [ 84.717465][ T5919] Bluetooth: hci0: invalid length 0, exp 2 for type 6 [ 85.022452][ T5928] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 85.163070][ T5811] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 85.210449][ T5932] loop0: detected capacity change from 0 to 2048 [ 85.265690][ T5932] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 85.366197][ T5811] usb 3-1: Using ep0 maxpacket: 16 [ 85.442077][ T5811] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40 [ 85.461288][ T5811] usb 3-1: New USB device strings: Mfr=1, Product=21, SerialNumber=3 [ 85.488270][ T5811] usb 3-1: Product: syz [ 85.509608][ T5811] usb 3-1: Manufacturer: syz [ 85.532878][ T5811] usb 3-1: SerialNumber: syz [ 85.595616][ T5936] syz.3.35 uses obsolete (PF_INET,SOCK_PACKET) [ 85.632167][ T5781] Bluetooth: hci1: command 0x0c1a tx timeout [ 86.017348][ T5811] snd-usb-audio: probe of 3-1:1.0 failed with error -71 [ 86.051114][ T5811] usb 3-1: USB disconnect, device number 2 [ 86.305907][ T5954] loop0: detected capacity change from 0 to 256 [ 86.387583][ T5954] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d) [ 86.513798][ T5781] Bluetooth: hci3: command 0x0c1a tx timeout [ 86.601970][ T5781] Bluetooth: hci2: command 0x0c1a tx timeout [ 86.659940][ T5958] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000000000004 [ 86.671316][ T5781] Bluetooth: hci0: command 0x0c1a tx timeout [ 86.874201][ T5967] loop3: detected capacity change from 0 to 256 [ 86.876801][ T8] cfg80211: failed to load regulatory.db [ 87.046482][ T5967] FAT-fs (loop3): Directory bread(block 64) failed [ 87.072350][ T5967] FAT-fs (loop3): Directory bread(block 65) failed [ 87.079043][ T5967] FAT-fs (loop3): Directory bread(block 66) failed [ 87.110952][ T5967] FAT-fs (loop3): Directory bread(block 67) failed [ 87.127849][ T5967] FAT-fs (loop3): Directory bread(block 68) failed [ 87.139629][ T5967] FAT-fs (loop3): Directory bread(block 69) failed [ 87.161362][ T5967] FAT-fs (loop3): Directory bread(block 70) failed [ 87.170292][ T5967] FAT-fs (loop3): Directory bread(block 71) failed [ 87.180489][ T5967] FAT-fs (loop3): Directory bread(block 72) failed [ 87.188910][ T5967] FAT-fs (loop3): Directory bread(block 73) failed [ 87.350389][ T27] audit: type=1800 audit(1778977414.947:2): pid=5967 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.49" name="bus" dev="loop3" ino=1048598 res=0 errno=0 [ 87.449051][ T5981] syz.3.49: attempt to access beyond end of device [ 87.449051][ T5981] loop3: rw=2049, sector=1224, nr_sectors = 8 limit=256 [ 87.652817][ T5987] netlink: 11 bytes leftover after parsing attributes in process `syz.0.57'. [ 87.685869][ T5987] netlink: 24 bytes leftover after parsing attributes in process `syz.0.57'. [ 87.724398][ T5781] Bluetooth: hci1: command 0x0c1a tx timeout [ 87.732895][ T5987] netlink: 24 bytes leftover after parsing attributes in process `syz.0.57'. [ 87.748584][ T12] kworker/u4:1: attempt to access beyond end of device [ 87.748584][ T12] loop3: rw=1, sector=1232, nr_sectors = 152 limit=256 [ 87.764964][ T12] kworker/u4:1: attempt to access beyond end of device [ 87.764964][ T12] loop3: rw=1, sector=1416, nr_sectors = 352 limit=256 [ 87.779608][ T12] kworker/u4:1: attempt to access beyond end of device [ 87.779608][ T12] loop3: rw=1, sector=1800, nr_sectors = 128 limit=256 [ 87.802511][ T12] kworker/u4:1: attempt to access beyond end of device [ 87.802511][ T12] loop3: rw=1, sector=1960, nr_sectors = 1412 limit=256 [ 87.842508][ T5991] loop1: detected capacity change from 0 to 128 [ 87.856441][ T5991] ======================================================= [ 87.856441][ T5991] WARNING: The mand mount option has been deprecated and [ 87.856441][ T5991] and is ignored by this kernel. Remove the mand [ 87.856441][ T5991] option from the mount to silence this warning. [ 87.856441][ T5991] ======================================================= [ 87.915546][ T5991] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 87.965680][ T5991] hpfs: filesystem error: improperly stopped [ 88.019360][ T5991] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 88.046847][ T5991] hpfs: You really don't want any checks? You are crazy... [ 88.081001][ T5991] hpfs: Code page index out of array [ 88.087342][ T5991] hpfs: code page support is disabled [ 88.116555][ T5991] hpfs: hpfs_map_4sectors(): unaligned read [ 88.134704][ T5991] hpfs: hpfs_map_4sectors(): unaligned read [ 88.154425][ T5991] hpfs: filesystem error: unable to find root dir [ 88.456831][ T6004] netlink: 33 bytes leftover after parsing attributes in process `syz.3.65'. [ 88.591180][ T5781] Bluetooth: hci3: command 0x0c1a tx timeout [ 88.671207][ T5781] Bluetooth: hci2: command 0x0c1a tx timeout [ 88.761853][ T5781] Bluetooth: hci0: command 0x0c1a tx timeout [ 88.802194][ T5998] loop2: detected capacity change from 0 to 32768 [ 88.956607][ T5998] XFS (loop2): DAX unsupported by block device. Turning off DAX. [ 89.003540][ T5998] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 89.082074][ T6023] warning: `syz.3.70' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 89.153200][ T5998] XFS (loop2): Ending clean mount [ 89.199816][ T5998] XFS (loop2): Quotacheck needed: Please wait. [ 89.427378][ T5998] XFS (loop2): Quotacheck: Done. [ 89.783174][ T6042] netlink: 12 bytes leftover after parsing attributes in process `syz.3.77'. [ 89.793848][ T5781] Bluetooth: hci1: command 0x0c1a tx timeout [ 89.824197][ T5773] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 90.680157][ T6064] loop0: detected capacity change from 0 to 256 [ 90.691281][ T5781] Bluetooth: hci3: command 0x0c1a tx timeout [ 90.751016][ T5781] Bluetooth: hci2: command 0x0c1a tx timeout [ 90.831213][ T5781] Bluetooth: hci0: command 0x0c1a tx timeout [ 91.451533][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 91.469771][ T8] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 91.702941][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 91.728385][ T8] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 91.740666][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 91.750711][ T8] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 91.780857][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 91.804054][ T8] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 91.840877][ T9] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 91.849976][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.860719][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.892305][ T9] usb 1-1: config 0 descriptor?? [ 92.095475][ T8] usb 3-1: usb_control_msg returned -32 [ 92.106229][ T8] usbtmc 3-1:16.0: can't read capabilities [ 92.191914][ T965] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 92.329860][ T9] plantronics 0003:047F:FFFF.0001: unknown main item tag 0xd [ 92.341654][ T9] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 92.360306][ T9] plantronics 0003:047F:FFFF.0001: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 92.416639][ T965] usb 2-1: Using ep0 maxpacket: 8 [ 92.433400][ T965] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 92.449052][ T965] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.467375][ T965] usb 2-1: Product: syz [ 92.477420][ T965] usb 2-1: Manufacturer: syz [ 92.493677][ T965] usb 2-1: SerialNumber: syz [ 92.511129][ T965] usb 2-1: config 0 descriptor?? [ 92.615736][ T42] usb 1-1: USB disconnect, device number 2 [ 92.735058][ T965] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 92.853861][ T6110] netlink: 'syz.3.104': attribute type 12 has an invalid length. [ 92.865077][ T6110] netlink: 4 bytes leftover after parsing attributes in process `syz.3.104'. [ 92.882205][ T6110] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.892128][ T6110] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.901024][ T6110] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.909782][ T6110] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.923474][ T6110] netlink: 'syz.3.104': attribute type 12 has an invalid length. [ 92.939590][ T6110] netlink: 4 bytes leftover after parsing attributes in process `syz.3.104'. [ 92.948883][ T6110] Zero length message leads to an empty skb [ 93.099776][ T6114] loop3: detected capacity change from 0 to 512 [ 93.126500][ T6114] EXT4-fs (loop3): 1 truncate cleaned up [ 93.133875][ T6114] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 93.316778][ T5775] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz-executor: invalid indirect mapped block 4294901760 (level 0) [ 93.337266][ T6120] loop0: detected capacity change from 0 to 8 [ 93.345380][ T5775] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz-executor: invalid indirect mapped block 4294967295 (level 1) [ 93.365132][ T5775] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz-executor: invalid indirect mapped block 65535 (level 2) [ 93.401811][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.418892][ T6120] SQUASHFS error: Unable to read inode 0x127 [ 93.584558][ T965] dvb_usb_rtl28xxu: probe of 2-1:0.0 failed with error -71 [ 93.601997][ T965] usb 2-1: USB disconnect, device number 2 [ 93.882756][ T6138] input: syz0 as /devices/virtual/input/input6 [ 94.413011][ T5811] usb 3-1: USB disconnect, device number 3 [ 94.654812][ T6169] loop3: detected capacity change from 0 to 8192 [ 94.677077][ T6179] loop2: detected capacity change from 0 to 512 [ 94.702604][ T6169] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 94.752566][ T6169] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 94.777250][ T6179] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 94.790661][ T6169] REISERFS (device loop3): using ordered data mode [ 94.802276][ T6179] ext4 filesystem being mounted at /22/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 94.814699][ T6169] reiserfs: using flush barriers [ 94.846690][ T6169] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 94.896213][ T6169] REISERFS (device loop3): checking transaction log (loop3) [ 94.917327][ T6169] REISERFS (device loop3): Using r5 hash to sort names [ 94.939251][ T6169] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 95.142671][ T5773] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.269700][ T6190] syzkaller1: entered promiscuous mode [ 95.275402][ T6190] syzkaller1: entered allmulticast mode [ 95.413050][ T6195] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 95.669497][ T6206] netlink: 'syz.3.127': attribute type 3 has an invalid length. [ 96.058218][ T6220] syzkaller1: entered promiscuous mode [ 96.081048][ T6220] syzkaller1: entered allmulticast mode [ 96.199867][ T6227] loop1: detected capacity change from 0 to 136 [ 96.582658][ T6236] loop0: detected capacity change from 0 to 512 [ 96.624926][ T6236] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 96.754170][ T6240] 9pnet: p9_errstr2errno: server reported unknown error õ1 [ 96.831707][ T5774] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.905089][ T6244] netlink: 8 bytes leftover after parsing attributes in process `syz.1.142'. [ 96.961524][ T6244] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.970006][ T6244] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.143972][ T6256] netlink: 24 bytes leftover after parsing attributes in process `syz.3.148'. [ 97.767723][ T6259] loop3: detected capacity change from 0 to 32768 [ 97.798271][ T6259] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 97.823742][ T6259] JBD2: Ignoring recovery information on journal [ 97.913425][ T6259] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 98.009834][ T23] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 98.107526][ T6283] netlink: 68 bytes leftover after parsing attributes in process `syz.0.157'. [ 98.241296][ T23] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 98.263725][ T5775] ocfs2: Unmounting device (7,3) on (node local) [ 98.270954][ T23] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 98.304754][ T23] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 98.340868][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.603321][ T23] usb 2-1: usb_control_msg returned -32 [ 98.608984][ T23] usbtmc 2-1:16.0: can't read capabilities [ 98.827681][ T6285] loop2: detected capacity change from 0 to 32768 [ 98.898554][ T6285] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 98.979898][ T6285] XFS (loop2): Ending clean mount [ 99.226362][ T5773] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 99.657620][ T6320] loop3: detected capacity change from 0 to 256 [ 99.683105][ T6320] exfat: Deprecated parameter 'utf8' [ 99.691219][ T6320] exfat: Deprecated parameter 'namecase' [ 99.703760][ T6320] exfat: Deprecated parameter 'namecase' [ 99.715037][ T6320] exfat: Deprecated parameter 'utf8' [ 99.750942][ T6320] exFAT-fs (loop3): failed to load upcase table (idx : 0x00012153, chksum : 0x6a70c931, utbl_chksum : 0xe619d30d) [ 99.819097][ T27] audit: type=1800 audit(1778977427.417:3): pid=6320 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.171" name="file1" dev="loop3" ino=1048600 res=0 errno=0 [ 99.931485][ T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 100.022972][ T6318] loop0: detected capacity change from 0 to 32768 [ 100.049733][ T6318] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.170 (6318) [ 100.082114][ T6318] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 100.092936][ T6318] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 100.102534][ T6318] BTRFS info (device