last executing test programs: 7.737362968s ago: executing program 0 (id=1577): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xe8381, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r2, 0x4048aec9, &(0x7f0000000980)={0x1, 0x0, @ioapic={0xfee00, 0x296a, 0xf7c, 0x3, 0x0, [{0x98, 0x37, 0x81, '\x00', 0x7f}, {0x41, 0xf0, 0x81, '\x00', 0xf5}, {0xe9, 0x4, 0x9, '\x00', 0x11}, {0x7, 0x8, 0x3, '\x00', 0x8f}, {0xfe, 0x80, 0xb1, '\x00', 0xa}, {0xf, 0x2, 0x8, '\x00', 0xaa}, {0x7, 0x8, 0x4, '\x00', 0x8}, {0x1, 0x3, 0x2, '\x00', 0x67}, {0x2, 0x7, 0xa, '\x00', 0x8}, {0x8, 0x3, 0x43, '\x00', 0x80}, {0xf, 0x8, 0x4, '\x00', 0x3}, {0x2, 0x4c, 0x3, '\x00', 0xa}, {0x7, 0x6, 0x3, '\x00', 0xa6}, {0x8, 0x0, 0x8, '\x00', 0x9}, {0x2, 0x4c, 0xa2, '\x00', 0x1}, {0x8, 0x5e, 0x4, '\x00', 0x3}, {0x5, 0xa0, 0x47, '\x00', 0x5}, {0x0, 0x3, 0x3, '\x00', 0xff}, {0x5, 0x0, 0xf, '\x00', 0x7}, {0x5e, 0xa, 0xb, '\x00', 0x3}, {0x7f, 0x6, 0x7, '\x00', 0x4}, {0x93, 0x40, 0x9, '\x00', 0x10}, {0x2, 0x8, 0x0, '\x00', 0xfc}, {0x6, 0xc, 0x92, '\x00', 0x8}]}}) close_range(r0, 0xffffffffffffffff, 0x0) 6.620588834s ago: executing program 0 (id=1588): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sched_setscheduler(0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) ioctl$KDGKBMODE(0xffffffffffffffff, 0x4b44, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r3, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r4, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 6.453890017s ago: executing program 1 (id=1590): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xf2fe, 0x100, 0x1, 0x250}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r2, r3, &(0x7f00000004c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x10102, 0x1}) io_uring_enter(r1, 0x305, 0x0, 0x4, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 5.969818524s ago: executing program 1 (id=1592): r0 = socket$inet6(0xa, 0x3, 0xd) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0x23}, 0x800, 0x0, 0x2, 0x1, 0x0, 0x7}, 0x20) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) recvmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0x23}, 0x800, 0x0, 0x2, 0x1, 0x0, 0x20}, 0x20) 5.814475266s ago: executing program 2 (id=1594): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sched_setscheduler(0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) ioctl$KDGKBMODE(0xffffffffffffffff, 0x4b44, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r3, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r4, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 5.598110639s ago: executing program 0 (id=1596): syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x101880a, &(0x7f0000000400)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c61636c2c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474722c6673796e635f6d6f64653d706f7369782c646973636172645f756e69743d7365676d656e742c6261636b67726f756e645f67633d6f6e2c6e6f696e6c696e655f78617474722c646973636172645f756e69743d626c6f636b2c6673796e635f6d6f64653d7374726963742c617467632c657874656e745f63616368652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303031343033302c00271d57a599b8b169a579679e220c689eaaec4fa6229021e75c68a687d319b615573b0b0ceefba8e2e2419434463974ef8174b66469344931de0ccad650792761"], 0x1, 0x550b, &(0x7f00000079c0)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwiU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG+Ckpmpbv0AoWlj298PJs+8b94887xhWXhmSgK4sOaSX34qxc24GhHTEXEjIjsvFUdmLQ/PRcStiJh64igV839MXIqIaxFxc5Q8z1kq3vrszvD26o9v/vz1t5dnrn/+1XeT2zUwac9HRHc7P9/r5jFt5fFRMV8btrPYXRkWMX+j+7gYp3nca25mGfZqh+tqWVxu5evT7d3+KG51avVRbLW3svntXn7B/rB1mCf7wKPaTjZuNDez2O6nWWwd5HXtH+T/tx30B3meRpHvwyx9DAaHMZ9v7jfz/Ww/zmK9Nyjm87xpo7k/isMiFpeLetppZHVsHueb/n97q93b3U+GzZ1+O+0lq5Xqi5Xq3XJ1J200B82Vcq3buLuSzLc6o2XlQbPWXWulaavTrNTT7kIy36rXy9VqMn+vudmu9ZJqtbJcWSyvLhRnd5LXHrybdBrJ/Ci+0u7tDtqdfrKV7iT5JxaSpcrySwvJ7Wry9vpGsvHw/v31jXfev/feg5fX33i1WPS3spL5pcWlpXJ1sbxUXbhA+/+4KHqM+4djKU26AICzR/8PTMLJ9f87DyNOvv8P/f9YnKn+9/z1/3svREx0/3As+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5vLx9WL+qWLqmWJcioipiPjtH0zHpSM5p4s8s/+yfvYvNXxTiizD6BqXi+NaRKwVx69Pn/S3AAAAAOfXlx/d+jTv1vOXuUkXxGnKb9pM3fhgTPlKETE798OYsk2NXp4dU7Ls3/dM7I8pW3YD68qYkuW33GbGle0/mT4SrjwRSnmYOtVyAACAU3G0EzjdLgQAAIDT9MmkC2AySnH4KPPwWXD2l/d/PhC8emQEAAAAnEGlSRcAAAAAnLis//f7fwAAAHC+5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7eJA1EcgJ8NXth/WrTa+7ayNyhjS9jjHiMKSBMUkANpIQ1QA7mlhAgiPA6BiEMkj20l+j7JmYxlfrxBcJgZaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/OzM7WtooxSg4RUfCgF5tua2tv4kEJHvwThJBua+zWH20QW4qYizfJuRfRo4igxFv/h55b6KXeethDBc/KzM5kp23A9dfMNvl84M377jDM+75ZCPnOewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfFb0zgrDguTOK3O3bp/bb3obz/UF25s31kuWhEnbSb9eHih+SFZioij3SUDAADAwZDV9X1E3M13Vos+XSjr/7y+pqj5v31qElf1/Gd1yfpw/V/X/kX75ed7z+0OtDAZp7jpuY3R8PijqfT+rznOu6f/8ope+eTLdy9Z+YWk7249O87L55l8ffPm2/0yPNRGtgDAP3Gs7qug/n2o6AddJgbAgdFrFN51/Z8tdJsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBvGW3G0jpOIWO5N48Lt+9fW9+pvbN9Zrtvp69e348vpPYtb5BFxbmM0PN7qbObb5StXL6yNRsNL7QcvRkRXo79ZTf/C+zNcHNHJ8xH8R0Fafdnzks/jEXT4QwkAgH0pr1pR19/Nd1aLc8lixB/fPVj/v9KIY8b6/94Hp281x2rW/4PWZjj/VjYvfrJy+crV1zYurp0fnh9+9PqJwRuDk2dOnTqzUr4rWfHGBAAAgH+nX7Vm/Z8uPrr+f6QRx4z1/6ffDL5ojpWp//c0XfTrOhMAAICD7ZmXfv8t2eN80u/H52ubm5cGk+Pu5xOTYwep/m2Hqtas/7PFrrMCAAAA2jDeSh5Y/z/biGPG9f8nv3/+x+Y9s4g4XK3/H1v/eHS2venMtTb+nLjrOQIAANCtw1Vrrv/n5f7/dHfLQxoRr748iat/AzhT/Z+989UPzbGa+/9PtjfFuZQuTZ5H2S9F9Ja6zggAAID97ImqFcX+r/nO6oc/HXmvb/8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNv+DAAA///fxzxy") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) rename(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0) rename(&(0x7f0000000180)='./file0\x00', &(0x7f0000000a00)='./bus/file0\x00') 5.089624196s ago: executing program 3 (id=1598): openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=r0]) newfstatat(0xffffffffffffff9c, &(0x7f0000001580)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setresuid(0x0, r1, 0x0) syz_fuse_handle_req(r0, &(0x7f00000021c0)="b4e7780e64180b839fa07d9e4725e6c82da1984495d2c68cd5065c6e0371ad98a6c3c0411485bd645dad229e99afd92b5cb4d5a7ef36abddae196ff0cf9473fe11ad35e9f3d9655d701cccf1bf76cd09ea0da599776f1105924dd6cd176078a578dd13f9b786723bd85b0d054bcae362769a9747786ffbec3a01ef9aa0d47e1580fda24cc95fa196aa15ae001db466c649ea86e17234e2821119c05543aefbf25e43bb26216737ea4438259c70a31a3c1f5fbd225d8b426758d9535cc83a22d95e6b9300f58f30d7bcc49b178a7f926175bb92e6b14f058a3ba0138591bba0769fe421cc1d69cf5af0ad2586bf84121935f641aaa5be24a800e8ecc3af9e119c3479d1c86c5b2e6826b277e52e34301ba516f81ba468ed8afa6c06bc76959e912ff44be8a74dee38c097ec4ea17013778c80cb3c3bd198c23bcb2ed708809b87c44bdbeea9debde0713309c32d0c6238d575e092b8dc197c100c2160b2a8cc56b4feda1197ee55a199fcf54e45dcfff36b14926f898e725822186f3c89478e582982a88afcb885be0ceef5cf98c9f6b57f8b1bf0f34d503c47006e5208b593c79154853db9653546d111424fe57212cd52871427ad7ccce72256691faf62c1c4004b4a7234b39730da2dea5a44cfafe7016c2f31b5c7623ecec6dffb00c55d23b70b29e440ac3e49674f748dbd06f58f7fc760342264adbcc082f8fdddc5af7c4cb926f83d8a90986053ca1b96bbe4995066a9867b9ff38fd0c68241fe212cfc40b4ed8564c964d84786c2ce3dc3e278963127d8f58bf3d52ef90d8eac864dd73b13e5b5f2421dbf8363be23ec250976519a50aadec180a40689f9b3aa9eef161f4d8345aac45fb91c8eaa69869871faf74d4370e45d7a2aa7f56bf9bff274a6b62b55a7f547f3d00644b608ec6372ea0cff2a97c0a79534d77bdec5630bc70763b4750fca59aac05813f12dc8d6be7ed537eefdadcb6bc893a8de59af5e188baa6580ccae1fb8a542305bb5e992c5385f9893c2e2309fd131c9c88a2ec2e42fe5a3b9f890575d0d537cc7fdaf668ba70d3eed9b18222e506327a5b83bb8f954d33aed829b5a4ef1f5e61f68a0f802cedb0adc84837ff1e972b3af9356b8954304e3669f16ab77af536cdd0dc09083a1b7d39a9fd56a539f785b0b5389de3a815db7fe4541c5e6e383547fcc13bea083ce7dbe8b7317ea1ea770266dc2fdc23def2263bd050d2aa6567d6f28e8daba942c186827ad974f5a26224a21fe242aa1ee4236ebbed2963bc294440d69d26a0126826790798e0a2f9c341cbf8988ea3636e8edd4767e880668e13f0cd2c5439c7d43472eece4d6bbcc7a74a4d5942c737cb04885eb026d04c489f72436af51839f3cd50a5b2078dbbdb16de5fd77eaefbb07228f7b67eeabc027986054247864bb0194ad46e093a40dc2ced0b2432e1dfc937ca6014d690061a5778b2a4d864bdbe8629bff684171475e05cecb62bc021a257c10371ab0cb175c0df46205a096af34151c6678ea45763267ddd21eb43aade0b7db4b14b4baefede8c95a7f6eb948bdec20a9ef81a7667b515d91c33bec3cf475fb1504af4b72728bbc29a69612a398a9de5cf89cfb6dd9bf6d4a14d7fb491a9ecdf0127096e0e8f088e5e09cc0d2151b2b77b1a8c434cf23f093b6aaa5150c375ad3964d8d925b5808e492fe3cd18792cc95f6228e906294e9abc1dc63ea0088f1f24b9ef24977e3fa3d478e24c0c0202de3662c14fa3082b617ab5608aff5e4ca514ef17e2074b95a486f62f7eee59fe237109bc6279eedfc6b1b2cdb1830105f06f1a1ecb8ffef97a670c10454ea9129726c15fca940ff26e943d930b05cb410bbb80e83a1a314ef60909a1b9aade85f41d6ece295dfe73cb74634853a682da573c4863ec23d3017445ec6c2799a7ccffe7a6517e294a5238253d341f33640887bf7e1768d85e3f155949116f61879f87b07ee22fe2205e175bfe99bf60a37c08ad3a8f0674ae680fecdb68ecee3ba743744b2e8f2ec3c7a661f62f978d05a5cf05d942b18b49c36af34397822d397aa71beb5f5fdb8c91a05a7cfee5f344497dac09d780cff8a7dc46656097c5328358941a6c5159498e21f67e87d66f6abdeff7aa1efa83e3deb8982ac7d8a17865d585c7d8eb33c3343e233a699e0dcb91561c01704a867abbfc2aeb8a91e605efc44dcac6e672da3c52cd2e33db49d707d2bdf70da85a06435d63ac7786d86670f313393cb350e8811664b7f5523bc3d64c62f82ac092e3f3b612fabf087ce16738606689300900ee25a737bc256f5417d1d677bc6bd5920d071089eaf2955d23ff1bc6829d59353ae541196ac3c7329b0132bd3057e0c1667e6165699d00b269e3974191f23cf28b89eb308636f86bf0588ebfea1d6dab696fad4d8aab765f1034c7205fba76a112ef9ea21766d98cfacaf210928678975f3c09cb973870912a19077bb0b51cc6dd4919b619f241a201947fad886ae061c7ec2bc28ba9381222290a83fd5bfcb2ed1a23427c189c17159f4a6e910e90b4418d5e170782072a94f0c834fa7663d5057819e12a2aaa7525148e3cff6e54b27e10cbbf6a4fdd5ca54e458f46b0a08577ce02c42776e5150b95d22b2b440ef69d081c9436e3bc39f757562f6a94bf62aaa578d0ac321972e1c6527f32193f028b4531b78d0ace71fb3ea32632407bc8009134a384f0bde668df7ff400acce982b43fef2d315925d26a87ff0e68e46648cdae1b9c9002fdb19962bfb3db5d53e66d17647581feec55bd80ed03e1367bfd38e9ce15cce1f7ed6cfb2de892808b5b66c28b01188fe6904ab39d43084a6c6aebb2aa38b07dbfc99c7439672355384c6ca1472a3083de8e585dfae3ca73ea81829d24b6a08beede137f25d458895b02de05dcac4a95216ce317a99be7c9b2254abfa4d0d0ac650a8310aafb5ca7f0ba15bdd7a88ef6d3dcdb93eea8e58b7e2d4748f5385d9ba9b3c9ce85489ca948f3e0fe8da9cc8ef4aea915dbb165f073324b042763234af5d800358c679e10f6b6ec59103729247f9472f911955b4e37b5558737592d6d1d654b935b0de9c46cf25643dbc3a6d573ed97c18bcb751954fbe9ffbe4451ee9789999a0aab179624a2aafd590c235f187137a0cb53b46c6b3541e19227cb773f6a7324fbb4c03a564b6f40877d3f21b337de286456be26d33ab07859373d8cb896a47686a2c21461d35101094308bca35e03118d598af27ef0ea1fa9ab99b642e417445c9bb9a429807b5676cf6e067df22b8584207bc29b89fcc8275219e264cd1c0521d202703fa5e6e7791858dabf079bfbcbb54d2814c54bb11f76cca816ec24d66b7557eba7fcf00470b0ccdfbecb44720d5b0768d8199515254f338e004da250feec9a70358b072d749f8495f345e5848434cddb614d378b6bb3e2d076d1dd55c9087ba67618c2107ddb5702377149a387c618f11be8d283855231f7252c4bba733f0b6482257cb2422c80148e0cfefc90b3f70ec1cefa38071d2dbb8e35d65e93ece6a4941f885c5962d3b396f354a5881fbb7dbb5f5fb979d6891d88402fde686e22a8a888799fa68b91635f221ea384ef87295d2f826d9d9a45066d3cc0c2c469b6ded9ec074f942ba9850cff6405473ed234a2616a4a6c42b066f3e9ed586e17a0061e014c87c93fe10073af81b949291d6edb2a58901f299517a45c7bd563ef0b8574806793db4ff9aa376f4a1eb936e8416c2a9a14ba113bbabed14a694666e5626bb61f71c170e454fbe3654cebe5b54d967f4bacfd454ce9a077558f7fe0dcbe96770a0f33faa9b5ad5164ccfeae94f9d4be61b749db7700b5013fcfec247060e5fce6602c52e025a6cf41266bd9307f96cd29a415657775ed8f418b632fc4edc5ad280a703041ad50012ee8f4ee3b1e5aeaa6bfb686d0f118e187afb371e3276f12a33a7c1fabfc0b1f02bba9de8777a3918738e4f77a28ecf9bd284f9c86abcb072cdb7ac1fa5d77a4dc8c1579d522131ace9a765fa2e9f07f235fb90879288012a2f1c7ac64639dd21251af2c3d7441ce79a5be07cb9a961726085c0c3d7f422d2c61d328e53876a76d092eeee189765f9f113e75063c8e4fb3a7ba72db12c2e88110e42918b9ace956cf89c12880ec677f46c4db53492217e9861eed56f4f27c67c4c4551f0bf03b722144cd08f083e1282a85ffa3bfa2d228d04256993bf6c4c2d26715bb35cbfa734d2bf38d487a7b110caf5fe1e073481f40130549650a9efa9e4499fb6abad213c6bf310a263bfd3994bd5201b77e2d56f8f16f95b1371cfa249b0d89086262850e76cc63fe0f4295298cae17d12856d976fab442099c2044ca64640c0834eaf54ddc46ab477ac54034f9a77c88934e037078fc1d69429c7728fd4a1339dd4425ab7f75853488dfcb1bc851caeca4cdb07bbfd2d5e5fcba6d1f31506a2bbdb5bbabf8e3359baec49acafb192e537536693272e5ccbb767eae343ce8fb133bf254fae58ca77e732c32ed53948f0ca29942c4e72ac8468239ee4986a6dbc6f8a4d133b03c5c311f4b0c86ee5a6dc3676c10d6104f527d71ea7504797fa9da2eecf1e1062a97066691d97de4a3cf7a061663b9b31056f8ff99edd27c94b4dcc4d9950a26c852e0e5564af8e490839be2106193a69befa19d460c6c8e6607ae09e2fa55a68569696f98d44400120e3e09a1317133e62d49fbf6a2c17b6dd3bda16a7c454f2b34d9d7c6c45930dcdaf9987675597ca13470f5a3cfb0643a54cc89c236f85fb31b7754e95c2daecd3b2c1b64f4d91d639df4462b1a483b734dd50ba7885a594749797784f35117ab7856247add0b477e8e01a3dba0158bf577a6f852c27fab4707dfd544182594dfd2eb935f520d025eb52890161efa9ab7f82ddeb5ebf2f1259e0915fcdfad50514072de1eac2d3feebb9e5e4cace0afd493e36ad5763ec4f2d9c8dc11fbb37980bb382ae294ab54e13d5aefe7a1bda6fc5c7c635de6ec7bdc91435f7edfb1aed0ddd6f3ae60b4f87cbd455c4c1a0f4e039c74d75531a660af8c7282c670926b3226a98031b23cab40c1602d316b3b5abb48d9397def5d65c02ea7c40c0252215c4e4706c0ab8f4a99903f77d26508f32c4795ccab3c358a87c86f6d2e378d0265f2d3fae0ba2768f46552944e0ef73b37d69d8ea1736aa58161ad36db54a7f65245762be51d830f9c50e699bb4e58b624b3ac411ac8b952f3c509c6e30f99bc077e0af4fcc23b7cc9b1497c4d6c1670a719af2fb90ad18387933e085c31e64b64a39dfa8f31abc4c60b9bc4821b10fdbb7cfd2899caa51075896963f916a8f9de27081ad408e92390ad50468a45389c7494f72a7edc7938fc5fb08722d5f4523508ff16a621cd164422147c4ec765578a97d57ac4e110f055addd9069d30869bbc704e1e72b41f6b22cfe5df7caea12150d55967113b966434727f106ae4fdf2a354ff09c37a26ebbb92e40b1df7fe6d53813209bcbd1589d797595c2ca4a9977c729a52e3fe3d1792866b67a9ac6f30914fbb5f43661acd25dd5eb68930e0a4976e03fc013a650d2ca5ca3d99dd015ca10e6e1a82a6cae437627ad5d157f34901e4b23b773445b8664baac969374d411d407cc2bf421ef97410633d87b1be4acd3341323922834207cd96922a46d5a993aaf4483ea8bf20e3f821fb7d433bb7612a17705a511239f762c45030ea19e71841f5adc54b3312b6f83955fb0d9176e5f27567d8bdfd8ee24f0c6a51c6fac4a62e7b4019813f3b54e38105bfc18b798fd75f427f220ffabf40b293d4982ddfd9f32da5726ef33d07b080f59ab436bce4d37372a1d689ba39e370e93c4544b3ba699acd689b37efffe19ac20638d4fc3ac2cc1814fc44d16e3d6c2afd2184d35ec9f7fd6d49f925eecab2c260c06f819b3942d6830e1a16e328b0656a4edca5222af5d2e1d78667f798e69a52bbf2c631216a78c3875053f82eef9136609ab7b25eaf75fedfecc23f6d1e9e42395dac6e4cee787525c1554ead55441cfb653ba4a61d6868e37a996cdb3b5beca9bc0a01065956106f92842f5d93d6e0f8a576e2253bb3fbff705e9a93c10549dcba91c7b791c1d18d07de375ecd001752181301d8fe0614f0f676c2c2c4cf88b68d450e85c76e6ad5ddafe5013ba2c6bfad33495250fbecc03958815570440e643600405b907e2404a7fe120c293559148