loop0): allowing degraded mounts [ 100.109649][ T6318] BTRFS info (device loop0): turning on flush-on-commit [ 100.117198][ T6318] BTRFS info (device loop0): max_inline at 0 [ 100.123697][ T6318] BTRFS info (device loop0): setting nodatasum [ 100.193363][ T6318] BTRFS info (device loop0): turning on sync discard [ 100.213800][ T6318] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 100.237227][ T6318] BTRFS info (device loop0): trying to use backup root at mount time [ 100.262901][ T6318] BTRFS info (device loop0): using free space tree [ 100.407964][ T6318] BTRFS info (device loop0): enabling ssd optimizations [ 100.569806][ T27] audit: type=1800 audit(1778977428.167:4): pid=6318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.170" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 100.808760][ T23] usb 2-1: USB disconnect, device number 3 [ 101.098880][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 101.106697][ T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 101.182840][ T5774] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 101.254387][ T6326] loop3: detected capacity change from 0 to 131072 [ 101.263435][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 101.273614][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 101.284672][ T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 101.297914][ T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 101.307369][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.317688][ T6326] F2FS-fs (loop3): invalid crc value [ 101.340388][ T6326] F2FS-fs (loop3): Found nat_bits in checkpoint [ 101.392488][ T6326] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 101.441651][ T23] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 101.603689][ T9] usb 3-1: GET_CAPABILITIES returned 0 [ 101.614905][ T9] usbtmc 3-1:16.0: can't read capabilities [ 101.667044][ T23] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 101.717523][ T23] usb 2-1: config 16 interface 0 has no altsetting 0 [ 101.735517][ T23] usb 2-1: New USB device found, idVendor=15c2, idProduct=0036, bcdDevice=bb.7a [ 101.751945][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.788031][ T23] imon:imon_find_endpoints: no valid input (IR) endpoint found [ 101.821249][ T23] imon 2-1:16.0: unable to initialize intf0, err -19 [ 101.827970][ T23] imon:imon_probe: failed to initialize context! [ 101.864140][ T23] imon 2-1:16.0: unable to register, err -19 [ 101.898465][ T9] usb 3-1: USB disconnect, device number 4 [ 101.945676][ T6351] loop0: detected capacity change from 0 to 4096 [ 101.956325][ T6351] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 102.204649][ T6354] netlink: 'syz.0.177': attribute type 10 has an invalid length. [ 102.218951][ T9] usb 2-1: USB disconnect, device number 4 [ 102.286739][ T6354] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 102.306533][ T6356] netlink: 14 bytes leftover after parsing attributes in process `syz.0.177'. [ 102.473700][ T6356] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 102.542275][ T6356] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 102.561618][ T6356] bond0 (unregistering): (slave netdevsim0): Releasing backup interface [ 102.580761][ T6356] bond0 (unregistering): Released all slaves [ 102.908248][ T6367] loop1: detected capacity change from 0 to 64 [ 103.936620][ T6383] bridge1: entered promiscuous mode [ 103.961483][ T6383] bridge1: entered allmulticast mode [ 104.364077][ T6398] input: syz0 as /devices/virtual/input/input7 [ 104.774928][ T27] audit: type=1326 audit(1778977432.377:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6410 comm="syz.0.200" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facf719ce59 code=0x7ffc0000 [ 104.880951][ T27] audit: type=1326 audit(1778977432.377:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6410 comm="syz.0.200" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facf719ce59 code=0x7ffc0000 [ 104.931805][ T6411] loop2: detected capacity change from 0 to 4096 [ 104.989386][ T27] audit: type=1326 audit(1778977432.377:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6410 comm="syz.0.200" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facf719ce59 code=0x7ffc0000 [ 105.115286][ T27] audit: type=1326 audit(1778977432.387:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6410 comm="syz.0.200" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facf719ce59 code=0x7ffc0000 [ 105.145372][ T6421] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 105.165260][ T8] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 105.218872][ T27] audit: type=1326 audit(1778977432.387:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6410 comm="syz.0.200" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7facf719ce59 code=0x7ffc0000 [ 105.265780][ T8] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 105.298775][ T27] audit: type=1326 audit(1778977432.397:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6410 comm="syz.0.200" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facf719ce59 code=0x7ffc0000 [ 105.397580][ T27] audit: type=1326 audit(1778977432.397:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6410 comm="syz.0.200" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facf719ce59 code=0x7ffc0000 [ 105.480945][ T5762] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 105.531980][ T27] audit: type=1326 audit(1778977432.397:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6410 comm="syz.0.200" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facf719ce59 code=0x7ffc0000 [ 105.645160][ T27] audit: type=1326 audit(1778977432.407:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6410 comm="syz.0.200" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facf719ce59 code=0x7ffc0000 [ 105.684478][ T5762] usb 1-1: config 0 has no interfaces? [ 105.731298][ T5762] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 105.757149][ T5762] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 105.782451][ T5762] usb 1-1: SerialNumber: syz [ 105.786261][ T27] audit: type=1326 audit(1778977432.407:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6410 comm="syz.0.200" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facf719ce59 code=0x7ffc0000 [ 105.813544][ T5762] usb 1-1: config 0 descriptor?? [ 105.865697][ T27] audit: type=1326 audit(1778977432.407:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6410 comm="syz.0.200" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7facf719ce59 code=0x7ffc0000 [ 106.121989][ T6439] netlink: 428 bytes leftover after parsing attributes in process `syz.2.205'. [ 106.131247][ T6439] netlink: 24 bytes leftover after parsing attributes in process `syz.2.205'. [ 106.617457][ T6459] loop2: detected capacity change from 0 to 256 [ 106.636921][ T6459] exfat: Deprecated parameter 'utf8' [ 106.676115][ T6459] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xffade8b4, utbl_chksum : 0xe619d30d) [ 106.866075][ T6468] loop1: detected capacity change from 0 to 256 [ 106.901158][ T6468] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 106.942780][ T6468] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 106.982374][ T6468] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 107.156160][ T6474] raw_sendmsg: syz.3.215 forgot to set AF_INET. Fix it! [ 107.579266][ T6488] netlink: 'syz.1.218': attribute type 1 has an invalid length. [ 107.620886][ T6488] netlink: 'syz.1.218': attribute type 2 has an invalid length. [ 107.664257][ T6488] netlink: 'syz.1.218': attribute type 1 has an invalid length. [ 107.684448][ T6488] netlink: 'syz.1.218': attribute type 2 has an invalid length. [ 107.806876][ T6488] syz.1.218 (6488) used greatest stack depth: 20264 bytes left [ 108.153615][ T5811] usb 1-1: USB disconnect, device number 3 [ 108.348620][ T6508] loop0: detected capacity change from 0 to 1024 [ 108.401623][ T6508] EXT4-fs: Ignoring removed orlov option [ 108.465476][ T6508] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.887385][ T6524] loop1: detected capacity change from 0 to 128 [ 108.947165][ T6524] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 108.979051][ T5774] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.069602][ T6524] ext4 filesystem being mounted at /45/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 109.274488][ T6524] process 'syz.1.224' launched './file0' with NULL argv: empty string added [ 109.312401][ T6524] Invalid argument reading file caps for ./file0 [ 109.426322][ T5772] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 110.115348][ T6527] loop3: detected capacity change from 0 to 131072 [ 110.125010][ T6527] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(0) [ 110.133215][ T6527] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 110.147222][ T6527] F2FS-fs (loop3): invalid crc value [ 110.204465][ T6527] F2FS-fs (loop3): Found nat_bits in checkpoint [ 110.331462][ T6556] atomic_op ffff88805937d198 conn xmit_atomic 0000000000000000 [ 110.381614][ T6527] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 110.388832][ T6527] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 110.674731][ T6567] loop0: detected capacity change from 0 to 2048 [ 110.778930][ T6567] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 110.923985][ T6567] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. [ 110.967127][ T6567] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 111.017201][ T6567] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28 [ 111.067582][ T6567] EXT4-fs (loop0): This should not happen!! Data will be lost [ 111.067582][ T6567] [ 111.133559][ T6574] EXT4-fs: Remounting file system with no journal so ignoring journalled data option [ 111.163272][ T6567] EXT4-fs (loop0): Total free blocks count 0 [ 111.210866][ T6567] EXT4-fs (loop0): Free/Dirty block details [ 111.216875][ T6567] EXT4-fs (loop0): free_blocks=66060288 [ 111.253031][ T6567] EXT4-fs (loop0): dirty_blocks=48 [ 111.258206][ T6567] EXT4-fs (loop0): Block reservation details [ 111.310855][ T6567] EXT4-fs (loop0): i_reserved_data_blocks=3 [ 111.688366][ T6592] loop0: detected capacity change from 0 to 256 [ 111.753922][ T6592] FAT-fs (loop0): Directory bread(block 64) failed [ 111.760642][ T6592] FAT-fs (loop0): Directory bread(block 65) failed [ 111.780197][ T6592] FAT-fs (loop0): Directory bread(block 66) failed [ 111.798750][ T6592] FAT-fs (loop0): Directory bread(block 67) failed [ 111.812295][ T6592] FAT-fs (loop0): Directory bread(block 68) failed [ 111.825640][ T6592] FAT-fs (loop0): Directory bread(block 69) failed [ 111.843081][ T6592] FAT-fs (loop0): Directory bread(block 70) failed [ 111.857632][ T6592] FAT-fs (loop0): Directory bread(block 71) failed [ 111.877893][ T6592] FAT-fs (loop0): Directory bread(block 72) failed [ 111.893630][ T6592] FAT-fs (loop0): Directory bread(block 73) failed [ 112.067486][ T6592] syz.0.239: attempt to access beyond end of device [ 112.067486][ T6592] loop0: rw=1, sector=1224, nr_sectors = 4 limit=256 [ 112.606741][ T6611] loop1: detected capacity change from 0 to 512 [ 112.627530][ T6611] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.245: invalid indirect mapped block 256 (level 2) [ 112.647105][ T6611] EXT4-fs (loop1): 2 truncates cleaned up [ 112.671504][ T6611] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.731292][ T6604] loop3: detected capacity change from 0 to 40427 [ 112.761797][ T6604] F2FS-fs (loop3): invalid crc value [ 112.780971][ T5811] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 112.938211][ T6604] F2FS-fs (loop3): Start checkpoint disabled! [ 112.950411][ T6604] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 112.991058][ T5811] usb 1-1: Using ep0 maxpacket: 16 [ 112.998981][ T1102] EXT4-fs error (device loop1): ext4_validate_block_bitmap:430: comm kworker/u4:8: bg 0: block 5: invalid block bitmap [ 113.014554][ T5811] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 113.027408][ T5811] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 113.040934][ T5811] usb 1-1: New USB device found, idVendor=0458, idProduct=501b, bcdDevice= 0.00 [ 113.052997][ T1102] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28 [ 113.065948][ T5811] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.078496][ T1102] EXT4-fs (loop1): This should not happen!! Data will be lost [ 113.078496][ T1102] [ 113.091502][ T5811] usb 1-1: config 0 descriptor?? [ 113.097320][ T1102] EXT4-fs (loop1): Total free blocks count 0 [ 113.108116][ T1102] EXT4-fs (loop1): Free/Dirty block details [ 113.115761][ T1102] EXT4-fs (loop1): free_blocks=0 [ 113.121301][ T1102] EXT4-fs (loop1): dirty_blocks=20 [ 113.126563][ T1102] EXT4-fs (loop1): Block reservation details [ 113.133162][ T1102] EXT4-fs (loop1): i_reserved_data_blocks=20 [ 113.141364][ T1102] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 16 with error 28 [ 113.219841][ T1131] kworker/u4:9: attempt to access beyond end of device [ 113.219841][ T1131] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 113.239131][ T1131] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 113.550331][ T5811] input: HID 0458:501b as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:501B.0003/input/input8 [ 113.693844][ T6629] netlink: 8 bytes leftover after parsing attributes in process `syz.3.248'. [ 113.703222][ T5811] input: HID 0458:501b as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:501B.0003/input/input9 [ 113.746336][ T6629] netlink: 