b8ffc578b514a45564fb542559e388168a533bbc40cea49ff7a1147b677486bb18e69926f1a2914019fbf3743f95b83cd41539cd86aa17ca52bf5c4aa3f7111e1b066f490641229725e9952492b5a5841700a2134c95d18b341fadba4048251195657632b2735d90137fb517b0c45dff8073a5ca183742be78f589ac4b83aa179feec29ac31ee8ff2e732ad53ee850daffca9a8922e92dde0a73f3708c538fdf65d086f10ec0ceb53d9e6aa23652ed441a76ba450b2e841b7d69a455d3a3c871dc7e2348a4103e0768bee9a8c44c1d59cd546531b37389842fe346964ff066e6010fff2ce060719f6b1a8070ca8f5f2670e5d50c2bb4d0f0a20cb55a5b13e284b4e52460965b967175ef64b521442ea9b618271cf541f37d4388eb1bca75533461ec3af0bed9e1975545d924d7648c3e53155c8e4ee4c390ec0d061db28918953974471324ad9a4b9acec86ba34f3a7cec693da67423a9bd3bc320a4b7560af1c0bd9a4ee9d548508b33385adaa4d674d5419238b30137aba7f65577c782dcab346c1224a1edd7d51c64a1b6d35889a3315382f003f3ff8a6e61fe312ce3d51a2c227af8b83f62935e84025d16b812bc4277e72e7d4635d4f4bf8c63b69c5c99bf4060b2a5f92d513e743b8d39f739a238c14d0bcff76d545c52943eea9302701317b63bb841ab331bfc97fb54198c26861175958ee75a99e261f3bedfda19b7959339914ceaabd6d94c49c5aff8de8ca0305f407daf2c1354ebdb35b79665afd9d4a7077e45505be970b4371456dd28844948b1d66b36bc95a6589450425e6072e93b6b4c1be7591901650b5d98cd799a3f2e4ef665f71a2cbb905cc03497f37bb2e1f3bb18790db88fe97988406c9445fb7ada1c8d753ff19faea0cf6160ee5b6f6884da454251a69b6b950d80bfb1c06e3a99cfb8b82a9578ae45ade477a5aaa09c8931258a2573038591e6d267ed1ace35c68d89cb96b30c3e43a53bcaa822b9aa99a1dbd74953aad73d27149cdc0c640a79e9e8b7a547c7218711e40ed891fb5b1029b7f79bc88628d2263a6d023baea1d825e520b5a60f6c244fe4f8f2f70d0283555c9c97374d042a11cd1e342d50d945c0d105293f7ea11c697869ba0ac3780451bcb694d13e939f81d4f032043f055b7a07c97f3f2f0603287a3cdf3884762912480ba2d716172323b069ce4648f666201d0b8965cf5cc01e3f1c825ebf9fc5aa8cd66c0a9171b2a0efde4e0ba2cfd734ae96bd96a4abb3efdb74ce807feb38b3fe25ca85cbc385045c9fb404b7fdb7689ed62e5fadb81d1f2516f82608825e46690453f85de45294e861630ee74711acdbe3c5e994a73de7f1c328abb41d1f9bd5da57caec6619e87bb09fe9b5f15e9bd9867e40a9219fbf04bfd0491f89ab66c1bdd40ae87ef4df9a883f2b14eb5f03294265fdc7b755b6fc549a24b5a65a1887797e39a96c82dc61a03b69de3b80c98b319157c4b0bac76d66de748e037e3eed22449e7a0cdb13a21ba27c57cf48fcbe1113e7657c7e338445044aba7abe9c253be47bd62b5a1db4a1c3f0ad1a04106de1ee03cad5f6fe3c67ff6180d94250ccf3e5d5ae950cb8fdcbbcb2beff1d74d69f2b57e6c72849069fb722b3aa4d1c85097f2d4bdcbf0acd04f917c931c2a4eabbbb71de5f14c862bc119d3f234ad24ff7ef30c4b916b5ed9eb037545778c33d84310e89baa5872cdbdd16f0da022a26e99c55d20d2f7d54860823258f3aad1115cbf6788c357a486a0c0e5239cca4dd2a2d1aab3f2f1f7fb6803e83b858641eeb534db92d2bd9564032e0c89d1d848d4fb56982589e271ee96f695a7c33e4e31e2c8a78ed11bea609c2f41477dd5ba1d4853b2f01d8ce634a73427f07ed66f692690cbf021dc0227bac9dd768f9fff35ada9a1038a2b8a18681b2ec93a0a3bddbe1f3e8fa7a3e16a698d0f3306f61ac05193b07f5e6c31d70954f3ac5991356f6336377cbfe8422b8d6802bc250da2b6a7169eb8649fd3939a4f7280e2554e50449ae334f043a47ac3c7e8df2440aaf8c92d2880283c43231035a93a54467ddd95dbf8d84d856d26ffd6fd71a02049aaa8ec27f3b5b94657ae67fe5c70fb1c0e47f400085fd0bf22207880f5e4338d2db9a97bafe919119fc6ec40b09a26a7a0c89dad3c95f553577dd89c1e2fec26972e4b1320bc2133aba4f1a27da4af96853384910c04090ea469424867a1808be3be818f192d58d6e46f377e67313b6e220142e5dcec1dd8e339492cc2b6eae24cb9d528ab3e2b84961a7c089376b22415957a15265ef9e0d3bab375946ac271d3b158b606bd7dbdf5110760c74fafa923e5cddecc2bc532afbe52353b90487369b94ae6f53dfa1a0c4342e5073be0feb3f52d6e569b9cd433e845f71e6ab4a8fca801fda8e6cb9db0a9de9989203b1eb9e905ca77f00bf2b31928334d6f6105bc3af0c54993dd5218f22bb6ff48ed8a3c602748aa88561341d9d9a2a32e494bb4011ca1dbf90ca0fec3ad0b9d1032df38e4c79f6cec7f44e2b9aade756dbf2626a3c4d93e97f4cf3e6af32e139a63b469a806d6bd793efee17d140f5290470e204a80a57403d9416f26abab4c027291e8a3161a5270d1df77a5445b1b217f0e00f3abf6e8ced40930e72184a24908d9977195680b58d39f87c42705ea6bbf971f7c2dafaf08c0d877da506b38c2b904549c68e7871297ee5a14625eee9cf9bcf17798bdec4901f9e9d3e642b401ffb1a9fa753b08d13011c4d620c964973b269c5d9620f88225a54c4f170f2118a682671be691a54cd826073da911a08f4afb605d997528d421e30c181cd49ceea4d068e2727d7521e608df80f4d7ec0ceba43142fedfad4a5be9bd814c5a84f87ca9904ef451922f9d7774c6bc8c3fddbb2ba8660d57b7993fa2551862e522bbeb9ccc029c9d26b3f51bbf156864ce33d40e5d55d00a9c66cf869d597b60704dbc5546245a890544b30b71d7a7919f7f9f905b821ec5f36b9271a653e604f541d92fc6ae90d89cde123b7719834fa48e7f9ff7d284b6243c9c7f34896694aa89f234daa41d39a3a8176531ca12c80cc95e9cb2d62b7204dfe98c4d9192d98019fb2bbe346d75aa0a21f5332300a8f9aee44c6b7f2310792455d63c40deb43026bb50cc1672bc7fe262f9600fb4ab79e39a7a33bfd1ed4f230acd471e9e705140386ed13e2c6590ee16d1915e5d4864d5520e89b3d967ab7f4be25c2265fc03ccfbaf995eb1557b4a2e9fd1f3786ac549a17941a23c9d486dbd5e21436045ac6afc7514ae307547c39bf2bb8d4ba05493c197c7ccc7e63104061e0deadc57bdbbbe107e74ae8a82e28a015076fc2e9ec989605662c6268201e5b1cf1ee344a1c24ed88523118bb272b0752b51326b62a467ffc39b87df60819d50a66a3796da1842e9380eb9423f532b7dfc5888b934e198228f5b49813d7ce9769bdd756eda7f5b373fd8e08de2d6bf512181ecadfb0f280c1f5a3b46448e0362ec64a7a2f1f2788bbdf0e72e794cb3dd9a5346b92fffcddaccf9b611c540caead3c06afd6e22e7ff16ac97590fd70154e1b97d8d0d4b0d29e679fc18aea2e7f0b587a1015a64870c08feeed248eb8100b87cebda933ef3880d3f8fb9d7a0ff6aeee8f2a9836bcc08953833e1da2093c48bda5500c4e7666cc2be23594979a6a80ad861d88ef9643a8a3a3a4d08270ce5af02b2b854995fff636d545bc4eedc47929cc181171b6319af4ab468462f896a787bab23226cfde73e827ad914e215059d9e3665274e4133f26038be8365ad5c760edef5cabe16903f180955b8fed9c8d777c908f6e136de46d9e44ed5e0885b4e437f04de6a1fa6c95e9ee3f9854855b51796e1efc42efebab032c82456b98a7c6fa45c316182706e42b71b5b05bbf866f0f7e1432234987eda2359c9dcb60cb4f68867b6cccfaad5321eac38e9634ee674830d970876cb6e43ff9612d0981b13b6209aa03eb0e27b3c1f58069eb1cd4197312bf14e9fbf9e8febffac4aaa6f6aa3847c9d1dd60fc867157304d4fddae32a4aa6510d56479aff13c437604b48065820d6bde107edee53a1e5bc54196908050ec6855048f94e14c2df95e38eae3b1b0786dac884a4cbebd80cd6037dbaade8b1479e1ee202956ef7b29cb0d4d092e93e8af8e8e608f0ca4669b29983bb4752568ca188ce9514ed929c3833003a3fd39657c280519d411cf07650cba2477a318820d71d4294d9eada4166a9fa73a6e773099657c3f28a328fa359c1b75ff4a4067e64744aca7f2784e66e8683b840efba2cd2db44b3f3c86b60d6a35351ea2a5552e711f40f73b5c00172e84a84d0d3128e0cbf148615999a34142633748fcb69129d28ca7ee3625a8894ba7c5c109850511bbf295ca954a1b14067257e2fd590f29f751cfcac5fc0255a0639df8450a757f16e273cc18717c2671f5100cfa7697b3b34ed10dccd35eac14d54d1e5f3df920588e85628cddeaa80955e6d973db48af296d119ecffcdb22d69d8098502f9863ef47ba4b0b8c8413c4368efa8f4c1cd845d1370432b075e80cf8f22bdfa1abb26017821f27939578b147aa2d70164bd7325a9f0d8058546a5ea261ab31554aa9dc504811744b3ff337bbf9801ed4caa57d78bc662b2e11308f72e3d6ec399c13c8b1479d2887d3de5484f6b2019e8b11e19a99b8dd80731515f0ea195593f23ccf6c8cd5e02a9b996cb4dffac77b502523bbdcf365861be8acda0afd42417aa841f9928b19a7db59e50b2d34d087993734057a836ccae6b9df663ea64b84d57bf5f2fe22ecafbf90ebd552054176e4e5068298580b11d3a930f3a64c6f04219b9ec27684cfc253c79830aa669171fd0e0953886d614cd7ae52af4c9011baa41a8d8a699810272d2971b34bb23dfb94a83954c06a3c47cffa1778b6f47d9cb7fbe9c4b01c3e500b3a29a288727ccc0a00b6efac646c558df4b09c2b5bdde883f75f7da65dcb0025b4a2394d403746ce2c97fd7a9f01f0750a0185c4271406835833de07c80b92c93bc8ca2658fb5404b59fb1039677524b570f5727f3ec671bb316fa6faa88e5e680cf3a688d31d7a16411f9b92a828541063914ef4e72f715b5a163e37f1c5fbbb80422da543eaa28c1eceea18404680dc3c121903b307355c7eb8044b60a23d850ee1484e14ba1b2479b35e93a7fedc7ee15942260376957b0d64fe4f2f2ae52150c673ca303002df32745b1acaa774c9e6e5df1b4ec9682b9019f1d1db77c61de21a99249e921e39c6b5c542f94127ccd8d0fac91bcb27bab8bad20d9dbb86e41f02884b16a14506b49bbd17cef9dfd1f1076c0e8b076ed628e3b52394157fd974996759e362698ad64", 0x2000, &(0x7f0000000d80)={&(0x7f0000000000)={0x50, 0x0, 0x2, {0x7, 0x2b, 0x5, 0x100141, 0x8, 0x3, 0x9541, 0xfffffffd, 0x0, 0x0, 0x2, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 5.035273847s ago: executing program 3 (id=1600): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x45, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10) 4.961619288s ago: executing program 1 (id=1601): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x101001) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000180)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f00000003c0)={&(0x7f0000000240)=[0x0], &(0x7f0000000440), 0x1, r2, 0xeeeeeeee}) ioctl$DRM_IOCTL_MODE_GETPROPERTY(r0, 0xc04064aa, &(0x7f0000000240)={0x0, 0x0, r3, 0x0, '\x00', 0x3f}) 4.899401349s ago: executing program 4 (id=1602): r0 = creat(&(0x7f0000000200)='./file1\x00', 0x12e) close(r0) close(0xffffffffffffffff) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20f42, 0x0) r1 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000001200), 0xa, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 4.782518161s ago: executing program 3 (id=1603): socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x1b}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xffffffff, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000500)=""/73}, 0x20) 4.782349331s ago: executing program 4 (id=1604): unshare(0x480) r0 = io_uring_setup(0x6145, &(0x7f0000000040)={0x0, 0x576c, 0x1000, 0x0, 0x256}) r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x1, 0x0) io_uring_register$IORING_REGISTER_EVENTFD(r0, 0x4, &(0x7f0000000100)=r2, 0x1) 4.747572422s ago: executing program 2 (id=1605): open(0x0, 0x56000, 0xa0) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x4000000, 0x0, 0x0}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newsa={0x16c, 0x10, 0x713, 0x70bd27, 0x25dfdbfc, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x4e21, 0x2, 0x2, 0x0, 0x0, 0x3b, 0x0, 0xee00}, {@in6=@private1, 0xfe, 0x32}, @in6=@dev={0xfe, 0x80, '\x00', 0x1b}, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x543}, {0x4, 0x7fffffffffffffff}, {}, 0x70bd28, 0x3500, 0xa, 0x4}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x60, "217d66d38547aa140db8a200000000c538c7cb7a"}}, @encap={0x1c, 0x4, {0x2, 0x4e24, 0x4e24, @in6=@dev={0xfe, 0x80, '\x00', 0x2e}}}]}, 0x16c}, 0x1, 0x0, 0x0, 0x880}, 0x0) 4.574781014s ago: executing program 1 (id=1606): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sched_setscheduler(0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r3, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r4, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 4.524276025s ago: executing program 3 (id=1607): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x75, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000f00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r0}, &(0x7f0000000200), &(0x7f0000000280)=r1}, 0x20) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) 4.515724125s ago: executing program 4 (id=1608): bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[], 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0xc) openat$vsock(0xffffffffffffff9c, 0x0, 0x10b000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) chdir(&(0x7f00000001c0)='./bus\x00') utime(&(0x7f0000000000)='./file0\x00', 0x0) rmdir(&(0x7f0000000380)='./file0/../file0\x00') bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES64, @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r3}, 0x10) 2.552971754s ago: executing program 1 (id=1609): io_setup(0x202, &(0x7f0000000200)=0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000000300)=[{}, {}], &(0x7f00000000c0)={0x0, 0x989680}) 2.397819025s ago: executing program 3 (id=1610): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800900010062"], 0x48}}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000040), 0x40000000000029d, 0x832b, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0xfffffffd, @mcast1}, 0x1c) 2.280661067s ago: executing program 0 (id=1611): creat(&(0x7f00000002c0)='./file0\x00', 0x0) r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4c21, 0x84, @mcast1, 0x5}, 0x1c) r1 = syz_io_uring_setup(0x497, &(0x7f0000000380)={0x0, 0x607b, 0x8, 0x0, 0x284}, &(0x7f0000000280)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x3516, 0x0, 0x4, 0x0, 0x0) 2.272405087s ago: executing program 4 (id=1612): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000bd000), 0x318, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x90000005}) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0xfffeffff, 0x0, 0x443c000000000000) connect$unix(r0, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e22}, 0x6e) 2.188362649s ago: executing program 2 (id=1613): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8) 755.872209ms ago: executing program 2 (id=1614): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000009c0)={r0, 0xf, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f00000016c0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe000000008500000009000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe40400000056bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a05cbee30ff0000001989425f5d0b79f6584d0416d7c4bb9f547b328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c3157f00000000000000a06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c3630000000002232017810e743bdaf879946547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2c4af38ffb7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e6dafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0eb3280e097585ab91d20baca005472b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92fe8bad99ca332af00f191b66b6a6f732a91f0e2e9190e4b448da7de018c58e950767f9b320be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c52573d9308a13d115b43f8b1894c8fa8a14dc4810f61ae96bf704526a8919bc700002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb50409fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381ccc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4d8521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060fd2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3bca426a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73cfd1e76982f3d899f71e4a9f0ba8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db00000000000001f915268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f00000021f8547d393dabe616fbbde21c90be00b5a22671395c7a69c6dd4d022ffc97ddb6aa025131652d409da1d8cfc3d219d4b1c1b7b8170d7c33d91db2b73f7ae02485a209a2474b5d0790d05c01bec623056e4d3f4d3149373a28b26a15a1fcce73d57e6eaf7e6f315fe275ebc9ef7aeca277dde01dde724f419803a2172a7833ceab38d21ca4f1dea5e1f4d8824167b21dd289dd4e6ecfba9e163bdbc48e1e758ecde000006c06d4d551e81ee73459cf1c00000000000000000000628a663ed417be6ff5b172cba4a1ec629a39ec253c087b1e9ce84e25b8717ae8581bf28c16a8bbda8d69358e885ddf5387e419c64847b8953070cdefe7d6a35197638e929f8f3c005f9de3fe351def9ed5"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040), 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x62, 0xfffffffffffffe74, &(0x7f0000000140)="cb74445b7d4c0b24676c6c71ae37efcedaf46242309766deb4e793f90000000000000000dbc856cbc664650634231454ca2d8034c4ca29e0d99c3b6615e91835a600c08f989af45438a54981be310aad92ae545b1c961e5f3762a51fe4c736edec6f", &(0x7f0000000cc0)=""/265, 