'syz.3.248': attribute type 2 has an invalid length. [ 113.776820][ T6629] netlink: 4 bytes leftover after parsing attributes in process `syz.3.248'. [ 113.793079][ T5811] kye 0003:0458:501B.0003: input,hiddev0,hidraw0: USB HID v7f.fc Device [HID 0458:501b] on usb-dummy_hcd.0-1/input0 [ 113.825894][ T5811] usb 1-1: USB disconnect, device number 4 [ 114.066999][ T6630] fido_id[6630]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 114.286989][ T6640] netlink: 'syz.3.256': attribute type 1 has an invalid length. [ 114.371600][ T6640] 8021q: adding VLAN 0 to HW filter on device bond1 [ 114.380179][ T6639] netlink: 4 bytes leftover after parsing attributes in process `syz.1.255'. [ 114.508381][ T6644] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 114.550990][ T6644] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 114.582536][ T6644] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 114.595323][ T6644] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 114.610744][ T6644] bond1: (slave geneve2): making interface the new active one [ 114.626789][ T6644] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 114.702402][ T6644] syz.3.256 (6644) used greatest stack depth: 19920 bytes left [ 114.914457][ T6661] loop2: detected capacity change from 0 to 256 [ 114.940718][ T6662] loop0: detected capacity change from 0 to 1024 [ 114.950519][ T6661] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 115.004209][ T6661] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 115.053443][ T6661] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 115.418981][ T6673] netlink: 64 bytes leftover after parsing attributes in process `syz.3.269'. [ 115.900903][ T965] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 116.002783][ T6696] loop2: detected capacity change from 0 to 64 [ 116.128800][ T965] usb 1-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 116.170485][ T965] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.181985][ T965] usb 1-1: Product: syz [ 116.186206][ T965] usb 1-1: Manufacturer: syz [ 116.209814][ T965] usb 1-1: SerialNumber: syz [ 116.223856][ T965] usb 1-1: config 0 descriptor?? [ 117.006333][ T6707] loop1: detected capacity change from 0 to 32768 [ 117.028061][ T6707] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.282 (6707) [ 117.077260][ T6707] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 117.111581][ T6707] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 117.132697][ T6707] BTRFS info (device loop1): using free space tree [ 117.188946][ T6725] loop2: detected capacity change from 0 to 2048 [ 117.201265][ T6725] EXT4-fs: Ignoring removed i_version option [ 117.269278][ T6725] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 117.282020][ T6725] ext4 filesystem being mounted at /70/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 117.341383][ T6725] EXT4-fs (loop2): shut down requested (0) [ 117.370108][ T6707] BTRFS info (device loop1): enabling ssd optimizations [ 117.397093][ T6707] BTRFS info (device loop1): auto enabling async discard [ 117.495932][ T965] usb 1-1: f81604_read: reg: 100e failed: -EPROTO [ 117.541227][ T965] usb 1-1: f81604_read: reg: 200f failed: -EPROTO [ 117.561621][ T965] usb 1-1: USB disconnect, device number 5 [ 117.571934][ T5773] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.606974][ T965] usb 1-1: f81604_read: reg: 100f failed: -ENODEV [ 117.734466][ T965] usb 1-1: f81604_read: reg: 200f failed: -ENODEV [ 117.792156][ T5772] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 118.791101][ C0] hrtimer: interrupt took 326444 ns [ 119.256861][ T6768] loop0: detected capacity change from 0 to 32768 [ 119.392615][ T6768] non-latin1 character 0xffff found in JFS file name [ 119.410864][ T6768] mount with iocharset=utf8 to access [ 119.416755][ T6768] jfs_dirty_inode called on read-only volume [ 119.468730][ T6768] Is remount racy? [ 120.767224][ T6787] loop2: detected capacity change from 0 to 32768 [ 120.800356][ T6787] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.306 (6787) [ 120.875696][ T6787] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 120.896908][ T6787] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 120.931036][ T6787] BTRFS info (device loop2): setting nodatacow, compression disabled [ 120.974239][ T6787] BTRFS info (device loop2): turning on flush-on-commit [ 120.984360][ T6787] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_LZO (0x8) [ 121.037465][ T6787] BTRFS info (device loop2): use lzo compression, level 0 [ 121.070688][ T6787] BTRFS info (device loop2): setting nodatasum [ 121.092736][ T6787] BTRFS info (device loop2): use no compression [ 121.115150][ T6787] BTRFS info (device loop2): trying to use backup root at mount time [ 121.138794][ T6787] BTRFS info (device loop2): max_inline at 0 [ 121.153949][ T6787] BTRFS info (device loop2): using free space tree [ 121.200757][ T6813] UBIFS error (pid: 6813): cannot open "./file0", error -22 [ 121.272282][ T1102] BTRFS warning (device loop2): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xcee3a718 level 0 [ 121.317900][ T6787] BTRFS warning (device loop2): couldn't read tree root [ 121.326953][ T6787] BTRFS warning (device loop2): try to load backup roots slot 1 [ 121.336613][ T998] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0xe06dfc66 level 0 [ 121.381440][ T6787] BTRFS warning (device loop2): couldn't read tree root [ 121.420953][ T6787] BTRFS warning (device loop2): try to load backup roots slot 2 [ 121.497635][ T59] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 121.522144][ T6829] netlink: 4 bytes leftover after parsing attributes in process `syz.0.318'. [ 121.547502][ T6787] BTRFS warning (device loop2): couldn't read tree root [ 121.561882][ T6787] BTRFS warning (device loop2): try to load backup roots slot 3 [ 121.671149][ T6787] BTRFS info (device loop2): enabling ssd optimizations [ 121.678254][ T6787] BTRFS info (device loop2): auto enabling async discard [ 121.731179][ T6787] BTRFS info (device loop2): rebuilding free space tree [ 121.912237][ T6787] BTRFS info (device loop2): checking UUID tree [ 122.502468][ T5773] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 124.351288][ T6852] loop3: detected capacity change from 0 to 40427 [ 124.517738][ T6852] F2FS-fs (loop3): invalid crc value [ 124.543407][ T6852] F2FS-fs (loop3): Found nat_bits in checkpoint [ 124.808718][ T6852] F2FS-fs (loop3): Start checkpoint disabled! [ 124.854699][ T6852] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 125.041400][ T6866] loop1: detected capacity change from 0 to 32768 [ 125.096756][ T6866] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 125.113057][ T6852] syz.3.327: attempt to access beyond end of device [ 125.113057][ T6852] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 125.135743][ T6852] syz.3.327: attempt to access beyond end of device [ 125.135743][ T6852] loop3: rw=2049, sector=45104, nr_sectors = 16 limit=40427 [ 125.175622][ T6866] JBD2: Ignoring recovery information on journal [ 125.293983][ T6866] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 125.341964][ T6873] netlink: 8 bytes leftover after parsing attributes in process `syz.2.333'. [ 125.352318][ T6873] netlink: 4 bytes leftover after parsing attributes in process `syz.2.333'. [ 125.379550][ T6873] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 125.390069][ T6873] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 125.400541][ T6873] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 125.410482][ T6873] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 125.512668][ T6873] netlink: 8 bytes leftover after parsing attributes in process `syz.2.333'. [ 125.560994][ T6873] netlink: 4 bytes leftover after parsing attributes in process `syz.2.333'. [ 125.600846][ T27] kauditd_printk_skb: 16 callbacks suppressed [ 125.600860][ T27] audit: type=1800 audit(1778977453.187:32): pid=6866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.332" name="file1" dev="loop1" ino=17058 res=0 errno=0 [ 125.726540][ T1131] kworker/u4:9: attempt to access beyond end of device [ 125.726540][ T1131] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 125.788259][ T1131] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 125.818983][ T1131] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 126.126774][ T6867] loop0: detected capacity change from 0 to 40427 [ 126.207406][ T6867] F2FS-fs (loop0): invalid crc value [ 126.259074][ T6866] syz.1.332 (6866) used greatest stack depth: 19568 bytes left [ 126.276189][ T6867] F2FS-fs (loop0): Found nat_bits in checkpoint [ 126.499324][ T5772] ocfs2: Unmounting device (7,1) on (node local) [ 126.519954][ T6867] F2FS-fs (loop0): Start checkpoint disabled! [ 126.579021][ T6867] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 127.219419][ T998] kworker/u4:6: attempt to access beyond end of device [ 127.219419][ T998] loop0: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 127.275961][ T998] kworker/u4:6: attempt to access beyond end of device [ 127.275961][ T998] loop0: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 127.307873][ T6890] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 127.319016][ T998] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 127.328313][ T6890] syzkaller1: Linktype set failed because interface is up [ 127.335935][ T42] syzkaller1: tun_net_xmit 90 [ 127.345711][ T998] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 127.392382][ T998] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 127.753463][ T6896] loop1: detected capacity change from 0 to 512 [ 127.792653][ T6896] EXT4-fs: Ignoring removed nobh option [ 127.883370][ T6896] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 127.958009][ T6896] EXT4-fs error (device loop1): ext4_orphan_get:1404: inode #15: comm syz.1.336: iget: bad i_size value: 38620345925642 [ 128.011656][ T6896] EXT4-fs error (device loop1): ext4_orphan_get:1409: comm syz.1.336: couldn't read orphan inode 15 (err -117) [ 128.087134][ T6896] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.259724][ T6905] netlink: 'syz.0.339': attribute type 3 has an invalid length. [ 128.340143][ T6896] EXT4-fs error (device loop1): ext4_validate_block_bitmap:430: comm syz.1.336: bg 0: block 5: invalid block bitmap [ 128.485950][ T6909] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 128.591280][ T23] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 128.665294][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.740162][ T6915] loop3: detected capacity change from 0 to 128 [ 128.785665][ T6915] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 128.801909][ T23] usb 3-1: unable to get BOS descriptor or descriptor too short [ 128.811997][ T23] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 128.823392][ T23] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 128.833689][ T23] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 128.852867][ T23] usb 3-1: New USB device found, idVendor=0505, idProduct=a4a1, bcdDevice= 0.40 [ 128.867388][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 128.876965][ T23] usb 3-1: SerialNumber: syz [ 128.881699][ T6915] ext4 filesystem being mounted at /106/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 128.903852][ T23] cdc_ether: probe of 3-1:1.0 failed with error -22 [ 129.090429][ T27] audit: type=1326 audit(1778977456.687:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6917 comm="syz.0.351" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7facf719ce59 code=0x0 [ 129.155113][ T5775] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 129.202455][ T23] usb 3-1: USB disconnect, device number 5 [ 129.589569][ T6925] loop1: detected capacity change from 0 to 8192 [ 132.691106][ T42] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 132.729955][ T6978] loop1: detected capacity change from 0 to 2048 [ 132.785674][ T6978] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 132.925938][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.933183][ T42] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.950937][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.990235][ T42] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 133.012967][ T42] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 133.059257][ T42] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 133.092270][ T42] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.142917][ T42] usb 1-1: config 0 descriptor?? [ 133.614748][ T42] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 133.642253][ T42] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 133.856152][ T6986] loop1: detected capacity change from 0 to 40427 [ 133.895897][ T6986] F2FS-fs (loop1): invalid crc value [ 133.926788][ T6986] F2FS-fs (loop1): Found nat_bits in checkpoint [ 134.076434][ T6986] F2FS-fs (loop1): Start checkpoint disabled! [ 134.088531][ T42] usb 1-1: USB disconnect, device number 6 [ 134.151096][ T6986] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 134.371562][ T6992] loop2: detected capacity change from 0 to 8192 [ 134.419757][ T6992] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 134.461994][ T6992] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 134.471678][ T6992] REISERFS (device loop2): using ordered data mode [ 134.479115][ T6992] reiserfs: using flush barriers [ 134.580892][ T6992] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 134.609534][ T1102] kworker/u4:8: attempt to access beyond end of device [ 134.609534][ T1102] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 134.624391][ T6992] REISERFS (device loop2): checking transaction log (loop2) [ 134.651041][ T6992] REISERFS (device loop2): Using r5 hash to sort names [ 134.658401][ T6992] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 134.674731][ T1102] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 134.702890][ T1102] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 134.870857][ T965] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 135.095047][ T965] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 135.116374][ T965] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 135.152068][ T7005] netlink: 24 bytes leftover after parsing attributes in process `syz.0.385'. [ 135.175472][ T965] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 135.235517][ T965] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 135.273104][ T965] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.322010][ T965] usb 4-1: config 0 descriptor?? [ 135.971111][ T5811] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 135.980876][ T7011] loop0: detected capacity change from 0 to 32768 [ 135.992395][ T965] plantronics 0003:047F:FFFF.0005: unknown main item tag 0xd [ 136.003000][ T965] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 136.033069][ T965] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 136.060295][ T7011] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 136.079564][ T7011] JBD2: Ignoring recovery information on journal [ 136.147985][ T965] usb 4-1: USB disconnect, device number 2 [ 136.163835][ T7011] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 136.244340][ T5811] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 136.296150][ T27] audit: type=1800 audit(1778977463.897:34): pid=7011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.387" name="file1" dev="loop0" ino=17058 res=0 errno=0 [ 136.307886][ T5811] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 136.430304][ T5811] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 136.471430][ T5811] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.544262][ T7016] loop2: detected capacity change from 0 to 8192 [ 136.555968][ T7018] fido_id[7018]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 136.587687][ T7016] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 136.672468][ T7016] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 136.683956][ T7016] REISERFS (device loop2): using ordered data mode [ 136.691761][ T7016] reiserfs: using flush barriers [ 136.707885][ T7016] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 136.764764][ T7016] REISERFS (device loop2): checking transaction log (loop2) [ 136.786690][ T5811] usb 2-1: usb_control_msg returned -32 [ 136.796395][ T5811] usbtmc 2-1:16.0: can't read capabilities [ 137.001523][ T5774] ocfs2: Unmounting device (7,0) on (node local) [ 137.199389][ T7016] REISERFS (device loop2): Using tea hash to sort names [ 137.221291][ T7016] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 137.259352][ T992] Bluetooth: hci4: Frame reassembly failed (-90) [ 137.290535][ T7021] Bluetooth: hci4: Frame reassembly failed (-84) [ 137.757368][ T7027] loop2: detected capacity change from 0 to 256 [ 137.805126][ T7027] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d) [ 137.886651][ T27] audit: type=1800 audit(1778977465.487:35): pid=7027 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.392" name="file1" dev="loop2" ino=1048612 res=0 errno=0 [ 138.464296][ T7036] Driver unsupported XDP return value 0 on prog (id 33) dev N/A, expect packet loss! [ 138.738232][ T42] usb 2-1: USB disconnect, device number 5 [ 139.102871][ T7043] loop1: detected capacity change from 0 to 1024 [ 139.177585][ T7043] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 139.267800][ T7043] ext4 filesystem being mounted at /86/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 139.316562][ T5781] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 139.324367][ T5084] Bluetooth: hci4: command 0x1003 tx timeout [ 139.428403][ T7043] EXT4-fs error (device loop1): ext4_map_blocks:720: inode #15: block 3: comm syz.1.399: lblock 3 mapped to illegal pblock 3 (length 3) [ 139.484956][ T7043] EXT4-fs (loop1): Remounting filesystem read-only [ 139.593699][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 140.111052][ T5762] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 140.311356][ T5762] usb 3-1: Using ep0 maxpacket: 16 [ 140.322802][ T5762] usb 3-1: unable to get BOS descriptor or descriptor too short [ 140.343666][ T5762] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 140.382199][ T5762] usb 3-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40 [ 140.404385][ T5762] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.430984][ T5762] usb 3-1: Product: syz [ 140.436017][ T5762] usb 3-1: Manufacturer: syz [ 140.457184][ T5762] usb 3-1: SerialNumber: syz [ 140.764364][ T5762] snd-ua101 3-1:1.0: invalid num_altsetting [ 140.879337][ T5762] usb 3-1: USB disconnect, device number 6 [ 141.211004][ T965] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 141.420904][ T965] usb 2-1: Using ep0 maxpacket: 8 [ 141.451136][ T965] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 12 [ 141.498471][ T965] usb 2-1: New USB device found, idVendor=045e, idProduct=00f9, bcdDevice= 0.00 [ 141.566164][ T965] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.607883][ T965] usb 2-1: config 0 descriptor?? [ 142.175875][ T965] microsoft 0003:045E:00F9.0006: unexpected long global item [ 142.214731][ T965] microsoft 0003:045E:00F9.0006: parse failed [ 142.235782][ T965] microsoft: probe of 0003:045E:00F9.0006 failed with error -22 [ 142.262119][ T7087] netlink: 24 bytes leftover after parsing attributes in process `syz.2.415'. [ 142.468106][ T23] usb 2-1: USB disconnect, device number 6 [ 142.579918][ T7094] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 143.226811][ T7104] loop2: detected capacity change from 0 to 128 [ 143.413726][ T5763] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 143.459387][ T7104] loop2: detected capacity change from 0 to 256 [ 143.479109][ T5763] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 144.240985][ T27] audit: type=1326 audit(1778977471.837:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7112 comm="syz.1.425" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5ede59ce59 code=0x0 [ 144.468234][ T7096] loop3: detected capacity change from 0 to 40427 [ 144.501756][ T7096] F2FS-fs (loop3): Wrong segment_count / block_count (64 > 16384) [ 144.541252][ T7096] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 144.641977][ T7096] F2FS-fs (loop3): Found nat_bits in checkpoint [ 144.944215][ T7096] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 144.975106][ T7096] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 145.252329][ T7096] syz.3.418: attempt to access beyond end of device [ 145.252329][ T7096] loop3: rw=2049, sector=77824, nr_sectors = 136 limit=40427 [ 145.532597][ T5775] syz-executor: attempt to access beyond end of device [ 145.532597][ T5775] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 145.583185][ T5775] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 148.706203][ T7174] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check. [ 148.790919][ T42] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 148.901068][ T5762] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 148.981080][ T42] usb 4-1: Using ep0 maxpacket: 16 [ 148.988510][ T42] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 149.004391][ T42] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 149.042978][ T42] usb 4-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00 [ 149.075974][ T42] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.097676][ T5762] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 149.114224][ T42] usb 4-1: config 0 descriptor?? [ 149.140871][ T5762] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 149.194042][ T5762] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 149.211518][ T5762] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 149.240846][ T5762] usb 2-1: SerialNumber: syz [ 149.327330][ T7186] netlink: 51 bytes leftover after parsing attributes in process `syz.2.454'. [ 149.537593][ T5762] usb 2-1: 0:2 : does not exist [ 149.560259][ T42] apple 0003:05AC:024B.0007: unknown global tag 0xe [ 149.581428][ T42] apple 0003:05AC:024B.0007: item 0 1 1 14 parsing failed [ 149.598270][ T42] apple 0003:05AC:024B.0007: parse failed [ 149.619324][ T42] apple: probe of 0003:05AC:024B.0007 failed with error -22 [ 149.667441][ T5762] usb 2-1: USB disconnect, device number 7 [ 149.780159][ T5763] udevd[5763]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 149.857016][ T965] usb 4-1: USB disconnect, device number 3 [ 150.131433][ T7188] loop2: detected capacity change from 0 to 32768 [ 150.200999][ T7188] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 150.391491][ T7188] (syz.2.455,7188,1):ocfs2_remount:623 ERROR: Cannot change heartbeat mode on remount [ 150.482213][ T7188] syz.2.455 (7188) used greatest stack depth: 18768 bytes left [ 150.637546][ T5773] ocfs2: Unmounting device (7,2) on (node local) [ 150.770229][ T7194] loop3: detected capacity change from 0 to 8192 [ 150.800150][ T7194] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 150.851896][ T7194] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 150.933203][ T7194] REISERFS (device loop3): using ordered data mode [ 150.940789][ T7194] reiserfs: using flush barriers [ 151.049555][ T7194] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 151.126873][ T7194] REISERFS (device loop3): checking transaction log (loop3) [ 151.302728][ T7204] loop1: detected capacity change from 0 to 1024 [ 151.492969][ T7194] REISERFS (device loop3): Using tea hash to sort names [ 151.545169][ T7194] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 152.467942][ T7229] loop2: detected capacity change from 0 to 1024 [ 152.491957][ T7229] EXT4-fs: Ignoring removed nomblk_io_submit option [ 152.605579][ T7229] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 152.750453][ T7236] loop3: detected capacity change from 0 to 512 [ 152.830720][ T7236] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2853: Unable to expand inode 17. Delete some EAs or run e2fsck. [ 152.884148][ T7236] EXT4-fs (loop3): 1 truncate cleaned up [ 152.931369][ T7236] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 153.035998][ T5773] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.200289][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.589820][ T7221] loop1: detected capacity change from 0 to 40427 [ 153.692754][ T7221] F2FS-fs (loop1): Invalid SB checksum offset: 0 [ 153.732906][ T7221] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 153.790499][ T7221] F2FS-fs (loop1): invalid crc value [ 154.266296][ T7221] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 154.296352][ T7221] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 154.537007][ T5772] syz-executor: attempt to access beyond end of device [ 154.537007][ T5772] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 154.576663][ T5772] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 155.339940][ T7261] loop3: detected capacity change from 0 to 1024 [ 155.393269][ T7261] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 155.436596][ T7261] ext4 filesystem being mounted at /134/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 155.643696][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 156.663843][ T7277] loop1: detected capacity change from 0 to 4096 [ 156.681970][ T7277] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 157.000958][ T7277] ntfs3: loop1: Failed to initialize $Extend/$Reparse. [ 157.251345][ T7282] loop2: detected capacity change from 0 to 2048 [ 157.391277][ T7282] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 157.674202][ T5773] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.252840][ T7307] loop2: detected capacity change from 0 to 4096 [ 158.388220][ T7307] ntfs3: loop2: ino=21, "file1" mmap(write) compressed not supported [ 158.480936][ T42] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 158.695757][ T42] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 158.726937][ T42] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.780026][ T42] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 158.812364][ T42] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 158.871059][ T42] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 158.912758][ T42] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 158.948088][ T42] usb 2-1: Manufacturer: syz [ 158.978191][ T42] usb 2-1: config 0 descriptor?? [ 159.038580][ T7320] netlink: 'syz.3.501': attribute type 10 has an invalid length. [ 159.085091][ T7320] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.181899][ T7320] bond0: (slave team0): Enslaving as an active interface with an up link [ 159.453557][ T42] appleir 0003:05AC:8243.0008: unknown main item tag 0x0 [ 159.486432][ T42] appleir 0003:05AC:8243.0008: No inputs registered, leaving [ 159.514291][ T42] appleir 0003:05AC:8243.0008: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 159.530638][ T7324] netlink: 8 bytes leftover after parsing attributes in process `syz.2.503'. [ 159.833052][ T9] usb 2-1: USB disconnect, device