0xcb95, 0x0, 0xff, 0x194, &(0x7f0000000980)="ffc4438e5c3081d0e133e812196ec0ed923733aa8b5aba32c8650e7a66d6136853773dfbc6226be13039e230d511f1ac50cc7811aac0400e4c833fedf842ae2918e6fddb550729246fcf4c0a01bc64989ea3985fb362751a83991bd56e761379caa64f6148893ff25f38d5cd6dd695bbf9ca709a9960e0e6b054d5e2239bcb7c0fb2ac66dc4c8f534e439ff20ccaf0d48a98c19c92a3b437a699350f49606d21a403f8c112c46fea5486bf367a854b0f6c1e563b656e4794f6793a08bb3656c391643f6df71d0255054368a938d38503d064da82d5dbf395ad47ed3932669168d324ed0f6de8360d499042ddc7d02b6c0772128257702bfe6d0971f00fea85da062cdc", &(0x7f00000007c0)="4c87fe555ceb79157b1e507ff4d3cc053321e42ae89f596427188b4877ab8f1776c0685784f1174c6401ecc1dd6e2a77bc79238f87ad9215a92ff203a30099e77c543e702b4a4438d358616381745f24f74e585498af129c4b173b242f445b08135f7fa40eb7ba78160ff4f0c80e1b324d0c234cb7f43a3ff9e9535dc16000c797113a039f4508a09144090000009f38a90a24f173b3e68377e4272950a80cfcd3aa6850e917bc7e57370060f5e6db941d67fc98a1e98103830b821657438325578d2af822dd4fc13ea7a7eef8d9be4e715aec8fd6cadc41c8da5ce9da2b9e1559d92a1936fc2b3a00000000000000000072200e10ba6269b634f10f7098c65ba67ba65c0e2687637e131fb8d5ba6c12c09c8356853c434a44ff0878e496dcf9a4f5ca02c293279948f37ebb28843f92c87c057a3b410e04418557d5deda7ddd3bd1d384d64ec980187e8b64a0696571a49e847db79349c9b3c3fab5f1f977bde4d802d9026ae0c11744eb1525c5195fd215d7a432497f35c2f2cfcd2b6336b26dfef0cb968c910ea2af5cdd4d58cc08535d5514", 0x2, 0x0, 0x3ff}, 0x24) 664.227751ms ago: executing program 3 (id=1615): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sched_setscheduler(0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) ioctl$KDGKBMODE(0xffffffffffffffff, 0x4b44, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r3, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r4, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 545.718723ms ago: executing program 0 (id=1616): r0 = socket(0x8000000010, 0x2, 0x0) write(r0, &(0x7f0000000c00)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c2867f490000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a00330700000012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1b9dcdd55cd69b37edeb8fe43f4bb102b2b8f55667ffff000000000000b2ccd243f395ed94e0ad91bd6433802e0784f2", 0xda) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendto$inet(r2, &(0x7f0000000040)='\f\x00', 0xffeb, 0x0, &(0x7f0000000340), 0x10) ioctl$sock_inet_SIOCSARP(r1, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @empty}, {}, 0x0, {0x2, 0x0, @multicast1=0xe000cc02}}) 531.770673ms ago: executing program 4 (id=1617): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000000)="4e000000010040", 0x7) r1 = syz_io_uring_setup(0x41c8, 0x0, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000001240)=""/4102, 0x1006}) io_uring_enter(r1, 0x1f82, 0x0, 0x0, 0x0, 0x0) 519.294303ms ago: executing program 2 (id=1618): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = socket$inet(0x2, 0x3, 0x6) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x1, @local}, 0x4a, {0x2, 0x0, @remote}}) ioctl$sock_inet_SIOCSARP(r1, 0x8953, &(0x7f0000000000)={{0x2, 0x4e22, @dev}, {0x0, @multicast}, 0x38, {0x2, 0x2, @broadcast}, 'syz_tun\x00'}) 137.640348ms ago: executing program 0 (id=1619): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sched_setscheduler(0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r3, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r4, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 137.355518ms ago: executing program 4 (id=1620): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x50) 117.225698ms ago: executing program 1 (id=1621): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0xffff}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x68, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}, {0x2c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_BITWISE_DREG={0x8}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x13}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xdc}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x10}], 0x4) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) 0s ago: executing program 2 (id=1622): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) shutdown(r0, 0x1) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000600)=0x2, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x1, 0x0, 0x0) kernel console output (not intermixed with test programs): batadv0: Interface activated: dummy0 [ 175.267628][ T4295] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 176.191929][ T5224] net_ratelimit: 10 callbacks suppressed [ 176.191949][ T5224] batadv0: mtu less than device minimum [ 176.246377][ T5224] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 176.259111][ T5224] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 176.271796][ T5224] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 176.284433][ T5224] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 176.297152][ T5224] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 176.310305][ T5224] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 176.323436][ T5224] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 176.336034][ T5224] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 176.348794][ T5224] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 178.886652][ T4295] dvb_usb_rtl28xxu: probe of 4-1:0.0 failed with error -71 [ 178.937254][ T4295] usb 4-1: USB disconnect, device number 2 [ 179.003487][ T9] hfsplus: b-tree write err: -5, ino 4 [ 182.928634][ T5293] loop1: detected capacity change from 0 to 512 [ 182.965233][ T5293] EXT4-fs: Ignoring removed nobh option [ 183.992581][ T5293] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.248: invalid indirect mapped block 256 (level 2) [ 184.035293][ T5293] EXT4-fs (loop1): 2 truncates cleaned up [ 184.072281][ T5293] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 184.226327][ T5300] EXT4-fs error (device loop1): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 186.472486][ T4260] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 186.807776][ T4262] EXT4-fs (loop1): unmounting filesystem. [ 190.611558][ T5342] virtio-fs: tag not found [ 190.887050][ T5345] loop3: detected capacity change from 0 to 32768 [ 190.893960][ T5345] XFS: attr2 mount option is deprecated. [ 190.926266][ T4252] Bluetooth: hci0: command 0x0406 tx timeout [ 190.936393][ T4252] Bluetooth: hci1: command 0x0406 tx timeout [ 190.961386][ T5345] XFS (loop3): Mounting V5 Filesystem [ 191.007211][ T4252] Bluetooth: hci4: command 0x0406 tx timeout [ 191.013283][ T4252] Bluetooth: hci2: command 0x0406 tx timeout [ 191.022908][ T4267] Bluetooth: hci3: command 0x0406 tx timeout [ 191.051529][ T5345] XFS (loop3): Ending clean mount [ 191.071602][ T5345] XFS (loop3): Quotacheck needed: Please wait. [ 191.192804][ T5345] XFS (loop3): Quotacheck: Done. [ 191.769965][ T4255] XFS (loop3): Unmounting Filesystem [ 193.976772][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.207351][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 197.307330][ T4295] kernel write not supported for file /178/attr/sockcreate (pid: 4295 comm: kworker/0:4) [ 198.158167][ T5407] Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 198.356592][ T5410] netlink: 4 bytes leftover after parsing attributes in process `syz.2.278'. [ 199.746586][ T5420] netlink: 28 bytes leftover after parsing attributes in process `syz.0.281'. [ 203.682717][ T5440] loop0: detected capacity change from 0 to 2048 [ 203.914954][ T5440] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 203.922940][ T5440] UDF-fs: Scanning with blocksize 512 failed [ 203.938203][ T5440] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 203.968734][ T5440] mmap: syz.0.286 (5440) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 204.835178][ T5450] loop3: detected capacity change from 0 to 512 [ 204.943202][ T5450] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 206.074824][ T5450] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2818: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 206.153661][ T5450] EXT4-fs (loop3): 1 truncate cleaned up [ 206.378094][ T5450] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 207.156989][ T5471] xt_CT: You must specify a L4 protocol and not use inversions on it [ 208.329076][ T4255] EXT4-fs (loop3): unmounting filesystem. [ 209.502061][ T5491] loop0: detected capacity change from 0 to 512 [ 209.530591][ T5485] loop3: detected capacity change from 0 to 2048 [ 209.539114][ T5487] virtio-fs: tag not found [ 210.936044][ T5485] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 211.375190][ T5510] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 212.393198][ T4255] EXT4-fs (loop3): unmounting filesystem. [ 215.459657][ T4260] Bluetooth: hci4: command 0x0405 tx timeout [ 216.819871][ T5545] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 216.826255][ T5545] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 216.832818][ T5545] Bluetooth: hci1: Suspend notifier action (1) failed: -4 [ 216.840321][ T5545] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 216.846258][ T5545] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 216.852181][ T5545] Bluetooth: hci2: Suspend notifier action (1) failed: -4 [ 216.859364][ T5545] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 216.865259][ T5545] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 216.871304][ T5545] Bluetooth: hci0: Suspend notifier action (1) failed: -4 [ 216.878482][ T5545] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 216.884373][ T5545] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 216.890383][ T5545] Bluetooth: hci3: Suspend notifier action (1) failed: -4 [ 216.897523][ T5545] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 216.903433][ T5545] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 216.910202][ T5545] Bluetooth: hci4: Suspend notifier action (1) failed: -4 [ 219.006416][ T4252] Bluetooth: hci4: command 0x0c1a tx timeout [ 219.012649][ T4260] Bluetooth: hci3: command 0x0c1a tx timeout [ 219.018807][ T4267] Bluetooth: hci0: command 0x0c1a tx timeout [ 219.018875][ T48] Bluetooth: hci2: command 0x0c1a tx timeout [ 219.025584][ T4252] Bluetooth: hci1: command 0x0c1a tx timeout [ 221.086280][ T48] Bluetooth: hci1: command 0x0406 tx timeout [ 221.092426][ T4259] Bluetooth: hci0: command 0x0406 tx timeout [ 221.092487][ T4252] Bluetooth: hci3: command 0x0406 tx timeout [ 221.098653][ T48] Bluetooth: hci4: command 0x0406 tx timeout [ 221.104506][ T4252] Bluetooth: hci2: command 0x0406 tx timeout [ 223.344915][ T5596] netlink: 28 bytes leftover after parsing attributes in process `syz.4.325'. [ 224.282975][ T5607] loop4: detected capacity change from 0 to 256 [ 224.350223][ T5607] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 224.412477][ T5607] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512 [ 224.461591][ T5609] device syzkaller1 entered promiscuous mode [ 224.470230][ T4348] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 224.493513][ T5607] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 224.536867][ T5607] UDF-fs: Scanning with blocksize 512 failed [ 224.548867][ T5607] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 224.699476][ T4348] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 224.722046][ T4348] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0093, bcdDevice=23.5a [ 224.740943][ T5607] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 225.443998][ T5607] netlink: 4 bytes leftover after parsing attributes in process `syz.4.330'. [ 225.472690][ T5607] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 225.513378][ T5607] net_ratelimit: 10 callbacks suppressed [ 225.513393][ T5607] batadv0: mtu less than device minimum [ 225.525091][ T4348] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 225.533455][ T4348] usb 4-1: Product: syz [ 225.546239][ T4348] usb 4-1: Manufacturer: syz [ 225.551067][ T4348] usb 4-1: SerialNumber: syz [ 225.560549][ T5607] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 225.574105][ T5607] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 225.588225][ T5607] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 225.600552][ T5607] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 225.612012][ T5607] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 225.623193][ T5607] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 225.634443][ T5607] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 225.645615][ T5607] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 225.656899][ T5607] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 226.335581][ T4348] usb 4-1: config 0 descriptor?? [ 226.470736][ T4348] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-8 [ 226.842279][ T4348] dvb_usb_af9035: probe of 4-1:0.0 failed with error -8 [ 226.851581][ T4348] usb 4-1: USB disconnect, device number 3 [ 227.127226][ T5626] loop3: detected capacity change from 0 to 512 [ 227.230594][ T5626] EXT4-fs: Ignoring removed nobh option [ 227.599420][ T5626] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.334: invalid indirect mapped block 256 (level 2) [ 227.692264][ T5626] EXT4-fs (loop3): 2 truncates cleaned up [ 227.723677][ T5626] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 227.774243][ T5607] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 232.116136][ T5668] loop0: detected capacity change from 0 to 40427 [ 232.974490][ T5631] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 233.044149][ T5668] F2FS-fs (loop0): invalid crc value [ 233.085867][ T5668] F2FS-fs (loop0): Found nat_bits in checkpoint [ 233.146406][ T5668] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 234.313001][ T5686] netlink: 12 bytes leftover after parsing attributes in process `syz.1.346'. [ 236.979771][ T4249] syz-executor: attempt to access beyond end of device [ 236.979771][ T4249] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 238.221889][ T5716] syz.1.354 (5716): drop_caches: 2 [ 240.972037][ T5732] loop1: detected capacity change from 0 to 512 [ 240.983806][ T4255] EXT4-fs (loop3): unmounting filesystem. [ 241.028570][ T5732] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 241.254597][ T5732] EXT4-fs (loop1): 1 truncate cleaned up [ 241.264924][ T5732] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 244.998510][ T4262] EXT4-fs (loop1): unmounting filesystem. [ 245.082677][ T5755] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 245.110138][ T5755] CIFS mount error: No usable UNC path provided in device string! [ 245.110138][ T5755] [ 245.120557][ T5755] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 246.653312][ T26] audit: type=1326 audit(2000000048.550:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5756 comm="syz.3.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 247.308101][ T26] audit: type=1326 audit(2000000048.580:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5756 comm="syz.3.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 247.342001][ T26] audit: type=1326 audit(2000000048.580:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5756 comm="syz.3.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=84 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 247.486221][ T26] audit: type=1326 audit(2000000048.580:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5756 comm="syz.3.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 247.894853][ T26] audit: type=1326 audit(2000000048.580:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5756 comm="syz.3.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 248.037970][ T26] audit: type=1326 audit(2000000048.600:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5756 comm="syz.3.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=140 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 248.084754][ T26] audit: type=1326 audit(2000000048.600:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5756 comm="syz.3.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 249.058801][ T26] audit: type=1326 audit(2000000048.600:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5756 comm="syz.3.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 249.296703][ T26] audit: type=1326 audit(2000000048.610:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5756 comm="syz.3.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 249.407577][ T26] audit: type=1326 audit(2000000048.620:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5756 comm="syz.3.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 251.721725][ T5792] loop4: detected capacity change from 0 to 1024 [ 251.745050][ T5792] EXT4-fs: Ignoring removed nobh option [ 251.752215][ T5792] EXT4-fs: Ignoring removed bh option [ 251.762769][ T5792] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 251.861785][ T5797] input: syz1 as /devices/virtual/input/input5 [ 252.328120][ T5792] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 253.010886][ T5792] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3841: comm syz.4.376: Allocating blocks 385-513 which overlap fs metadata [ 253.312858][ T5792] EXT4-fs (loop4): pa ffff88807383ba80: logic 16, phys. 129, len 24 [ 253.321132][ T5792] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 8 [ 254.481608][ T5810] Cannot find del_set index 0 as target [ 254.528069][ T4250] EXT4-fs (loop4): unmounting filesystem. [ 255.410821][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.418140][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.254588][ T5822] binder: 5815:5822 ioctl c0306201 0 returned -14 [ 256.285482][ T5822] netlink: 16 bytes leftover after parsing attributes in process `syz.4.380'. [ 256.585218][ T5822] loop4: detected capacity change from 0 to 8192 [ 259.066238][ T27] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 259.278417][ T27] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 259.478693][ T27] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 259.859051][ T27] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 259.870367][ T27] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.900678][ T27] usb 5-1: config 0 descriptor?? [ 259.928179][ T27] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 259.961591][ T27] dvb-usb: bulk message failed: -22 (3/0) [ 259.979525][ T5843] ipt_REJECT: TCP_RESET invalid for non-tcp [ 261.692322][ T5835] dibusb: i2c wr: len=61 is too big! [ 261.692322][ T5835] [ 261.782445][ T27] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 261.806738][ T27] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 261.815273][ T27] usb 5-1: media controller created [ 261.825510][ T27] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 261.883836][ T27] dvb-usb: bulk message failed: -22 (6/0) [ 261.906589][ T27] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 261.952958][ T27] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input6 [ 261.971851][ T5850] netlink: 36 bytes leftover after parsing attributes in process `syz.1.390'. [ 262.027589][ T27] dvb-usb: schedule remote query interval to 150 msecs. [ 262.035376][ T27] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 262.063324][ T27] usb 5-1: USB disconnect, device number 4 [ 262.074034][ T5854] capability: warning: `syz.3.391' uses deprecated v2 capabilities in a way that may be insecure [ 263.017790][ T27] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 263.659179][ T5866] ipt_REJECT: TCP_RESET invalid for non-tcp [ 264.973962][ T5873] loop4: detected capacity change from 0 to 4096 [ 265.020153][ T5873] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 265.093034][ T5873] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 265.104690][ T5873] ntfs3: loop4: Failed to load $Extend. [ 265.311790][ T5877] loop1: detected capacity change from 0 to 256 [ 265.401202][ T5877] FAT-fs (loop1): Directory bread(block 64) failed [ 265.459613][ T5877] FAT-fs (loop1): Directory bread(block 65) failed [ 265.502057][ T5877] FAT-fs (loop1): Directory bread(block 66) failed [ 265.590069][ T5877] FAT-fs (loop1): Directory bread(block 67) failed [ 265.599790][ T5877] FAT-fs (loop1): Directory bread(block 68) failed [ 265.607184][ T5877] FAT-fs (loop1): Directory bread(block 69) failed [ 265.614607][ T5877] FAT-fs (loop1): Directory bread(block 70) failed [ 265.631606][ T5877] FAT-fs (loop1): Directory bread(block 71) failed [ 265.665663][ T5877] FAT-fs (loop1): Directory bread(block 72) failed [ 265.692670][ T5877] FAT-fs (loop1): Directory bread(block 73) failed [ 267.092442][ T5890] misc userio: No port type given on /dev/userio [ 267.100761][ T5890] misc userio: Invalid payload size [ 267.460728][ T5897] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 270.652090][ T5904] RDS: rds_bind could not find a transport for ::ffff:100.1.1.2, load rds_tcp or rds_rdma? [ 274.792335][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 274.792348][ T26] audit: type=1326 audit(2000000076.690:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5931 comm="syz.2.415" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd9a258e969 code=0x0 [ 276.448235][ T5942] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 276.461578][ T5942] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 276.477815][ T5941] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 276.684395][ T5947] loop0: detected capacity change from 0 to 512 [ 276.700915][ T5947] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 276.740414][ T5947] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c118, mo2=0102] [ 276.760107][ T5947] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2195: inode #15: comm syz.0.418: corrupted in-inode xattr [ 276.810729][ T5947] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.418: couldn't read orphan inode 15 (err -117) [ 276.836457][ T5947] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 277.929790][ T5960] loop1: detected capacity change from 0 to 2048 [ 277.961555][ T5960] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 278.000598][ T5960] UDF-fs: Scanning with blocksize 512 failed [ 278.056677][ T5960] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 284.525557][ T5999] fuse: Unknown parameter 'f00000000000000000000' [ 284.894673][ T4249] EXT4-fs (loop0): unmounting filesystem. [ 285.257058][ T4308] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 288.264174][ T6019] netlink: 8 bytes leftover after parsing attributes in process `syz.4.437'. [ 288.730321][ T6019] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 288.740017][ T6019] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 288.749640][ T6019] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 288.764983][ T26] audit: type=1800 audit(2000000090.630:21): pid=6019 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.437" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 288.829007][ T48] Bluetooth: hci2: unexpected event for opcode 0x202d [ 293.050601][ T6052] loop3: detected capacity change from 0 to 512 [ 293.754622][ T6054] Falling back ldisc for ttyprintk. [ 295.135986][ T6052] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 295.680464][ T6052] EXT4-fs (loop3): 1 truncate cleaned up [ 295.807300][ T6052] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 296.705134][ T26] audit: type=1326 audit(2000000098.600:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6060 comm="syz.2.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9a258e969 code=0x7ffc0000 [ 296.761198][ T26] audit: type=1326 audit(2000000098.650:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6060 comm="syz.2.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=12 compat=0 ip=0x7fd9a258e969 code=0x7ffc0000 [ 296.783879][ T26] audit: type=1326 audit(2000000098.650:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6060 comm="syz.2.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9a258e969 code=0x7ffc0000 [ 296.814204][ T26] audit: type=1326 audit(2000000098.650:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6060 comm="syz.2.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9a258e969 code=0x7ffc0000 [ 296.836629][ T26] audit: type=1326 audit(2000000098.650:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6060 comm="syz.2.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fd9a258e969 code=0x7ffc0000 [ 296.868139][ T26] audit: type=1326 audit(2000000098.650:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6060 comm="syz.2.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9a258e969 code=0x7ffc0000 [ 296.891274][ T26] audit: type=1326 audit(2000000098.650:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6060 comm="syz.2.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9a258e969 code=0x7ffc0000 [ 296.911006][ T4255] EXT4-fs (loop3): unmounting filesystem. [ 296.920862][ T6072] loop0: detected capacity change from 0 to 512 [ 296.956263][ T26] audit: type=1326 audit(2000000098.650:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6060 comm="syz.2.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd9a258e969 code=0x7ffc0000 [ 297.047972][ T6072] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 297.074783][ T26] audit: type=1326 audit(2000000098.660:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6060 comm="syz.2.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9a258e969 code=0x7ffc0000 [ 297.119862][ T6072] ext4 filesystem being mounted at /98/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 297.232519][ T26] audit: type=1326 audit(2000000098.690:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6060 comm="syz.2.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7fd9a258e969 code=0x7ffc0000 [ 302.196311][ T4399] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 306.359081][ T4249] EXT4-fs (loop0): unmounting filesystem. [ 306.806889][ T6194] No such timeout policy "syz1" [ 307.330330][ T6190] orangefs_mount: mount request failed with -4 [ 313.323099][ T6242] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 313.336053][ T6242] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 315.541056][ T6255] device team0 entered promiscuous mode [ 315.546772][ T6255] device team_slave_0 entered promiscuous mode [ 315.555248][ T6255] device team_slave_1 entered promiscuous mode [ 316.094773][ T6247] device team0 left promiscuous mode [ 316.100794][ T6247] device team_slave_0 left promiscuous mode [ 316.107596][ T6247] device team_slave_1 left promiscuous mode [ 317.265109][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.297105][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.001151][ T6259] loop4: detected capacity change from 0 to 1764 [ 321.952427][ T6271] infiniband syz!: set active [ 321.962584][ T6271] infiniband syz!: added team_slave_0 [ 322.038103][ T6271] rdma_rxe: unable to create cq [ 322.055918][ T6271] infiniband syz!: Couldn't create ib_mad CQ [ 322.088695][ T6271] infiniband syz!: Couldn't open port 1 [ 323.039848][ T6271] RDS/IB: syz!: added [ 323.072387][ T6271] smc: adding ib device syz! with port count 1 [ 323.099831][ T6271] smc: ib device syz! port 1 has pnetid [ 323.182424][ T6305] netlink: 4 bytes leftover after parsing attributes in process `syz.4.492'. [ 323.328686][ T6308] loop3: detected capacity change from 0 to 1024 [ 324.176828][ T6309] netlink: 4 bytes leftover after parsing attributes in process `syz.4.492'. [ 324.532716][ T6320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.494'. [ 325.391521][ T6326] block device autoloading is deprecated and will be removed. [ 329.373669][ T6356] device team0 entered promiscuous mode [ 329.379538][ T6356] device team_slave_0 entered promiscuous mode [ 329.759467][ T6356] device team_slave_1 entered promiscuous mode [ 329.876159][ T6348] device team0 left promiscuous mode [ 329.881516][ T6348] device team_slave_0 left promiscuous mode [ 329.888567][ T6348] device team_slave_1 left promiscuous mode [ 329.930498][ T6360] loop3: detected capacity change from 0 to 164 [ 334.343056][ T6397] loop4: detected capacity change from 0 to 512 [ 335.225480][ T6397] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 335.276071][ T6397] ext4 filesystem being mounted at /96/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 335.874365][ T48] Bluetooth: hci0: unexpected event for opcode 0x0005 [ 337.145446][ T6412] loop0: detected capacity change from 0 to 32768 [ 337.154514][ T6412] XFS: ikeep mount option is deprecated. [ 337.160458][ T6412] XFS: attr2 mount option is deprecated. [ 337.166335][ T6412] XFS: noikeep mount option is deprecated. [ 337.176438][ T6412] XFS (loop0): sunit and swidth must be specified together [ 338.043664][ T6420] loop1: detected capacity change from 0 to 1024 [ 338.057525][ T6420] EXT4-fs: Ignoring removed orlov option [ 338.242137][ T4250] EXT4-fs (loop4): unmounting filesystem. [ 339.029697][ T6420] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 342.158917][ T4262] EXT4-fs (loop1): unmounting filesystem. [ 342.981484][ T6449] netlink: 'syz.4.521': attribute type 10 has an invalid length. [ 343.032429][ T6451] cgroup: Unknown subsys name '-' [ 343.397772][ T6457] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 344.759192][ T6459] kernel profiling enabled (shift: 7) [ 347.047198][ T6449] net_ratelimit: 10 callbacks suppressed [ 347.047212][ T6449] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:17 [ 347.119610][ T6449] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:17 [ 347.137019][ T6464] 9pnet_fd: Insufficient options