number 8 [ 159.939127][ T2136] IPVS: starting estimator thread 0... [ 160.051010][ T7330] IPVS: using max 19 ests per chain, 45600 per kthread [ 160.291938][ T7336] loop3: detected capacity change from 0 to 16 [ 160.378920][ T7336] erofs: (device loop3): mounted with root inode @ nid 36. [ 160.542348][ T7340] overlayfs: failed to resolve './file0': -2 [ 160.925707][ T7349] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3791074031 (60657184496 ns) > initial count (12408274608 ns). Using initial count to start timer. [ 161.285278][ T7360] netlink: 'syz.0.518': attribute type 11 has an invalid length. [ 161.371373][ T7364] loop8: detected capacity change from 0 to 128 [ 161.663767][ T7371] overlayfs: failed to clone upperpath [ 162.614498][ T7388] loop2: detected capacity change from 0 to 128 [ 162.681777][ T7388] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 162.742916][ T7388] ext4 filesystem being mounted at /146/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 162.957588][ T5773] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 163.550369][ T7406] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 163.706012][ T7406] bond0: (slave lo): Enslaving as an active interface with an up link [ 163.801546][ T7410] loop3: detected capacity change from 0 to 512 [ 163.813884][ T7406] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 163.847872][ T7410] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 163.954541][ T7410] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 164.114230][ T7410] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0082] [ 164.126502][ T7410] System zones: 1-12 [ 164.163998][ T7410] EXT4-fs (loop3): 1 truncate cleaned up [ 164.177761][ T7410] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 164.585051][ T7416] 9pnet: p9_errstr2errno: server reported unknown error _vlan [ 164.711862][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 164.911067][ T5781] Bluetooth: hci4: command 0x1003 tx timeout [ 164.919375][ T5084] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 165.108294][ T7423] loop3: detected capacity change from 0 to 4096 [ 165.166873][ T7423] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 165.299650][ T7423] ntfs3: loop3: Failed to initialize $Extend/$Reparse. [ 166.070935][ T5762] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 166.191813][ T27] audit: type=1326 audit(1778977493.787:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7438 comm="syz.2.552" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2cb259ce59 code=0x0 [ 166.294612][ T5762] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 166.317743][ T5762] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 166.351038][ T5762] usb 2-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 166.381123][ T5762] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.408287][ T5762] usb 2-1: config 0 descriptor?? [ 167.323860][ T5762] usbhid 2-1:0.0: can't add hid device: -71 [ 167.330865][ T5762] usbhid: probe of 2-1:0.0 failed with error -71 [ 167.374259][ T5762] usb 2-1: USB disconnect, device number 9 [ 168.237221][ T7476] loop3: detected capacity change from 0 to 512 [ 168.299794][ T7476] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.567: invalid indirect mapped block 4294967295 (level 1) [ 168.346564][ T7476] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.567: invalid indirect mapped block 4294967295 (level 1) [ 168.367932][ T7476] EXT4-fs (loop3): 2 truncates cleaned up [ 168.378194][ T7476] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 168.419211][ T7476] EXT4-fs error (device loop3): ext4_inlinedir_to_tree:1430: inode #12: block 7: comm syz.3.567: path /157/file0/file0: bad entry in directory: rec_len % 4 != 0 - offset=259, inode=4278190093, rec_len=255, size=60 fake=0 [ 168.514993][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.583885][ T7483] netlink: 'syz.1.577': attribute type 1 has an invalid length. [ 168.708276][ T27] audit: type=1326 audit(1778977496.307:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7484 comm="syz.3.569" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f60c539ce59 code=0x0 [ 169.585754][ T7500] netlink: 4 bytes leftover after parsing attributes in process `syz.2.574'. [ 171.166923][ T7520] loop3: detected capacity change from 0 to 32768 [ 171.197558][ T7520] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 171.232536][ T7520] JBD2: Ignoring recovery information on journal [ 171.517987][ T7520] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 171.809996][ T7538] loop2: detected capacity change from 0 to 128 [ 171.874745][ T7538] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 171.947656][ T7538] ext4 filesystem being mounted at /161/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 172.197052][ T5773] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 172.227356][ T5775] ocfs2: Unmounting device (7,3) on (node local) [ 172.451573][ T7542] input: syz1 as /devices/virtual/input/input11 [ 172.687352][ T7546] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 172.724481][ T7546] netlink: 'syz.0.594': attribute type 12 has an invalid length. [ 172.742919][ T7546] netlink: 'syz.0.594': attribute type 29 has an invalid length. [ 172.770930][ T7546] netlink: 148 bytes leftover after parsing attributes in process `syz.0.594'. [ 172.793151][ T7546] netlink: 'syz.0.594': attribute type 2 has an invalid length. [ 172.817393][ T7546] netlink: 'syz.0.594': attribute type 3 has an invalid length. [ 172.832056][ T7536] loop1: detected capacity change from 0 to 32768 [ 172.838677][ T7546] netlink: 15 bytes leftover after parsing attributes in process `syz.0.594'. [ 172.912703][ T7536] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 173.085429][ T7536] XFS (loop1): Ending clean mount [ 173.103786][ T7536] XFS (loop1): Quotacheck needed: Please wait. [ 173.263945][ T7536] XFS (loop1): Quotacheck: Done. [ 173.612346][ T5772] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 174.371043][ T7581] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 175.811891][ T7613] loop2: detected capacity change from 0 to 1024 [ 175.891929][ T7613] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a802e018, mo2=0002] [ 175.933988][ T7613] System zones: 0-1, 3-8 [ 175.980032][ T7613] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 176.041008][ T7613] ext4 filesystem being mounted at /171/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 176.138316][ T27] audit: type=1800 audit(1778977503.737:39): pid=7613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.619" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 176.173856][ T7613] EXT4-fs error (device loop2): ext4_map_blocks:720: inode #15: comm syz.2.619: lblock 0 mapped to illegal pblock 0 (length 1) [ 176.208083][ T7613] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 176.227573][ T7613] EXT4-fs (loop2): This should not happen!! Data will be lost [ 176.227573][ T7613] [ 176.252766][ T7625] overlayfs: failed to clone upperpath [ 176.271885][ T27] audit: type=1804 audit(1778977503.867:40): pid=7613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.619" name="/newroot/171/file1/file1" dev="loop2" ino=15 res=1 errno=0 [ 176.323429][ T27] audit: type=1800 audit(1778977503.877:41): pid=7613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.619" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 176.390930][ T5778] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 176.406279][ T5773] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 176.581548][ T5778] usb 4-1: Using ep0 maxpacket: 16 [ 176.597237][ T5778] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 176.628658][ T5778] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 176.648889][ T5778] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 176.683193][ T5778] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 176.715664][ T5778] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.760569][ T5778] usb 4-1: config 0 descriptor?? [ 176.776612][ T7635] netlink: 'syz.0.628': attribute type 4 has an invalid length. [ 176.861620][ T7636] netlink: 'syz.0.628': attribute type 4 has an invalid length. [ 176.900067][ T7639] loop1: detected capacity change from 0 to 1024 [ 176.992666][ T27] audit: type=1800 audit(1778977504.587:42): pid=7639 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.630" name="file1" dev="loop1" ino=20 res=0 errno=0 [ 177.041947][ T7637] syz.1.630: attempt to access beyond end of device [ 177.041947][ T7637] loop1: rw=0, sector=5778, nr_sectors = 2 limit=1024 [ 177.062465][ T7637] Buffer I/O error on dev loop1, logical block 2889, async page read [ 177.076688][ T7637] syz.1.630: attempt to access beyond end of device [ 177.076688][ T7637] loop1: rw=0, sector=393216, nr_sectors = 2 limit=1024 [ 177.120887][ T7637] Buffer I/O error on dev loop1, logical block 196608, async page read [ 177.160687][ T7637] syz.1.630: attempt to access beyond end of device [ 177.160687][ T7637] loop1: rw=0, sector=393218, nr_sectors = 2 limit=1024 [ 177.217831][ T7637] Buffer I/O error on dev loop1, logical block 196609, async page read [ 177.231060][ T7637] syz.1.630: attempt to access beyond end of device [ 177.231060][ T7637] loop1: rw=0, sector=393220, nr_sectors = 2 limit=1024 [ 177.256743][ T5778] HID 045e:07da: Invalid code 65791 type 1 [ 177.290334][ T5778] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0009/input/input12 [ 177.327797][ T7637] Buffer I/O error on dev loop1, logical block 196610, async page read [ 177.353677][ T7637] syz.1.630: attempt to access beyond end of device [ 177.353677][ T7637] loop1: rw=0, sector=393222, nr_sectors = 2 limit=1024 [ 177.369083][ T7637] Buffer I/O error on dev loop1, logical block 196611, async page read [ 177.379281][ T7637] syz.1.630: attempt to access beyond end of device [ 177.379281][ T7637] loop1: rw=0, sector=393224, nr_sectors = 2 limit=1024 [ 177.393279][ T5778] microsoft 0003:045E:07DA.0009: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 177.432356][ T7637] Buffer I/O error on dev loop1, logical block 196612, async page read [ 177.442296][ T7637] syz.1.630: attempt to access beyond end of device [ 177.442296][ T7637] loop1: rw=0, sector=393226, nr_sectors = 2 limit=1024 [ 177.458037][ T7637] Buffer I/O error on dev loop1, logical block 196613, async page read [ 177.468143][ T7637] syz.1.630: attempt to access beyond end of device [ 177.468143][ T7637] loop1: rw=0, sector=393228, nr_sectors = 2 limit=1024 [ 177.507107][ T7637] Buffer I/O error on dev loop1, logical block 196614, async page read [ 177.547774][ T7637] syz.1.630: attempt to access beyond end of device [ 177.547774][ T7637] loop1: rw=0, sector=393230, nr_sectors = 2 limit=1024 [ 177.616812][ T7637] Buffer I/O error on dev loop1, logical block 196615, async page read [ 177.632510][ T5778] usb 4-1: USB disconnect, device number 4 [ 177.665642][ T7637] syz.1.630: attempt to access beyond end of device [ 177.665642][ T7637] loop1: rw=0, sector=393232, nr_sectors = 2 limit=1024 [ 177.730926][ T7637] Buffer I/O error on dev loop1, logical block 196616, async page read [ 177.739603][ T7646] fido_id[7646]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 178.056785][ T7656] loop1: detected capacity change from 0 to 2048 [ 178.071343][ T7656] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 178.086925][ T7656] NILFS (loop1): mounting unchecked fs [ 178.141080][ T7656] NILFS (loop1): recovery complete [ 178.186114][ T7658] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 178.633892][ T7666] netlink: 14 bytes leftover after parsing attributes in process `syz.2.641'. [ 178.652478][ T2136] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 178.841037][ T2136] usb 4-1: Using ep0 maxpacket: 32 [ 178.858003][ T2136] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 178.871060][ T2136] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 178.882524][ T2136] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 178.893492][ T2136] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.907489][ T2136] usb 4-1: config 0 descriptor?? [ 178.929483][ T2136] hub 4-1:0.0: USB hub found [ 179.150574][ T2136] hub 4-1:0.0: 1 port detected [ 179.158055][ T7680] loop8: detected capacity change from 0 to 7 [ 179.167642][ T7680] Dev loop8: unable to read RDB block 7 [ 179.175423][ T7680] loop8: AHDI p1 p2 [ 179.179474][ T7680] loop8: partition table partially beyond EOD, truncated [ 179.189780][ T7680] loop8: p1 start 16777215 is beyond EOD, truncated [ 179.820102][ T2136] hub 4-1:0.0: activate --> -90 [ 180.230997][ T965] usb 4-1: USB disconnect, device number 5 [ 180.481738][ T2136] usb 4-1-port1: config error [ 180.532991][ T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 180.721063][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 180.738649][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 180.758388][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 180.787941][ T9] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 180.805701][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.840992][ T9] usb 2-1: config 0 descriptor?? [ 180.874811][ T9] hub 2-1:0.0: USB hub found [ 181.083193][ T9] hub 2-1:0.0: config failed, can't read hub descriptor (err -22) [ 181.333317][ T9] hid-generic 0003:046D:C31C.000A: item fetching failed at offset 0/1 [ 181.359686][ T9] hid-generic: probe of 0003:046D:C31C.000A failed with error -22 [ 181.632377][ T27] audit: type=1326 audit(1778977509.237:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7725 comm="syz.0.667" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7facf719ce59 code=0x0 [ 181.671553][ T9] usb 2-1: USB disconnect, device number 10 [ 182.395735][ T7731] loop2: detected capacity change from 0 to 32768 [ 182.442893][ T7731] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 182.524041][ T7731] JBD2: Ignoring recovery information on journal [ 182.727172][ T7731] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 182.867102][ T7751] overlayfs: failed to resolve './file0': -2 [ 183.300450][ T5773] ocfs2: Unmounting device (7,2) on (node local) [ 184.153194][ T7776] af_packet: tpacket_rcv: packet too big, clamped from 4324 to 3952. macoff=96 [ 184.303809][ T7779] overlayfs: failed to resolve './file0': -2 [ 184.374015][ T7780] loop3: detected capacity change from 0 to 4096 [ 184.572477][ T42] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 184.781981][ T42] usb 2-1: Using ep0 maxpacket: 16 [ 184.805121][ T42] usb 2-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 184.828048][ T42] usb 2-1: New USB device strings: Mfr=1, Product=6, SerialNumber=3 [ 184.860811][ T42] usb 2-1: Product: syz [ 184.874802][ T42] usb 2-1: Manufacturer: syz [ 184.889832][ T42] usb 2-1: SerialNumber: syz [ 184.900943][ T42] usb 2-1: config 0 descriptor?? [ 184.916996][ T42] ums-onetouch 2-1:0.0: USB Mass Storage device detected [ 185.117806][ T965] usb 2-1: USB disconnect, device number 11 [ 185.366038][ T7787] loop3: detected capacity change from 0 to 32768 [ 185.379128][ T7787] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 scanned by syz.3.692 (7787) [ 185.401355][ T7787] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 185.415668][ T7787] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 185.427007][ T7787] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 185.438234][ T7787] BTRFS info (device loop3): use zstd compression, level 3 [ 185.446607][ T7787] BTRFS info (device loop3): using free space tree [ 185.483606][ T7787] BTRFS info (device loop3): enabling ssd optimizations [ 185.490661][ T7787] BTRFS info (device loop3): auto enabling async discard [ 185.791067][ T5781] Bluetooth: hci4: command 0x1003 tx timeout [ 185.799185][ T5084] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 186.066156][ T5775] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 186.710846][ T7832] netlink: 'syz.2.704': attribute type 20 has an invalid length. [ 186.733539][ T7832] netlink: 4 bytes leftover after parsing attributes in process `syz.2.704'. [ 186.817562][ T7834] netlink: 20 bytes leftover after parsing attributes in process `syz.3.697'. [ 186.829138][ T7832] netlink: 'syz.2.704': attribute type 20 has an invalid length. [ 186.844296][ T7832] netlink: 4 bytes leftover after parsing attributes in process `syz.2.704'. [ 186.872749][ T7834] netlink: 20 bytes leftover after parsing attributes in process `syz.3.697'. [ 187.216047][ T7838] loop3: detected capacity change from 0 to 4096 [ 187.237246][ T7838] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512). [ 189.210949][ T27] audit: type=1800 audit(1778977516.797:44): pid=7838 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.706" name="file1" dev="loop3" ino=30 res=0 errno=0 [ 189.267985][ T7838] ntfs3: loop3: ino=1e, "file1" ntfs3_write_inode failed, -22. [ 189.331185][ T27] audit: type=1800 audit(1778977516.927:45): pid=7843 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.706" name="file1" dev="loop3" ino=30 res=0 errno=0 [ 191.201523][ T7859] loop3: detected capacity change from 0 to 1024 [ 191.273256][ T7859] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a802e018, mo2=0002] [ 191.301081][ T7859] System zones: 0-1, 3-8 [ 191.319447][ T7859] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 191.363129][ T7859] ext4 filesystem being mounted at /188/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 191.493368][ T7859] EXT4-fs error (device loop3): ext4_map_blocks:720: inode #15: comm syz.3.713: lblock 0 mapped to illegal pblock 0 (length 1) [ 191.537516][ T27] audit: type=1800 audit(1778977519.077:46): pid=7859 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.713" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 191.572613][ T7859] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 191.641244][ T7859] EXT4-fs (loop3): This should not happen!! Data will be lost [ 191.641244][ T7859] [ 191.682310][ T27] audit: type=1804 audit(1778977519.287:47): pid=7864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.713" name="/newroot/188/file1/file1" dev="loop3" ino=15 res=1 errno=0 [ 191.784920][ T7868] loop2: detected capacity change from 0 to 1024 [ 191.798217][ T27] audit: type=1800 audit(1778977519.287:48): pid=7864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.713" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 191.835044][ T7868] EXT4-fs: Ignoring removed bh option [ 191.857353][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 191.916819][ T7868] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 191.984148][ T7868] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 192.247853][ T7868] EXT4-fs error (device loop2): ext4_find_dest_de:2115: inode #12: block 7: comm syz.2.714: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=56 fake=0 [ 192.315135][ T7868] EXT4-fs (loop2): Remounting filesystem read-only [ 192.333940][ T7868] overlayfs: cleanup of 'index/#f' failed (-5) [ 192.904109][ T7855] loop1: detected capacity change from 0 to 131072 [ 192.915081][ T7855] F2FS-fs (loop1): Invalid log sectorsize (67108873) [ 192.923034][ T7855] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 192.939470][ T7855] F2FS-fs (loop1): invalid crc value [ 192.963554][ T7855] F2FS-fs (loop1): Found nat_bits in checkpoint [ 193.089914][ T7855] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 193.098236][ T7855] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 193.493165][ T5773] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.535666][ T5778] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 193.733993][ T1082] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 193.765047][ T1082] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.802731][ T5778] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 193.845431][ T5778] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 193.887088][ T5778] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 193.941954][ T5778] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 193.974658][ T5778] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.990163][ T1082] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 194.022747][ T5778] usb 4-1: config 0 descriptor?? [ 194.029253][ T1082] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.234011][ T1082] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 194.266911][ T1082] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.358992][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.365505][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.447304][ T1082] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 194.482531][ T5778] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 194.509390][ T1082] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.545562][ T5778] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 195.633048][ T7908] loop1: detected capacity change from 0 to 1024 [ 195.691935][ T7908] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a802e018, mo2=0002] [ 195.703163][ T5781] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 195.716049][ T5781] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 195.730492][ T5781] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 195.745340][ T7908] System zones: 0-1, 3-8 [ 195.758515][ T5781] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 195.770414][ T7908] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 195.784524][ T5781] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 195.795244][ T5781] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 195.802529][ T7908] ext4 filesystem being mounted at /157/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 195.895416][ T5084] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 195.903270][ T5084] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 195.910936][ T5084] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 195.937059][ T27] audit: type=1800 audit(1778977523.537:49): pid=7908 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.727" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 195.957980][ T5084] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 195.966400][ T5762] usb 4-1: USB disconnect, device number 6 [ 195.992492][ T5084] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 196.012635][ T5084] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 196.021752][ T7908] EXT4-fs error (device loop1): ext4_map_blocks:720: inode #15: comm syz.1.727: lblock 0 mapped to illegal pblock 0 (length 1) [ 196.083616][ T7908] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 196.118953][ T7908] EXT4-fs (loop1): This should not happen!! Data will be lost [ 196.118953][ T7908] [ 196.202047][ T27] audit: type=1804 audit(1778977523.797:50): pid=7922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.727" name="/newroot/157/file1/file1" dev="loop1" ino=15 res=1 errno=0 [ 196.278613][ T27] audit: type=1800 audit(1778977523.797:51): pid=7922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.727" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 196.378984][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 196.678182][ T7927] loop1: detected capacity change from 0 to 512 [ 196.780876][ T7927] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 196.882230][ T7927] EXT4-fs (loop1): 1 truncate cleaned up [ 196.900128][ T7927] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 197.115156][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.138017][ T7935] ipvlan2: entered promiscuous mode [ 197.178406][ T7935] team0: Device ipvlan2 failed to register rx_handler [ 197.485627][ T992] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x1 [ 197.963571][ T7911] chnl_net:caif_netlink_parms(): no params data found [ 198.191319][ T5084] Bluetooth: hci2: command tx timeout [ 198.226734][ T1082] hsr_slave_0: left promiscuous mode [ 198.235911][ T1082] hsr_slave_1: left promiscuous mode [ 198.251054][ T1082] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 198.259903][ T1082] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 198.272198][ T1082] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 198.281266][ T1082] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 198.290490][ T1082] bridge_slave_1: left allmulticast mode [ 198.291400][ T7964] loop1: detected capacity change from 0 to 256 [ 198.299860][ T1082] bridge_slave_1: left promiscuous mode [ 198.312433][ T1082] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.337362][ T7964] exfat: Deprecated parameter 'namecase' [ 198.343567][ T1082] bridge_slave_0: left allmulticast mode [ 198.350327][ T1082] bridge_slave_0: left promiscuous mode [ 198.362516][ T7964] exfat: Deprecated parameter 'namecase' [ 198.382124][ T1082] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.436369][ T7964] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011e8b, chksum : 0xf0cee8ef, utbl_chksum : 0xe619d30d) [ 198.473999][ T1082] veth1_macvtap: left promiscuous mode [ 198.480337][ T1082] veth0_macvtap: left promiscuous mode [ 198.486241][ T1082] veth1_vlan: left promiscuous mode [ 198.492080][ T1082] veth0_vlan: left promiscuous mode [ 198.842993][ T7966] "syz.0.747" (7966) uses obsolete ecb(arc4) skcipher [ 198.852098][ T7966] trusted_key: syz.0.747 sent an empty control message without MSG_MORE. [ 199.055526][ T7970] loop3: detected capacity change from 0 to 512 [ 199.072997][ T7970] EXT4-fs: Ignoring removed oldalloc option [ 199.116835][ T7970] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 199.150727][ T7970] EXT4-fs error (device loop3): ext4_iget_extra_inode:4739: inode #11: comm syz.3.749: corrupted in-inode xattr: invalid ea_ino [ 199.216048][ T7970] EXT4-fs error (device loop3): ext4_orphan_get:1409: comm syz.3.749: couldn't read orphan inode 11 (err -117) [ 199.261966][ T7970] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 199.398690][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.704851][ T1082] team0 (unregistering): Port device team_slave_1 removed [ 199.770384][ T1082] team0 (unregistering): Port device team_slave_0 removed [ 199.859585][ T1082] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 199.918533][ T1082] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 200.271043][ T5084] Bluetooth: hci2: command tx timeout [ 200.390636][ T1082] bond0 (unregistering): Released all slaves [ 200.653063][ T7911] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.660269][ T7911] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.673462][ T7911] bridge_slave_0: entered allmulticast mode [ 200.686969][ T7911] bridge_slave_0: entered promiscuous mode [ 200.726272][ T7911] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.741501][ T7911] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.749955][ T7911] bridge_slave_1: entered allmulticast mode [ 200.766221][ T7911] bridge_slave_1: entered promiscuous mode [ 200.908966][ T7911] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 