for proto=fd [ 347.218395][ T6449] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 347.814798][ T6172] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 347.921845][ T6468] loop3: detected capacity change from 0 to 32768 [ 347.948262][ T6449] batman_adv: batadv0: Local translation table size (100) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:17 [ 348.017392][ T6449] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 348.157802][ T6468] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode. [ 348.180952][ T4348] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:17 [ 349.173063][ T6480] device veth1_to_team entered promiscuous mode [ 350.047977][ T4255] ocfs2: Unmounting device (7,3) on (node local) [ 350.174817][ T6172] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 353.059867][ T6480] team0: Port device team_slave_1 removed [ 354.760581][ T4304] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 356.396209][ T6499] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 356.698190][ T6499] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 356.706655][ T6499] Bluetooth: hci1: Suspend notifier action (1) failed: -4 [ 356.727897][ T4341] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 356.936925][ T6499] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 357.327221][ T4401] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 357.751352][ T6499] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 357.788734][ T6499] Bluetooth: hci2: Suspend notifier action (1) failed: -4 [ 357.808462][ T6499] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 357.821297][ T6499] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 357.834279][ T6499] Bluetooth: hci0: Suspend notifier action (1) failed: -4 [ 357.844013][ T6499] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 357.850520][ T4398] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 357.865429][ T6499] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 357.874127][ T6499] Bluetooth: hci3: Suspend notifier action (1) failed: -4 [ 358.446617][ T48] Bluetooth: hci1: command 0x0c1a tx timeout [ 358.738598][ T6499] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 358.744705][ T6499] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 358.774306][ T6499] Bluetooth: hci4: Suspend notifier action (1) failed: -4 [ 358.783271][ T4344] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 359.006357][ T48] Bluetooth: hci2: command 0x0c1a tx timeout [ 360.290928][ T48] Bluetooth: hci3: command 0x0c1a tx timeout [ 360.297210][ T48] Bluetooth: hci0: command 0x0c1a tx timeout [ 360.441432][ T4398] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 360.596214][ T4259] Bluetooth: hci1: command 0x0406 tx timeout [ 360.786423][ T48] Bluetooth: hci4: command 0x0c1a tx timeout [ 361.086371][ T48] Bluetooth: hci2: command 0x0406 tx timeout [ 361.576234][ T22] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 361.713765][ T4401] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 361.916193][ T22] usb 5-1: Using ep0 maxpacket: 8 [ 362.003208][ T22] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 362.045155][ T6567] vivid-002: disconnect [ 362.366504][ T48] Bluetooth: hci0: command 0x0406 tx timeout [ 362.366576][ T4259] Bluetooth: hci3: command 0x0406 tx timeout [ 362.610685][ T26] audit: type=1326 audit(2000000164.510:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 362.665471][ T6562] vivid-002: reconnect [ 362.687838][ T22] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 362.704486][ T22] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 362.746253][ T22] usb 5-1: Product: syz [ 362.750551][ T22] usb 5-1: Manufacturer: syz [ 362.756200][ T22] usb 5-1: SerialNumber: syz [ 362.776852][ T22] usb 5-1: config 0 descriptor?? [ 362.812889][ T22] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 362.821267][ T22] usb 5-1: setting power ON [ 362.828317][ T22] dvb-usb: bulk message failed: -22 (2/0) [ 362.853457][ T22] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 362.863102][ T4259] Bluetooth: hci4: command 0x0406 tx timeout [ 362.863556][ T22] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 362.878003][ T22] usb 5-1: media controller created [ 362.901110][ T26] audit: type=1326 audit(2000000164.510:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 363.346975][ T22] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 363.452833][ T4401] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 363.660929][ T6576] dvb-usb: bulk message failed: -22 (3/0) [ 363.667960][ T6576] usb 5-1: gpio_write failed. [ 363.673495][ T6576] dvb-usb: bulk message failed: -22 (5/0) [ 365.123410][ T6579] loop0: detected capacity change from 0 to 40427 [ 365.136855][ T4259] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 365.148322][ T4259] CPU: 0 PID: 4259 Comm: kworker/u5:3 Not tainted 6.1.139-syzkaller #0 [ 365.156568][ T4259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 365.166612][ T4259] Workqueue: hci2 hci_rx_work [ 365.171286][ T4259] Call Trace: [ 365.174557][ T4259] [ 365.177473][ T4259] dump_stack_lvl+0x168/0x22e [ 365.182140][ T4259] ? show_regs_print_info+0x12/0x12 [ 365.187344][ T4259] ? load_image+0x3b0/0x3b0 [ 365.191868][ T4259] sysfs_create_dir_ns+0x252/0x280 [ 365.196963][ T4259] ? hci_rx_work+0x3eb/0xd40 [ 365.201550][ T4259] ? sysfs_warn_dup+0xa0/0xa0 [ 365.206220][ T4259] ? do_raw_spin_unlock+0x11d/0x230 [ 365.211428][ T4259] kobject_add_internal+0x6b8/0xc80 [ 365.216710][ T4259] kobject_add+0x152/0x210 [ 365.221154][ T4259] ? kobject_init+0x1d0/0x1d0 [ 365.225846][ T4259] ? klist_children_get+0x50/0x50 [ 365.230867][ T4259] ? get_device_parent+0x121/0x3f0 [ 365.236101][ T4259] device_add+0x483/0xfb0 [ 365.240430][ T4259] ? kmem_cache_free+0xf7/0x290 [ 365.245266][ T4259] hci_conn_add_sysfs+0xd1/0x1e0 [ 365.250218][ T4259] le_conn_complete_evt+0xd1d/0x1320 [ 365.255496][ T4259] ? hci_le_big_info_adv_report_evt+0x310/0x310 [ 365.261742][ T4259] ? __mutex_unlock_slowpath+0x19e/0x6a0 [ 365.267453][ T4259] ? skb_pull_data+0xf7/0x200 [ 365.272141][ T4259] hci_le_conn_complete_evt+0x183/0x440 [ 365.277674][ T4259] ? hci_remote_host_features_evt+0x270/0x270 [ 365.283730][ T4259] hci_event_packet+0x791/0x1210 [ 365.288663][ T4259] ? bis_list+0x280/0x280 [ 365.292976][ T4259] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 365.298876][ T4259] ? kcov_remote_start+0x4c7/0x7e0 [ 365.303972][ T4259] ? sysvec_irq_work+0xc0/0xc0 [ 365.308738][ T4259] ? hci_send_to_monitor+0x9c/0x4a0 [ 365.313924][ T4259] hci_rx_work+0x3eb/0xd40 [ 365.318342][ T4259] ? _raw_spin_unlock+0x40/0x40 [ 365.323182][ T4259] ? process_one_work+0x7a1/0x1160 [ 365.328276][ T4259] process_one_work+0x898/0x1160 [ 365.333202][ T4259] ? worker_detach_from_pool+0x240/0x240 [ 365.338820][ T4259] ? _raw_spin_lock_irq+0xab/0xe0 [ 365.343829][ T4259] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 365.349184][ T4259] ? kthread_data+0x4b/0xc0 [ 365.353692][ T4259] worker_thread+0xaa2/0x1250 [ 365.358364][ T4259] kthread+0x29d/0x330 [ 365.362432][ T4259] ? worker_clr_flags+0x1a0/0x1a0 [ 365.367446][ T4259] ? kthread_blkcg+0xd0/0xd0 [ 365.372028][ T4259] ret_from_fork+0x1f/0x30 [ 365.376444][ T4259] [ 365.381870][ T4259] kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 365.395132][ T4259] Bluetooth: hci2: failed to register connection device [ 365.413585][ T6579] F2FS-fs (loop0): Unrecognized mount option "errors=remount-ro" or missing value [ 365.426268][ T26] audit: type=1326 audit(2000000164.530:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 365.448557][ T26] audit: type=1326 audit(2000000164.530:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 365.471468][ T26] audit: type=1326 audit(2000000164.530:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 365.494631][ T26] audit: type=1326 audit(2000000164.530:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 365.525085][ T26] audit: type=1326 audit(2000000164.530:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 365.593301][ T22] usb 5-1: selecting invalid altsetting 6 [ 365.600884][ T22] usb 5-1: digital interface selection failed (-22) [ 365.607994][ T22] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 365.727850][ T22] usb 5-1: setting power OFF [ 365.733051][ T22] dvb-usb: bulk message failed: -22 (2/0) [ 365.748544][ T4425] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 367.250507][ T26] audit: type=1326 audit(2000000164.530:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 367.340870][ T22] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 367.351533][ T22] (NULL device *): no alternate interface [ 367.385052][ T22] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 367.404301][ T22] usb 5-1: USB disconnect, device number 5 [ 367.476457][ T26] audit: type=1326 audit(2000000164.530:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 367.712343][ T26] audit: type=1326 audit(2000000164.540:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 367.734732][ T26] audit: type=1326 audit(2000000164.540:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 367.751147][ T4425] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 367.768042][ T26] audit: type=1326 audit(2000000164.540:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 368.685645][ T26] audit: type=1326 audit(2000000164.540:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 369.926933][ T26] audit: type=1326 audit(2000000164.540:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 370.382681][ T6605] loop1: detected capacity change from 0 to 512 [ 370.435721][ T26] audit: type=1326 audit(2000000164.540:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 370.834286][ T26] audit: type=1326 audit(2000000164.540:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 370.859135][ T26] audit: type=1326 audit(2000000164.540:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 370.888047][ T6605] EXT4-fs warning (device loop1): ext4_multi_mount_protect:404: Unable to create kmmpd thread for loop1. [ 372.313607][ T6578] Set syz1 is full, maxelem 65536 reached [ 373.017645][ T26] audit: type=1326 audit(2000000164.540:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 373.213126][ T26] audit: type=1326 audit(2000000164.540:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 373.237161][ T26] audit: type=1326 audit(2000000164.540:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 373.261605][ T26] audit: type=1326 audit(2000000164.540:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 373.285600][ T26] audit: type=1326 audit(2000000164.540:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 373.295755][ T4425] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 373.322152][ T26] audit: type=1326 audit(2000000164.540:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 373.527212][ T6623] loop4: detected capacity change from 0 to 2048 [ 373.556583][ T26] audit: type=1326 audit(2000000164.540:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 374.405684][ T4425] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 374.455877][ T6623] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 374.483462][ T6623] ext4 filesystem being mounted at /105/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 374.489460][ T26] audit: type=1326 audit(2000000164.540:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 374.614950][ T26] audit: type=1326 audit(2000000164.540:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 374.654171][ T26] audit: type=1326 audit(2000000164.540:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214d38e969 code=0x7fc00000 [ 374.749483][ T6633] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 374.760748][ T6633] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 374.958084][ T4855] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 375.047100][ T6640] netlink: 8 bytes leftover after parsing attributes in process `syz.4.566'. [ 375.717999][ T4855] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 376.902450][ T4250] EXT4-fs (loop4): unmounting filesystem. [ 378.281444][ T4425] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 378.296419][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.308603][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.612029][ T6661] loop4: detected capacity change from 0 to 164 [ 378.906245][ T6670] tmpfs: Unknown parameter '00000000000000000000' [ 379.316440][ T6670] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 381.366368][ T6684] IPVS: set_ctl: invalid protocol: 22 0.0.0.0:20000 [ 382.815499][ C1] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:17 [ 382.851349][ T4401] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 384.365840][ T6694] loop1: detected capacity change from 0 to 2048 [ 384.405747][ T4401] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 384.481658][ T6694] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 384.507017][ T6694] UDF-fs: Scanning with blocksize 512 failed [ 384.793594][ T6694] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 384.836287][ T4253] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 385.232628][ T6161] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 385.249114][ T4253] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 385.809330][ T4253] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 385.838702][ T4253] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 385.876365][ T4253] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 385.909841][ T4253] usb 1-1: config 0 descriptor?? [ 385.924014][ T4253] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 385.940470][ T6689] overlayfs: failed to resolve './file0': -2 [ 385.964145][ T4253] dvb-usb: bulk message failed: -22 (3/0) [ 386.159631][ T6698] dibusb: i2c wr: len=61 is too big! [ 386.159631][ T6698] [ 386.169407][ T4253] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 386.244332][ T4253] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 386.321392][ T4253] usb 1-1: media controller created [ 386.372649][ T4253] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 386.385914][ T6161] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 386.906678][ T4253] dvb-usb: bulk message failed: -22 (6/0) [ 386.920191][ T4253] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 386.952837][ T4253] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input7 [ 387.009177][ T6711] loop3: detected capacity change from 0 to 256 [ 387.066054][ T4253] dvb-usb: schedule remote query interval to 150 msecs. [ 387.074707][ T4253] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 387.106283][ T6711] FAT-fs (loop3): bogus logical sector size 0 [ 387.112627][ T6711] FAT-fs (loop3): Can't find a valid FAT filesystem [ 387.190787][ T4253] usb 1-1: USB disconnect, device number 3 [ 387.355637][ T6712] loop4: detected capacity change from 0 to 40427 [ 387.449054][ T6712] F2FS-fs (loop4): invalid crc value [ 388.094823][ T6712] F2FS-fs (loop4): Found nat_bits in checkpoint [ 388.207336][ T6161] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 388.431874][ T6712] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 388.487551][ T4253] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 389.612132][ T4401] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 389.644423][ T6738] loop0: detected capacity change from 0 to 164 [ 390.316114][ C1] hrtimer: interrupt took 46284 ns [ 390.630970][ T4398] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 390.697517][ T4250] syz-executor: attempt to access beyond end of device [ 390.697517][ T4250] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 390.717686][ T6741] overlayfs: failed to clone upperpath [ 391.324459][ T11] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 392.611686][ T11] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 392.832984][ T6760] loop4: detected capacity change from 0 to 1024 [ 393.176531][ T6167] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 394.001347][ T11] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 394.548398][ T6181] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 395.000102][ T6773] CIFS mount error: No usable UNC path provided in device string! [ 395.000102][ T6773] [ 395.010185][ T6773] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 395.070985][ T6167] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 395.212405][ T6776] loop3: detected capacity change from 0 to 1024 [ 396.625396][ T4308] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 397.261199][ T6789] loop3: detected capacity change from 0 to 512 [ 397.349941][ T6167] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 397.434947][ T6788] loop4: detected capacity change from 0 to 4096 [ 397.461381][ T6788] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512) [ 397.500882][ T6789] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 398.103200][ T6789] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 398.166695][ T6789] System zones: 0-1, 15-15, 18-18, 34-34 [ 398.174230][ T6789] EXT4-fs (loop3): orphan cleanup on readonly fs [ 398.180971][ T6789] __quota_error: 67 callbacks suppressed [ 398.180984][ T6789] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 398.196652][ T6789] EXT4-fs warning (device loop3): ext4_enable_quotas:7054: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 398.213796][ T6789] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 398.222489][ T6789] EXT4-fs error (device loop3): ext4_orphan_get:1426: comm syz.3.604: bad orphan inode 16 [ 398.232972][ T6789] ext4_test_bit(bit=15, block=18) = 1 [ 398.240754][ T6789] is_bad_inode(inode)=0 [ 398.245110][ T6789] NEXT_ORPHAN(inode)=0 [ 398.250403][ T6789] max_ino=32 [ 398.253762][ T6789] i_nlink=2 [ 398.259903][ T6789] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 398.675040][ T6802] syz.4.605 sent an empty control message without MSG_MORE. [ 399.390357][ T4344] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 399.421112][ T4255] EXT4-fs (loop3): unmounting filesystem. [ 399.437907][ T6808] loop1: detected capacity change from 0 to 256 [ 399.468273][ T6808] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 399.496618][ T6808] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 402.603577][ T6808] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x062de574, utbl_chksum : 0xe619d30d) [ 402.655304][ T4344] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 403.255252][ T6167] Bluetooth: hci5: Frame reassembly failed (-84) [ 404.088508][ T4344] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 404.797799][ T6835] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 405.813916][ T4259] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 405.965897][ T6167] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 406.217041][ T6845] loop1: detected capacity change from 0 to 2048 [ 406.241854][ T6845] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 407.051984][ T6167] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 407.055914][ T6376] udevd[6376]: incorrect nilfs2 checksum on /dev/loop1 [ 407.128516][ T6845] syz.1.617: attempt to access beyond end of device [ 407.128516][ T6845] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 407.257516][ T6859] loop3: detected capacity change from 0 to 2048 [ 407.309997][ T6859] EXT4-fs: Ignoring removed bh option [ 407.571980][ T6862] loop0: detected capacity change from 0 to 2048 [ 408.141837][ T6862] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 408.149866][ T6859] EXT4-fs: Ignoring removed nomblk_io_submit option [ 408.206755][ T6859] EXT4-fs: Ignoring removed orlov option [ 408.229392][ T6859] EXT4-fs (loop3): can't mount with both data=journal and dax [ 408.280918][ T6140] udevd[6140]: incorrect nilfs2 checksum on /dev/loop1 [ 412.024585][ T6161] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 414.581799][ C1] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:17 [ 415.008878][ T6891] loop1: detected capacity change from 0 to 164 [ 415.084159][ T6899] input: syz1 as /devices/virtual/input/input8 [ 415.864808][ T6167] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 417.094664][ T6167] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 417.186926][ T6913] loop1: detected capacity change from 0 to 256 [ 419.322497][ T6376] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 419.482737][ T4344] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 420.018934][ T6935] netlink: 16 bytes leftover after parsing attributes in process `syz.2.636'. [ 421.322010][ T4330] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 421.706925][ T6946] loop1: detected capacity change from 0 to 32768 [ 421.765654][ T6946] jfs_strtoUCS: char2uni returned -22. [ 421.771383][ T6946] charset = cp950, char = 0xd4 [ 422.897296][ T4398] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 422.901351][ T48] Bluetooth: hci4: unexpected event for opcode 0x0c03 [ 424.131671][ T6964] find_entry called with index = 0 [ 424.566724][ T6963] loop4: detected capacity change from 0 to 32768 [ 427.042893][ T4344] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 428.893875][ T6976] netlink: 4 bytes leftover after parsing attributes in process `syz.2.647'. [ 428.907675][ T6976] netlink: 12 bytes leftover after parsing attributes in process `syz.2.647'. [ 429.998757][ T6980] loop3: detected capacity change from 0 to 40427 [ 430.003561][ T4344] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 430.028649][ T6980] F2FS-fs (loop3): Unrecognized mount option "errors=remount-ro" or missing value [ 431.230179][ T6979] Set syz1 is full, maxelem 65536 reached [ 431.365601][ T33] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 433.162356][ T6990] loop4: detected capacity change from 0 to 4096 [ 433.173514][ T6990] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 433.215482][ T33] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 435.881311][ T33] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 437.436559][ T7012] loop0: detected capacity change from 0 to 32768 [ 437.447100][ T7012] xfs: Unknown parameter 'obj_role' [ 438.736592][ T33] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 438.754733][ T7014] loop3: detected capacity change from 0 to 512 [ 438.781000][ T7014] EXT4-fs: Ignoring removed nobh option [ 438.791459][ T7014] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 438.901456][ T7014] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.656: invalid indirect mapped block 256 (level 2) [ 439.252448][ T7014] EXT4-fs (loop3): 2 truncates cleaned up [ 439.370906][ T7014] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 439.785805][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.792659][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 439.827369][ T5112] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 441.807842][ T4304] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm kworker/u4:5: bg 0: block 5: invalid block bitmap [ 441.915929][ T4304] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 441.972317][ T4304] EXT4-fs (loop3): This should not happen!! Data will be lost [ 441.972317][ T4304] [ 441.996424][ T4304] EXT4-fs (loop3): Total free blocks count 0 [ 442.002573][ T4304] EXT4-fs (loop3): Free/Dirty block details [ 442.009684][ T4304] EXT4-fs (loop3): free_blocks=0 [ 442.014800][ T4304] EXT4-fs (loop3): dirty_blocks=10072 [ 442.020295][ T4304] EXT4-fs (loop3): Block reservation details [ 442.180538][ T4304] EXT4-fs (loop3): i_reserved_data_blocks=10072 [ 442.935585][ T46] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 443.068204][ T4304] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 2052 with max blocks 2048 with error 28 [ 443.522042][ T5112] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 444.389375][ T7066] loop0: detected capacity change from 0 to 1024 [ 445.721582][ T4308] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 447.195891][ T4255] EXT4-fs: 7 callbacks suppressed [ 447.195910][ T4255] EXT4-fs (loop3): unmounting filesystem. [ 448.490277][ T4308] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 450.413256][ T4308] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 451.205069][ T7099] loop4: detected capacity change from 0 to 40427 [ 452.035606][ T7099] F2FS-fs (loop4): Unrecognized mount option "backg ound_gc=on" or missing value [ 452.742438][ T4308] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 454.129560][ T6174] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 454.782730][ T7127] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 454.794151][ T7127] overlayfs: fs on './file0' does not support file handles, falling back to xino=off. [ 456.512443][ T6174] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 458.122759][ T11] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 459.158518][ T7145] loop1: detected capacity change from 0 to 4096 [ 459.249901][ T7153] loop4: detected capacity change from 0 to 2048 [ 459.313633][ T7153] EXT4-fs: Ignoring removed bh option [ 459.320209][ T7153] EXT4-fs: Ignoring removed nomblk_io_submit option [ 459.327541][ T7153] EXT4-fs: Ignoring removed orlov option [ 459.334195][ T7153] EXT4-fs (loop4): can't mount with both data=journal and dax [ 462.571139][ T11] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 462.608359][ T48] Bluetooth: hci3: unexpected event for opcode 0x0c05 [ 463.273684][ T7174] xt_connbytes: Forcing CT accounting to be enabled [ 463.280557][ T7174] Cannot find set identified by id 0 to match [ 463.442399][ T11] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 463.546001][ T7182] loop1: detected capacity change from 0 to 512 [ 463.626253][ T7182] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 464.133258][ T4341] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 464.175294][ T7182] EXT4-fs (loop1): 1 truncate cleaned up [ 464.191365][ T7182] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 465.055031][ T57] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 466.554316][ T4308] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 467.261913][ T4262] EXT4-fs (loop1): unmounting filesystem. [ 467.417435][ T46] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 467.630378][ T7220] netlink: 12 bytes leftover after parsing attributes in process `syz.1.703'. [ 467.643543][ T7220] tipc: Enabling of bearer rejected, failed to enable media [ 468.589785][ T4398] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 469.441556][ T6174] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 469.815606][ T7235] loop1: detected capacity change from 0 to 512 [ 469.864364][ T7235] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 469.874145][ T7235] EXT4-fs (loop1): 1 truncate cleaned up [ 469.879997][ T7235] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 469.991547][ T4308] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 471.380432][ T4344] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 471.958578][ T6174] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 473.448835][ T6174] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 473.555524][ T7259] loop0: detected capacity change from 0 to 512 [ 473.610690][ T7259] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 473.691251][ T7259] EXT4-fs (loop0): 1 truncate cleaned up [ 473.734602][ T7259] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 474.053220][ T7248] loop3: detected capacity change from 0 to 40427 [ 474.132842][ T7248] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x3ffff [ 474.158367][ T6174] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 474.172945][ T7248] F2FS-fs (loop3): invalid crc value [ 474.180288][ T4262] EXT4-fs (loop1): unmounting filesystem. [ 474.252006][ T7248] F2FS-fs (loop3): Found nat_bits in checkpoint [ 474.465700][ T7248] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 474.796211][ T4308] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 474.825161][ T4249] EXT4-fs (loop0): unmounting filesystem. [ 475.647534][ C1] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:17 [ 475.955646][ T7283] loop0: detected capacity change from 0 to 256 [ 476.852445][ T4308] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 477.829772][ T33] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 478.055663][ T7297] Illegal XDP return value 4294967294 on prog (id 166) dev N/A, expect packet loss! [ 478.632955][ T46] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 478.768990][ T7304] netlink: 8 bytes leftover after parsing attributes in process `syz.4.723'. [ 480.795180][ T7302] loop0: detected capacity change from 0 to 32768 [ 481.264479][ T7302] ialloc: diAlloc returned -17! [ 481.575716][ T7308] trusted_key: encrypted_key: insufficient parameters specified [ 482.743888][ T46] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 483.611108][ T7323] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 483.625208][ T7323] Error parsing options; rc = [-22] [ 485.745379][ T57] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 486.502963][ T7338] loop1: detected capacity change from 0 to 512 [ 486.691456][ T6165] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 486.732278][ T7338] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 486.772261][ T7338] EXT4-fs (loop1): 1 truncate cleaned up [ 486.786177][ T7338] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 486.878949][ T7355] loop3: detected capacity change from 0 to 2048 [ 486.910559][ T7355] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 488.287346][ T33] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 