200.935259][ T7911] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 201.032539][ T7911] team0: Port device team_slave_0 added [ 201.080087][ T7911] team0: Port device team_slave_1 added [ 201.140191][ T7911] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 201.147383][ T7911] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.190802][ T7911] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 201.299385][ T1142] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.335842][ T7911] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 201.354093][ T7911] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.435552][ T7911] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 201.535328][ T1142] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.687777][ T1142] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.799075][ T1142] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.834955][ T7911] hsr_slave_0: entered promiscuous mode [ 201.845392][ T7911] hsr_slave_1: entered promiscuous mode [ 202.018069][ T5781] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 202.051357][ T5781] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 202.059881][ T5781] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 202.064030][ T8024] overlayfs: failed to clone upperpath [ 202.079629][ T5781] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 202.096597][ T5781] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 202.104795][ T5781] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 202.123191][ T8024] overlayfs: failed to clone upperpath [ 202.350847][ T5084] Bluetooth: hci2: command tx timeout [ 202.935061][ T7911] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 202.946528][ T7911] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 202.966213][ T7911] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 203.116723][ T7911] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 203.567103][ T8025] chnl_net:caif_netlink_parms(): no params data found [ 203.839025][ T7911] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.010583][ T8025] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.042205][ T8025] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.064146][ T8025] bridge_slave_0: entered allmulticast mode [ 204.086458][ T8025] bridge_slave_0: entered promiscuous mode [ 204.119153][ T7911] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.170598][ T8025] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.178221][ T8025] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.185684][ T8025] bridge_slave_1: entered allmulticast mode [ 204.192299][ T5084] Bluetooth: hci3: command tx timeout [ 204.203165][ T8025] bridge_slave_1: entered promiscuous mode [ 204.218104][ T1131] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.225310][ T1131] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.233746][ T8089] overlayfs: failed to resolve './file0': -2 [ 204.327659][ T1082] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.334854][ T1082] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.431608][ T5084] Bluetooth: hci2: command tx timeout [ 204.517862][ T8025] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 204.588285][ T1142] hsr_slave_0: left promiscuous mode [ 204.665907][ T1142] hsr_slave_1: left promiscuous mode [ 204.700984][ T1142] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 204.714658][ T1142] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 204.752716][ T1142] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 204.767142][ T1142] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 204.801671][ T1142] bridge_slave_1: left allmulticast mode [ 204.814026][ T1142] bridge_slave_1: left promiscuous mode [ 204.826677][ T1142] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.852362][ T1142] bridge_slave_0: left allmulticast mode [ 204.865925][ T1142] bridge_slave_0: left promiscuous mode [ 204.877279][ T1142] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.011360][ T1142] veth1_macvtap: left promiscuous mode [ 205.017053][ T1142] veth0_macvtap: left promiscuous mode [ 205.029454][ T1142] veth1_vlan: left promiscuous mode [ 205.040458][ T1142] veth0_vlan: left promiscuous mode [ 205.964090][ T1142] team0 (unregistering): Port device team_slave_1 removed [ 206.015523][ T1142] team0 (unregistering): Port device team_slave_0 removed [ 206.067860][ T1142] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 206.124787][ T1142] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 206.273659][ T5084] Bluetooth: hci3: command tx timeout [ 206.547083][ T1142] bond0 (unregistering): Released all slaves [ 206.650655][ T8025] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 206.799089][ T8025] team0: Port device team_slave_0 added [ 206.825427][ T8025] team0: Port device team_slave_1 added [ 206.893064][ T8025] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 206.900479][ T8025] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 206.936479][ T8025] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 206.952083][ T8025] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 206.959085][ T8025] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 206.995962][ T8025] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 207.121611][ T8102] bond0: (slave lo): Releasing backup interface [ 207.143810][ T8102] bond0: (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed [ 207.182353][ T8102] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 207.197964][ T8102] bond1: (slave lo): Enslaving as an active interface with an up link [ 207.206713][ T8102] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 207.324511][ T8025] hsr_slave_0: entered promiscuous mode [ 207.351762][ T8025] hsr_slave_1: entered promiscuous mode [ 207.390920][ T8025] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 207.398529][ T8025] Cannot create hsr debugfs directory [ 207.804344][ T7911] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 208.013314][ T8025] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 208.039147][ T8025] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 208.074242][ T8025] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 208.095895][ T8025] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 208.333311][ T8025] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.350912][ T5084] Bluetooth: hci3: command tx timeout [ 208.394712][ T8025] 8021q: adding VLAN 0 to HW filter on device team0 [ 208.413855][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.421138][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.495617][ T992] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.503687][ T992] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.698522][ T7911] veth0_vlan: entered promiscuous mode [ 208.759001][ T7911] veth1_vlan: entered promiscuous mode [ 208.868891][ T7911] veth0_macvtap: entered promiscuous mode [ 208.914993][ T8145] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.922863][ T8145] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.008270][ T7911] veth1_macvtap: entered promiscuous mode [ 209.069058][ T7911] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 209.143176][ T7911] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.176484][ T7911] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 209.201056][ T7911] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.219714][ T7911] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 209.247827][ T7911] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 209.270459][ T7911] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.294042][ T7911] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 209.320867][ T7911] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.342875][ T7911] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 209.377309][ T8025] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 209.403052][ T7911] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.431590][ T7911] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.461022][ T7911] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.470632][ T7911] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.751295][ T1102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 209.759537][ T1102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 209.846385][ T998] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 209.869612][ T998] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 210.175156][ T8025] veth0_vlan: entered promiscuous mode [ 210.202732][ T8025] veth1_vlan: entered promiscuous mode [ 210.247902][ T8187] loop3: detected capacity change from 0 to 512 [ 210.258916][ T8189] netlink: 'syz.0.792': attribute type 29 has an invalid length. [ 210.280110][ T8189] netlink: 'syz.0.792': attribute type 29 has an invalid length. [ 210.310928][ T8187] EXT4-fs error (device loop3): ext4_orphan_get:1404: inode #15: comm syz.3.791: inode has both inline data and extents flags [ 210.383865][ T8187] EXT4-fs error (device loop3): ext4_orphan_get:1409: comm syz.3.791: couldn't read orphan inode 15 (err -117) [ 210.411547][ T8025] veth0_macvtap: entered promiscuous mode [ 210.439730][ T5084] Bluetooth: hci3: command tx timeout [ 210.444559][ T8187] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 210.482672][ T8025] veth1_macvtap: entered promiscuous mode [ 210.557571][ T8025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.584480][ T8025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.624718][ T8025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.644452][ T8025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.660527][ T8025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.676443][ T8025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.698047][ T8025] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 210.706507][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.759646][ T8025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 210.783797][ T8025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.794009][ T8025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 210.810842][ T8025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.855951][ T8025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 210.876767][ T8025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.889117][ T8025] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 210.946179][ T8025] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.970814][ T8025] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.979630][ T8025] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.010833][ T8025] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.206908][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 211.224243][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 211.309870][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 211.329710][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 211.826561][ T8231] loop5: detected capacity change from 0 to 2048 [ 211.881635][ T8231] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 211.905757][ T8231] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 211.988790][ T8209] loop4: detected capacity change from 0 to 40427 [ 212.040472][ T8209] F2FS-fs (loop4): build fault injection attr: rate: 14, type: 0x7ffff [ 212.075753][ T8209] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0xe4 [ 212.104594][ T8209] F2FS-fs (loop4): invalid crc value [ 212.146721][ T8209] F2FS-fs (loop4): Found nat_bits in checkpoint [ 212.229654][ T8209] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x68b/0x9b0 [ 212.285661][ T8209] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 212.401410][ T8209] F2FS-fs (loop4): inject alloc nid in f2fs_alloc_nid of f2fs_get_dnode_of_data+0x754/0x1c70 [ 212.550934][ T9] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 212.636869][ T8252] loop3: detected capacity change from 0 to 512 [ 212.723193][ T8252] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 212.763333][ T9] usb 6-1: unable to get BOS descriptor or descriptor too short [ 212.783356][ T8252] ext4 filesystem being mounted at /205/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 212.783418][ T9] usb 6-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice= 0.40 [ 212.803582][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.821211][ T9] usb 6-1: Product: syz [ 212.825693][ T9] usb 6-1: Manufacturer: syz [ 212.830392][ T9] usb 6-1: SerialNumber: syz [ 212.835733][ T7911] bio_check_eod: 46 callbacks suppressed [ 212.835746][ T7911] syz-executor: attempt to access beyond end of device [ 212.835746][ T7911] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 212.864873][ T9] usb 6-1: selecting invalid altsetting 1 [ 212.883052][ T9] usb 6-1: unit 6 not found! [ 212.890561][ T7911] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 212.970212][ T27] audit: type=1800 audit(1778977540.567:52): pid=8256 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.807" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 213.175595][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 213.702418][ T9] snd-usb-audio: probe of 6-1:1.0 failed with error -22 [ 213.710248][ T5084] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 213.721537][ T5084] CPU: 0 PID: 5084 Comm: kworker/u5:1 Not tainted syzkaller #0 [ 213.729136][ T5084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 213.739238][ T5084] Workqueue: hci2 hci_rx_work [ 213.744020][ T5084] Call Trace: [ 213.747337][ T5084] [ 213.750296][ T5084] dump_stack_lvl+0x18c/0x250 [ 213.755043][ T5084] ? show_regs_print_info+0x20/0x20 [ 213.760300][ T5084] ? load_image+0x420/0x420 [ 213.764879][ T5084] sysfs_create_dir_ns+0x26e/0x2a0 [ 213.770024][ T5084] ? sysfs_warn_dup+0xa0/0xa0 [ 213.774722][ T5084] ? do_raw_spin_unlock+0x121/0x230 [ 213.779952][ T5084] kobject_add_internal+0x61c/0xcc0 [ 213.785190][ T5084] kobject_add+0x164/0x240 [ 213.789628][ T5084] ? __rwlock_init+0x150/0x150 [ 213.794408][ T5084] ? kobject_init+0x1e0/0x1e0 [ 213.799107][ T5084] ? _raw_spin_unlock+0x28/0x40 [ 213.803982][ T5084] ? get_device_parent+0x366/0x390 [ 213.809117][ T5084] device_add+0x408/0xc20 [ 213.813475][ T5084] hci_conn_add_sysfs+0xd5/0x1e0 [ 213.818435][ T5084] le_conn_complete_evt+0xf5d/0x1540 [ 213.823748][ T5084] ? hci_event_packet+0x4cb/0x1270 [ 213.828895][ T5084] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 213.835165][ T5084] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 213.840823][ T5084] ? skb_pull_data+0xfb/0x200 [ 213.845537][ T5084] hci_le_conn_complete_evt+0x187/0x440 [ 213.851115][ T5084] ? hci_remote_host_features_evt+0x150/0x150 [ 213.857200][ T5084] hci_event_packet+0x7ba/0x1270 [ 213.862176][ T5084] ? bis_list+0x290/0x290 [ 213.866537][ T5084] ? lockdep_hardirqs_on+0x98/0x150 [ 213.871763][ T5084] ? hci_send_to_monitor+0xd7/0x4f0 [ 213.877002][ T5084] hci_rx_work+0x43a/0xd60 [ 213.881454][ T5084] ? process_scheduled_works+0x96f/0x15d0 [ 213.887205][ T5084] process_scheduled_works+0xa5d/0x15d0 [ 213.892800][ T5084] ? worker_attach_to_pool+0x380/0x380 [ 213.898292][ T5084] ? assign_work+0x3d2/0x5d0 [ 213.902912][ T5084] worker_thread+0xa55/0xfc0 [ 213.907523][ T5084] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 213.913437][ T5084] ? _raw_spin_unlock+0x40/0x40 [ 213.918310][ T5084] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 213.924253][ T5084] kthread+0x2fa/0x390 [ 213.928343][ T5084] ? pr_cont_work+0x560/0x560 [ 213.933075][ T5084] ? kthread_blkcg+0xd0/0xd0 [ 213.937686][ T5084] ret_from_fork+0x48/0x80 [ 213.942147][ T5084] ? kthread_blkcg+0xd0/0xd0 [ 213.946753][ T5084] ret_from_fork_asm+0x11/0x20 [ 213.951586][ T5084] [ 213.981676][ T9] usb 6-1: selecting invalid altsetting 1 [ 213.988121][ T9] usb 6-1: unit 6 not found! [ 214.009619][ T5084] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 214.011990][ T9] usb 6-1: 2:0: cannot get min/max values for control 1 (id 2) [ 214.031012][ T5084] Bluetooth: hci2: failed to register connection device [ 214.070240][ T5084] ================================================================== [ 214.078360][ T5084] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0x6df/0x1070 [ 214.086379][ T5084] Read of size 8 at addr ffff888052d22480 by task kworker/u5:1/5084 [ 214.094408][ T5084] [ 214.096748][ T5084] CPU: 1 PID: 5084 Comm: kworker/u5:1 Not tainted syzkaller #0 [ 214.104321][ T5084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 214.114396][ T5084] Workqueue: hci2 hci_rx_work [ 214.119100][ T5084] Call Trace: [ 214.122393][ T5084] [ 214.125335][ T5084] dump_stack_lvl+0x18c/0x250 [ 214.130034][ T5084] ? __lock_acquire+0x7d40/0x7d40 [ 214.135093][ T5084] ? show_regs_print_info+0x20/0x20 [ 214.140312][ T5084] ? load_image+0x420/0x420 [ 214.144843][ T5084] ? __virt_addr_valid+0x469/0x540 [ 214.149972][ T5084] print_report+0xa8/0x210 [ 214.154404][ T5084] ? l2cap_connect_cfm+0x6df/0x1070 [ 214.159624][ T5084] kasan_report+0x117/0x150 [ 214.164148][ T5084] ? l2cap_connect_cfm+0x6df/0x1070 [ 214.169365][ T5084] l2cap_connect_cfm+0x6df/0x1070 [ 214.174447][ T5084] ? l2cap_ertm_resend+0x1040/0x1040 [ 214.179765][ T5084] ? l2cap_ertm_resend+0x1040/0x1040 [ 214.185069][ T5084] hci_connect_cfm+0x8f/0x130 [ 214.189771][ T5084] le_conn_complete_evt+0xfdc/0x1540 [ 214.195065][ T5084] ? hci_event_packet+0x4cb/0x1270 [ 214.200200][ T5084] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 214.206460][ T5084] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 214.212109][ T5084] ? skb_pull_data+0xfb/0x200 [ 214.216803][ T5084] hci_le_conn_complete_evt+0x187/0x440 [ 214.222358][ T5084] ? hci_remote_host_features_evt+0x150/0x150 [ 214.228447][ T5084] hci_event_packet+0x7ba/0x1270 [ 214.233415][ T5084] ? bis_list+0x290/0x290 [ 214.237766][ T5084] ? lockdep_hardirqs_on+0x98/0x150 [ 214.242987][ T5084] ? hci_send_to_monitor+0xd7/0x4f0 [ 214.248203][ T5084] hci_rx_work+0x43a/0xd60 [ 214.252649][ T5084] ? process_scheduled_works+0x96f/0x15d0 [ 214.258421][ T5084] process_scheduled_works+0xa5d/0x15d0 [ 214.263996][ T5084] ? worker_attach_to_pool+0x380/0x380 [ 214.269470][ T5084] ? assign_work+0x3d2/0x5d0 [ 214.274076][ T5084] worker_thread+0xa55/0xfc0 [ 214.278680][ T5084] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 214.284593][ T5084] ? _raw_spin_unlock+0x40/0x40 [ 214.289455][ T5084] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 214.295366][ T5084] kthread+0x2fa/0x390 [ 214.299448][ T5084] ? pr_cont_work+0x560/0x560 [ 214.304144][ T5084] ? kthread_blkcg+0xd0/0xd0 [ 214.308744][ T5084] ret_from_fork+0x48/0x80 [ 214.313195][ T5084] ? kthread_blkcg+0xd0/0xd0 [ 214.317792][ T5084] ret_from_fork_asm+0x11/0x20 [ 214.322576][ T5084] [ 214.325734][ T5084] [ 214.328071][ T5084] Allocated by task 5084: [ 214.332425][ T5084] kasan_set_track+0x4e/0x70 [ 214.337033][ T5084] __kasan_kmalloc+0x8f/0xa0 [ 214.341658][ T5084] l2cap_chan_create+0x50/0x760 [ 214.346521][ T5084] l2cap_sock_new_connection_cb+0x182/0x2a0 [ 214.352482][ T5084] l2cap_connect_cfm+0x375/0x1070 [ 214.357528][ T5084] hci_connect_cfm+0x8f/0x130 [ 214.362215][ T5084] le_conn_complete_evt+0xfdc/0x1540 [ 214.367512][ T5084] hci_le_conn_complete_evt+0x187/0x440 [ 214.373061][ T5084] hci_event_packet+0x7ba/0x1270 [ 214.378008][ T5084] hci_rx_work+0x43a/0xd60 [ 214.382446][ T5084] process_scheduled_works+0xa5d/0x15d0 [ 214.388014][ T5084] worker_thread+0xa55/0xfc0 [ 214.392624][ T5084] kthread+0x2fa/0x390 [ 214.396702][ T5084] ret_from_fork+0x48/0x80 [ 214.401144][ T5084] ret_from_fork_asm+0x11/0x20 [ 214.405935][ T5084] [ 214.408268][ T5084] Freed by task 8276: [ 214.412261][ T5084] kasan_set_track+0x4e/0x70 [ 214.416870][ T5084] kasan_save_free_info+0x2e/0x50 [ 214.421916][ T5084] ____kasan_slab_free+0x126/0x1e0 [ 214.427046][ T5084] slab_free_freelist_hook+0x130/0x1a0 [ 214.432507][ T5084] __kmem_cache_free+0xba/0x1e0 [ 214.437374][ T5084] l2cap_sock_cleanup_listen+0xea/0x3e0 [ 214.442947][ T5084] l2cap_sock_release+0x6a/0x1e0 [ 214.447906][ T5084] sock_close+0xbd/0x230 [ 214.452165][ T5084] __fput+0x234/0x970 [ 214.456154][ T5084] task_work_run+0x1d4/0x260 [ 214.460768][ T5084] exit_to_user_mode_loop+0xe6/0x110 [ 214.466102][ T5084] exit_to_user_mode_prepare+0xee/0x180 [ 214.471656][ T5084] syscall_exit_to_user_mode+0x1a/0x50 [ 214.477141][ T5084] do_syscall_64+0x61/0xa0 [ 214.481562][ T5084] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 214.487471][ T5084] [ 214.489800][ T5084] The buggy address belongs to the object at ffff888052d22000 [ 214.489800][ T5084] which belongs to the cache kmalloc-2k of size 2048 [ 214.503854][ T5084] The buggy address is located 1152 bytes inside of [ 214.503854][ T5084] freed 2048-byte region [ffff888052d22000, ffff888052d22800) [ 214.517838][ T5084] [ 214.520174][ T5084] The buggy address belongs to the physical page: [ 214.526601][ T5084] page:ffffea00014b4800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x52d20 [ 214.536765][ T5084] head:ffffea00014b4800 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 214.545715][ T5084] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 214.553702][ T5084] page_type: 0xffffffff() [ 214.558034][ T5084] raw: 00fff00000000840 ffff888017c42000 ffffea0001f1f200 0000000000000002 [ 214.566622][ T5084] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 214.575205][ T5084] page dumped because: kasan: bad access detected [ 214.581629][ T5084] page_owner tracks the page as allocated [ 214.587373][ T5084] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 1142, tgid 1142 (kworker/u4:11), ts 202737496360, free_ts 202734332481 [ 214.610385][ T5084] post_alloc_hook+0x1c1/0x200 [ 214.615199][ T5084] get_page_from_freelist+0x1951/0x19e0 [ 214.620762][ T5084] __alloc_pages+0x1f0/0x460 [ 214.625368][ T5084] alloc_slab_page+0x5d/0x160 [ 214.630059][ T5084] new_slab+0x87/0x2d0 [ 214.634130][ T5084] ___slab_alloc+0xc5d/0x12f0 [ 214.638825][ T5084] __kmem_cache_alloc_node+0x19e/0x250 [ 214.644312][ T5084] __kmalloc_node_track_caller+0xa2/0x230 [ 214.650070][ T5084] kmalloc_reserve+0x116/0x240 [ 214.654843][ T5084] __alloc_skb+0x138/0x2c0 [ 214.659301][ T5084] rtmsg_ifinfo_build_skb+0x8c/0x260 [ 214.664597][ T5084] unregister_netdevice_many_notify+0x10a7/0x1900 [ 214.671018][ T5084] ip6gre_exit_batch_net+0x451/0x4a0 [ 214.676315][ T5084] cleanup_net+0x795/0xbb0 [ 214.680746][ T5084] process_scheduled_works+0xa5d/0x15d0 [ 214.686314][ T5084] worker_thread+0xa55/0xfc0 [ 214.690938][ T5084] page last free stack trace: [ 214.695615][ T5084] free_unref_page_prepare+0x7b2/0x8c0 [ 214.701106][ T5084] free_unref_page+0x32/0x2e0 [ 214.705804][ T5084] __unfreeze_partials+0x1cf/0x210 [ 214.710927][ T5084] put_cpu_partial+0x17c/0x250 [ 214.715724][ T5084] __slab_free+0x319/0x400 [ 214.720197][ T5084] qlist_free_all+0x75/0xd0 [ 214.724736][ T5084] kasan_quarantine_reduce+0x143/0x160 [ 214.730208][ T5084] __kasan_slab_alloc+0x22/0x80 [ 214.735076][ T5084] slab_post_alloc_hook+0x6e/0x4b0 [ 214.740210][ T5084] kmem_cache_alloc+0x11a/0x2d0 [ 214.745099][ T5084] getname_flags+0xbb/0x500 [ 214.749617][ T5084] __x64_sys_symlinkat+0x7c/0xb0 [ 214.754564][ T5084] do_syscall_64+0x55/0xa0 [ 214.759003][ T5084] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 214.764914][ T5084] [ 214.767251][ T5084] Memory state around the buggy address: [ 214.772892][ T5084] ffff888052d22380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 214.780974][ T5084] ffff888052d22400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 214.789040][ T5084] >ffff888052d22480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 214.797113][ T5084] ^ [ 214.801199][ T5084] ffff888052d22500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 214.809300][ T5084] ffff888052d22580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 214.817376][ T5084] ================================================================== [ 214.825517][ C1] vkms_vblank_simulate: vblank timer overrun [ 214.843893][ T5084] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 214.851122][ T5084] CPU: 1 PID: 5084 Comm: kworker/u5:1 Not tainted syzkaller #0 [ 214.858696][ T5084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 214.868785][ T5084] Workqueue: hci2 hci_rx_work [ 214.873516][ T5084] Call Trace: [ 214.876814][ T5084] [ 214.879762][ T5084] dump_stack_lvl+0x18c/0x250 [ 214.884478][ T5084] ? show_regs_print_info+0x20/0x20 [ 214.889716][ T5084] ? load_image+0x420/0x420 [ 214.894270][ T5084] panic+0x2dc/0x730 [ 214.898214][ T5084] ? bpf_jit_dump+0xd0/0xd0 [ 214.902763][ T5084] ? _raw_spin_unlock_irqrestore+0x111/0x120 [ 214.908792][ T5084] ? _raw_spin_unlock+0x40/0x40 [ 214.913696][ T5084] ? print_memory_metadata+0x314/0x400 [ 214.919209][ T5084] ? l2cap_connect_cfm+0x6df/0x1070 [ 214.924468][ T5084] check_panic_on_warn+0x84/0xa0 [ 214.929441][ T5084] ? l2cap_connect_cfm+0x6df/0x1070 [ 214.934667][ T5084] end_report+0x6f/0x130 [ 214.938954][ T5084] kasan_report+0x128/0x150 [ 214.943503][ T5084] ? l2cap_connect_cfm+0x6df/0x1070 [ 214.948749][ T5084] l2cap_connect_cfm+0x6df/0x1070 [ 214.953816][ T5084] ? l2cap_ertm_resend+0x1040/0x1040 [ 214.959138][ T5084] ? l2cap_ertm_resend+0x1040/0x1040 [ 214.964477][ T5084] hci_connect_cfm+0x8f/0x130 [ 214.969196][ T5084] le_conn_complete_evt+0xfdc/0x1540 [ 214.974536][ T5084] ? hci_event_packet+0x4cb/0x1270 [ 214.979702][ T5084] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 214.985993][ T5084] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 214.991651][ T5084] ? skb_pull_data+0xfb/0x200 [ 214.996373][ T5084] hci_le_conn_complete_evt+0x187/0x440 [ 215.001954][ T5084] ? hci_remote_host_features_evt+0x150/0x150 [ 215.008064][ T5084] hci_event_packet+0x7ba/0x1270 [ 215.013065][ T5084] ? bis_list+0x290/0x290 [ 215.017424][ T5084] ? lockdep_hardirqs_on+0x98/0x150 [ 215.022665][ T5084] ? hci_send_to_monitor+0xd7/0x4f0 [ 215.027893][ T5084] hci_rx_work+0x43a/0xd60 [ 215.032345][ T5084] ? process_scheduled_works+0x96f/0x15d0 [ 215.038109][ T5084] process_scheduled_works+0xa5d/0x15d0 [ 215.043724][ T5084] ? worker_attach_to_pool+0x380/0x380 [ 215.049228][ T5084] ? assign_work+0x3d2/0x5d0 [ 215.053109][ T9] snd-usb-audio: probe of 6-1:1.1 failed with error -22 [ 215.060376][ T9] usb 6-1: selecting invalid altsetting 1 [ 215.066550][ T5084] worker_thread+0xa55/0xfc0 [ 215.071195][ T5084] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 215.077118][ T5084] ? _raw_spin_unlock+0x40/0x40 [ 215.082029][ T5084] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 215.087966][ T5084] kthread+0x2fa/0x390 [ 215.092063][ T5084] ? pr_cont_work+0x560/0x560 [ 215.096774][ T5084] ? kthread_blkcg+0xd0/0xd0 [ 215.101390][ T5084] ret_from_fork+0x48/0x80 [ 215.104104][ T9] usb 6-1: unit 6 not found! [ 215.110443][ T5084] ? kthread_blkcg+0xd0/0xd0 [ 215.115066][ T5084] ret_from_fork_asm+0x11/0x20 [ 215.119885][ T5084] [ 215.123503][ T5084] Kernel Offset: disabled [ 215.127845][ T5084] Rebooting in 86400 seconds..