489.853796][ T6165] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 491.484704][ T48] Bluetooth: Wrong link type (-57) [ 491.508004][ T7375] bridge0: port 3(netdevsim0) entered blocking state [ 491.522186][ T7375] bridge0: port 3(netdevsim0) entered disabled state [ 491.544597][ T7375] device netdevsim0 entered promiscuous mode [ 491.559310][ T4262] EXT4-fs (loop1): unmounting filesystem. [ 491.566093][ T7375] bridge0: port 3(netdevsim0) entered blocking state [ 491.573268][ T7375] bridge0: port 3(netdevsim0) entered forwarding state [ 491.683182][ T6165] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 491.755005][ T7375] netlink: 8 bytes leftover after parsing attributes in process `syz.0.737'. [ 492.651288][ T57] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 492.689994][ T48] Bluetooth: hci3: unexpected event for opcode 0x080d [ 492.715086][ T7402] futex_wake_op: syz.4.747 tries to shift op by -1; fix this program [ 493.061137][ T48] Bluetooth: hci3: unexpected event for opcode 0x202a [ 494.150430][ T4425] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 494.473311][ T7417] loop3: detected capacity change from 0 to 8 [ 494.877770][ T33] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 494.963322][ T7417] SQUASHFS error: zlib decompression failed, data probably corrupt [ 495.062725][ T7417] SQUASHFS error: Failed to read block 0x9b: -5 [ 495.074659][ T7417] SQUASHFS error: Unable to read metadata cache entry [99] [ 495.088895][ T7417] SQUASHFS error: Unable to read inode 0x127 [ 495.448361][ T48] Bluetooth: hci3: unexpected event for opcode 0x1405 [ 495.555479][ T48] Bluetooth: hci4: unexpected event for opcode 0x2042 [ 495.642742][ T33] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 498.144438][ T33] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 498.605889][ T33] Bluetooth: hci5: Frame reassembly failed (-84) [ 498.664408][ T33] Bluetooth: hci5: Frame reassembly failed (-84) [ 499.465378][ T4425] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 499.568247][ T4259] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 499.577069][ T4259] Bluetooth: hci4: Injecting HCI hardware error event [ 499.593137][ T4260] Bluetooth: hci4: hardware error 0x00 [ 500.298077][ T4425] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 500.606359][ T48] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 501.020476][ T4502] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 501.086320][ T4259] Bluetooth: hci4: Malformed Event: 0x02 [ 501.148060][ T7475] loop0: detected capacity change from 0 to 4096 [ 501.168684][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.175053][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.423652][ T7475] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 501.899749][ T4425] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 502.625514][ T4259] Bluetooth: hci3: unexpected event for opcode 0x1009 [ 502.732240][ T4425] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 502.937096][ T4260] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 503.698921][ T4425] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 504.777575][ T4425] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 506.687663][ T11] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 506.884823][ T4260] Bluetooth: hci1: unexpected event for opcode 0x0c0d [ 507.422679][ T7540] blktrace: Concurrent blktraces are not allowed on nbd1 [ 507.972385][ T11] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 509.289752][ T52] block nbd0: Attempted send on invalid socket [ 509.297763][ T52] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 510.001270][ T4260] Bluetooth: hci3: unexpected cc 0x0c25 length: 4 > 3 [ 510.008299][ T4260] Bluetooth: hci3: unexpected event for opcode 0x0c25 [ 510.046799][ T4502] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 510.870612][ T4344] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 512.274014][ T4341] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 512.881223][ T7591] overlayfs: failed to resolve './file1': -2 [ 513.366975][ T7593] overlayfs: failed to clone upperpath [ 514.025107][ T46] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 514.376777][ T7600] overlayfs: failed to clone upperpath [ 514.976678][ T7602] blktrace: Concurrent blktraces are not allowed on nbd1 [ 514.987182][ T46] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 515.270667][ T7583] loop0: detected capacity change from 0 to 32768 [ 515.347393][ T7583] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz.0.815 (7583) [ 515.454138][ T7608] bridge0: port 3(netdevsim0) entered blocking state [ 515.504117][ T7608] bridge0: port 3(netdevsim0) entered disabled state [ 515.546201][ T6161] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 515.562095][ T7608] device netdevsim0 entered promiscuous mode [ 515.588061][ T7608] bridge0: port 3(netdevsim0) entered blocking state [ 515.594906][ T7608] bridge0: port 3(netdevsim0) entered forwarding state [ 515.608079][ T7612] netlink: 8 bytes leftover after parsing attributes in process `syz.2.822'. [ 515.655944][ T4260] Bluetooth: hci3: unexpected event for opcode 0x202f [ 517.717199][ T7633] overlayfs: failed to resolve './file1': -2 [ 519.024823][ T4341] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 519.259368][ T7642] loop1: detected capacity change from 0 to 64 [ 519.355303][ T7646] overlayfs: failed to clone upperpath [ 519.728279][ T4260] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 519.739253][ T4260] Bluetooth: hci3: Injecting HCI hardware error event [ 519.751633][ T4260] Bluetooth: hci3: hardware error 0x00 [ 520.037203][ T4341] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 520.350646][ T7652] blktrace: Concurrent blktraces are not allowed on nbd0 [ 521.018488][ T4341] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 522.188996][ T4341] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 522.484787][ T7677] loop0: detected capacity change from 0 to 1024 [ 522.526183][ T4260] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 522.706263][ T4341] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 522.915558][ T7686] overlayfs: failed to clone upperpath [ 523.756307][ T6174] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 523.771964][ T4260] Bluetooth: hci2: unexpected event for opcode 0x0c5a [ 525.018658][ T7702] loop1: detected capacity change from 0 to 64 [ 525.037052][ T6174] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 525.307838][ T7708] netlink: 16 bytes leftover after parsing attributes in process `syz.2.857'. [ 525.332445][ T7708] netlink: 8 bytes leftover after parsing attributes in process `syz.2.857'. [ 525.379097][ T7710] binder: Bad value for 'stats' [ 525.471423][ T7692] loop0: detected capacity change from 0 to 32768 [ 525.505203][ T7692] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.850 (7692) [ 525.597983][ T7692] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 525.615850][ T4401] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 525.639399][ T7692] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 525.676165][ T7692] BTRFS info (device loop0): using free space tree [ 525.970505][ T7692] BTRFS info (device loop0): enabling ssd optimizations [ 526.038026][ T7750] futex_wake_op: syz.3.870 tries to shift op by -1; fix this program [ 526.177590][ T4401] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 526.440110][ T7759] blktrace: Concurrent blktraces are not allowed on nbd1 [ 526.859452][ T4401] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 527.101329][ T4249] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 527.586492][ T46] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 527.872864][ T7792] capability: warning: `syz.1.884' uses 32-bit capabilities (legacy support in use) [ 527.893455][ T7794] overlayfs: empty lowerdir [ 528.084550][ T7798] netlink: 'syz.3.887': attribute type 7 has an invalid length. [ 528.157443][ T5112] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 528.386351][ T7804] blktrace: Concurrent blktraces are not allowed on nbd0 [ 528.988302][ T5112] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 529.297679][ T7823] netlink: 8 bytes leftover after parsing attributes in process `syz.3.898'. [ 529.493217][ T7833] netlink: 8 bytes leftover after parsing attributes in process `syz.3.903'. [ 529.639382][ T5112] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 529.838296][ T7818] loop0: detected capacity change from 0 to 32768 [ 530.063607][ T7853] bond0: Unable to set up delay as MII monitoring is disabled [ 530.199593][ T46] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 530.783037][ T5112] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 531.312538][ T7892] blktrace: Concurrent blktraces are not allowed on nbd1 [ 531.634562][ T5112] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 532.307393][ T46] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 532.859564][ T46] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 533.421495][ T57] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 533.551578][ T7944] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled [ 534.156335][ T46] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 534.982669][ T6174] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 535.196171][ T4253] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 535.490630][ T4253] usb 1-1: Using ep0 maxpacket: 32 [ 535.519000][ T4253] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 535.538747][ T4253] usb 1-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 535.539333][ T11] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 535.548237][ T4253] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 535.575229][ T4253] usb 1-1: Product: syz [ 535.579869][ T4253] usb 1-1: Manufacturer: syz [ 535.584497][ T4253] usb 1-1: SerialNumber: syz [ 535.613523][ T4253] usb 1-1: config 0 descriptor?? [ 535.643796][ T4253] usb 1-1: bad CDC descriptors [ 535.653442][ T4253] usb 1-1: unsupported MDLM descriptors [ 535.965037][ T7782] usb 1-1: USB disconnect, device number 4 [ 536.182328][ T11] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 536.874944][ T8019] blktrace: Concurrent blktraces are not allowed on nbd0 [ 537.058335][ T46] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 537.741876][ T46] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 537.860948][ T8041] overlayfs: missing 'workdir' [ 538.700572][ T6161] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 539.353720][ T8070] tipc: Can't bind to reserved service type 2 [ 539.430110][ T4401] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 540.759186][ T6161] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 542.025065][ T11] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 542.609918][ T6165] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 543.138760][ T6161] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 543.666217][ T33] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 543.761105][ T8172] Invalid option length (1032052) for dns_resolver key [ 543.781733][ T8171] loop1: detected capacity change from 0 to 1024 [ 543.847582][ T8171] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 544.099553][ T4262] EXT4-fs (loop1): unmounting filesystem. [ 544.240591][ T6165] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 544.806975][ T6161] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 544.834477][ T8168] loop0: detected capacity change from 0 to 32768 [ 544.865205][ T8168] XFS: ikeep mount option is deprecated. [ 544.884565][ T8168] XFS: noikeep mount option is deprecated. [ 544.981042][ T8168] XFS (loop0): Mounting V5 Filesystem [ 545.041151][ T4260] Bluetooth: hci2: Malformed LE Event: 0x1b [ 545.192588][ T8168] XFS (loop0): Ending clean mount [ 545.220698][ T8168] XFS (loop0): Quotacheck needed: Please wait. [ 545.324800][ T8168] XFS (loop0): Quotacheck: Done. [ 545.358340][ T11] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 545.404445][ T8189] loop1: detected capacity change from 0 to 32768 [ 545.505844][ T8189] XFS (loop1): Mounting V5 Filesystem [ 545.670168][ T4249] XFS (loop0): Unmounting Filesystem [ 545.719474][ T8189] XFS (loop1): Ending clean mount [ 545.936292][ T6161] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 546.006570][ T4262] XFS (loop1): Unmounting Filesystem [ 546.609282][ T46] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 546.655979][ T8238] loop1: detected capacity change from 0 to 256 [ 546.668052][ T8238] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 547.629238][ T6165] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 547.806758][ T8247] syz.0.1077 uses old SIOCAX25GETINFO [ 548.023183][ T8251] loop1: detected capacity change from 0 to 4096 [ 548.119172][ T8258] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 548.190932][ T11] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 548.834863][ T46] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 549.281068][ T8292] loop1: detected capacity change from 0 to 256 [ 549.287774][ T8290] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1099'. [ 549.347913][ T8292] FAT-fs (loop1): Directory bread(block 64) failed [ 549.375048][ T8292] FAT-fs (loop1): Directory bread(block 65) failed [ 549.388884][ T33] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 549.413747][ T8292] FAT-fs (loop1): Directory bread(block 66) failed [ 549.433937][ T8292] FAT-fs (loop1): Directory bread(block 67) failed [ 549.465172][ T8292] FAT-fs (loop1): Directory bread(block 68) failed [ 549.488880][ T8292] FAT-fs (loop1): Directory bread(block 69) failed [ 549.511428][ T8292] FAT-fs (loop1): Directory bread(block 70) failed [ 549.532087][ T8292] FAT-fs (loop1): Directory bread(block 71) failed [ 549.572685][ T8292] FAT-fs (loop1): Directory bread(block 72) failed [ 549.593499][ T8292] FAT-fs (loop1): Directory bread(block 73) failed [ 549.613074][ T8273] loop0: detected capacity change from 0 to 32768 [ 549.660092][ T8273] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz.0.1090 (8273) [ 549.729973][ T8273] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 549.763362][ T8273] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 549.804863][ T8273] BTRFS info (device loop0): doing ref verification [ 549.846832][ T26] audit: type=1326 audit(2000000351.750:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8306 comm="syz.3.1106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 549.871257][ T8273] BTRFS info (device loop0): turning off barriers [ 549.900828][ T8273] BTRFS info (device loop0): max_inline at 0 [ 549.915126][ T8273] BTRFS info (device loop0): turning on sync discard [ 549.936148][ T26] audit: type=1326 audit(2000000351.770:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8306 comm="syz.3.1106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 549.956074][ T8273] BTRFS info (device loop0): force clearing of disk cache [ 549.965729][ T46] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 549.996413][ T8273] BTRFS info (device loop0): using free space tree [ 550.049918][ T26] audit: type=1326 audit(2000000351.770:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8306 comm="syz.3.1106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 550.256138][ T26] audit: type=1326 audit(2000000351.770:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8306 comm="syz.3.1106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 550.315301][ T26] audit: type=1326 audit(2000000351.770:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8306 comm="syz.3.1106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 550.339007][ T26] audit: type=1326 audit(2000000351.770:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8306 comm="syz.3.1106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=82 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 550.361298][ T26] audit: type=1326 audit(2000000351.770:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8306 comm="syz.3.1106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 550.383860][ T26] audit: type=1326 audit(2000000351.770:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8306 comm="syz.3.1106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 550.486245][ T8273] BTRFS info (device loop0): enabling ssd optimizations [ 550.549790][ T8273] BTRFS info (device loop0): rebuilding free space tree [ 550.556940][ T6174] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 550.682812][ T26] audit: type=1326 audit(2000000352.580:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.3.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 550.769792][ T26] audit: type=1326 audit(2000000352.580:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.3.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 551.115112][ T4249] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 551.139652][ T6174] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 551.376320][ T4298] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 551.497201][ T8369] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1126'. [ 551.576148][ T4298] usb 2-1: Using ep0 maxpacket: 8 [ 551.634793][ T4298] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 551.723440][ T11] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 551.756093][ T4298] usb 2-1: New USB device found, idVendor=0458, idProduct=4018, bcdDevice= 0.00 [ 551.806703][ T4298] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 551.880526][ T4298] usb 2-1: config 0 descriptor?? [ 552.350330][ T4298] kye 0003:0458:4018.0002: bogus close delimiter [ 552.361740][ T6165] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 552.387066][ T4298] kye 0003:0458:4018.0002: item 0 1 2 10 parsing failed [ 552.407428][ T4298] kye 0003:0458:4018.0002: parse failed [ 552.413073][ T4298] kye: probe of 0003:0458:4018.0002 failed with error -22 [ 552.550679][ T4298] usb 2-1: USB disconnect, device number 2 [ 552.941850][ T33] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 552.986920][ T8408] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1142'. [ 553.247240][ T8420] netlink: 4083 bytes leftover after parsing attributes in process `syz.4.1148'. [ 553.449673][ T8428] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1151'. [ 553.472083][ T11] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 553.846850][ T8448] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1161'. [ 553.878505][ T8448] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1161'. [ 554.059079][ T6174] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 554.133442][ T4260] Bluetooth: hci2: Invalid connection link type handle 0x00c8 [ 554.574426][ T8480] loop0: detected capacity change from 0 to 512 [ 554.640348][ T33] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 554.688729][ T8480] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 554.865668][ T8480] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 554.889960][ T8480] System zones: 0-1, 15-15, 18-18, 34-34 [ 554.917283][ T8480] EXT4-fs (loop0): orphan cleanup on readonly fs [ 554.923797][ T8480] __quota_error: 6 callbacks suppressed [ 554.923811][ T8480] Quota error (device loop0): v2_read_header: Failed header read: expected=8 got=0 [ 554.942758][ T8480] EXT4-fs warning (device loop0): ext4_enable_quotas:7054: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 554.982141][ T8480] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 555.027153][ T8499] overlayfs: failed to clone upperpath [ 555.219941][ T8480] EXT4-fs error (device loop0): ext4_orphan_get:1426: comm syz.0.1176: bad orphan inode 16 [ 555.425848][ T8480] ext4_test_bit(bit=15, block=18) = 1 [ 555.607624][ T8480] is_bad_inode(inode)=0 [ 555.618180][ T6165] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 555.641446][ T8480] NEXT_ORPHAN(inode)=0 [ 555.655853][ T8480] max_ino=32 [ 555.688418][ T8480] i_nlink=2 [ 555.691694][ T8480] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 555.784489][ T8480] fscrypt (loop0, inode 16): Error -61 getting encryption context [ 555.882842][ T26] audit: type=1326 audit(2000000357.780:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8506 comm="syz.3.1187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 555.923203][ T4249] EXT4-fs (loop0): unmounting filesystem. [ 555.961234][ T26] audit: type=1326 audit(2000000357.810:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8506 comm="syz.3.1187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 556.042481][ T26] audit: type=1326 audit(2000000357.820:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8506 comm="syz.3.1187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f83f638d2d0 code=0x7ffc0000 [ 556.113279][ T26] audit: type=1326 audit(2000000357.820:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8506 comm="syz.3.1187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f83f638d2d0 code=0x7ffc0000 [ 556.179576][ T26] audit: type=1326 audit(2000000357.820:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8506 comm="syz.3.1187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 556.242925][ T6165] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 556.252935][ T8505] loop1: detected capacity change from 0 to 8192 [ 556.286421][ T26] audit: type=1326 audit(2000000357.820:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8506 comm="syz.3.1187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 556.315511][ T8505] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 556.348392][ T8521] syz.0.1194 (8521) used obsolete PPPIOCDETACH ioctl [ 556.383810][ T26] audit: type=1326 audit(2000000357.830:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8506 comm="syz.3.1187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 556.411820][ T26] audit: type=1326 audit(2000000357.830:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8506 comm="syz.3.1187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 556.488131][ T26] audit: type=1326 audit(2000000357.830:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8506 comm="syz.3.1187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83f638e969 code=0x7ffc0000 [ 556.850956][ T4341] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 556.921051][ T8537] overlayfs: failed to clone upperpath [ 557.795188][ T8542] loop1: detected capacity change from 0 to 4096 [ 557.840344][ T8542] EXT4-fs: Ignoring removed orlov option [ 557.870941][ T8542] EXT4-fs (loop1): Test dummy encryption mode enabled [ 557.944686][ T8542] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 558.057491][ T6174] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 558.343935][ T8542] fscrypt (loop1): Missing crypto API support for AES-256-CTS-CBC (API name: "cts(cbc(aes))") [ 558.513859][ T4262] EXT4-fs (loop1): unmounting filesystem. [ 558.538996][ T8531] loop0: detected capacity change from 0 to 40427 [ 558.600388][ T8531] F2FS-fs (loop0): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 558.631399][ T4341] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 558.686151][ T8531] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 558.716130][ T8531] F2FS-fs (loop0): invalid crc value [ 558.774680][ T8531] F2FS-fs (loop0): Found nat_bits in checkpoint [ 558.868817][ T8531] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 558.886643][ T8531] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 559.017466][ T8370] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 559.213639][ T8370] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 559.228928][ T57] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 559.262095][ T8370] usb 2-1: New USB device found, idVendor=1532, idProduct=010d, bcdDevice= 0.00 [ 559.292073][ T8370] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 559.375294][ T8370] usb 2-1: config 0 descriptor?? [ 559.796247][ T5112] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 559.833887][ T8370] razer 0003:1532:010D.0003: unknown main item tag 0x0 [ 559.856812][ T8370] razer 0003:1532:010D.0003: hidraw0: USB HID v0.00 Device [HID 1532:010d] on usb-dummy_hcd.1-1/input0 [ 560.033550][ T8370] usb 2-1: USB disconnect, device number 3 [ 560.162248][ T8633] netlink: 'syz.4.1239': attribute type 2 has an invalid length. [ 560.264109][ T8625] fido_id[8625]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 560.366845][ T5112] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 560.444208][ T8640] netlink: 'syz.2.1242': attribute type 3 has an invalid length. [ 561.177775][ T46] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 561.766307][ T5112] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 562.347731][ T5112] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 562.608341][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.614740][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.857172][ T8696] loop1: detected capacity change from 0 to 512 [ 562.875952][ T8696] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 562.935569][ T46] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 562.987304][ T8696] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 562.996704][ T8696] ext4 filesystem being mounted at /232/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 563.225772][ T4262] EXT4-fs (loop1): unmounting filesystem. [ 563.490338][ T4341] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 564.058518][ T46] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 564.403560][ T5089] kernel write not supported for file /vcsa1 (pid: 5089 comm: kworker/0:8) [ 564.565071][ T8728] loop0: detected capacity change from 0 to 32768 [ 564.588875][ T8728] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz.0.1280 (8728) [ 564.630185][ T4341] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 564.686271][ T8728] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 564.736139][ T8728] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 564.745440][ T8728] BTRFS info (device loop0): force clearing of disk cache [ 564.802998][ T8728] BTRFS info (device loop0): enabling ssd optimizations [ 564.848617][ T8728] BTRFS info (device loop0): using spread ssd allocation scheme [ 564.877133][ T8728] BTRFS info (device loop0): using free space tree [ 565.050929][ T8776] blktrace: Concurrent blktraces are not allowed on nbd1 [ 565.182464][ T8728] BTRFS info (device loop0): rebuilding free space tree [ 565.197864][ T46] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 565.460178][ T8728] BTRFS info (device loop0): balance: start -f -sprofiles=data|system|metadata|raid0|raid10|raid5|raid6|0x3800,limit=10376293541461622786 [ 565.490151][ T8804] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1308'. [ 565.515036][ T8804] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1308'. [ 565.520519][ T8728] BTRFS info (device loop0): balance: ended with status: 0 [ 565.754347][ T4341] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 565.771869][ T4249] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 565.983091][ T8815] netlink: 'syz.1.1314': attribute type 1 has an invalid length. [ 566.252031][ T8825] loop1: detected capacity change from 0 to 64 [ 566.364423][ T4341] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 566.516671][ T8838] futex_wake_op: syz.3.1321 tries to shift op by -1; fix this program [ 566.755933][ T8848] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1325'. [ 566.971087][ T6174] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 567.127832][ T8860] overlayfs: failed to resolve './file0': -2 [ 567.744929][ T4401] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 567.950859][ T8864] loop0: detected capacity change from 0 to 256 [ 568.037365][ T8864] exfat: Deprecated parameter 'namecase' [ 568.124892][ T8864] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 568.485767][ T4401] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 568.970982][ T8891] ptrace attach of "./syz-executor exec"[4255] was attempted by ""[8891] [ 569.157477][ T4344] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 569.475501][ T8907] loop0: detected capacity change from 0 to 1024 [ 569.614044][ T8907] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 569.716217][ T4344] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 570.035472][ T4249] EXT4-fs (loop0): unmounting filesystem. [ 570.404312][ T4401] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 571.062448][ T4425] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 571.465425][ T8960] blktrace: Concurrent blktraces are not allowed on nbd1 [ 571.636247][ T4401] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 572.115972][ T8988] loop0: detected capacity change from 0 to 512 [ 572.170595][ T4425] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 572.191226][ T8988] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 572.226490][ T8988] ext4 filesystem being mounted at /248/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 572.493045][ T4249] EXT4-fs (loop0): unmounting filesystem. [ 572.716153][ T6174] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 573.275805][ T33] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 573.463914][ T9031] netlink: 284 bytes leftover after parsing attributes in process `syz.3.1403'. [ 573.725685][ T9041] loop0: detected capacity change from 0 to 256 [ 573.840950][ T33] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 574.103371][ T9051] loop0: detected capacity change from 0 to 256 [ 574.391551][ T6174] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 574.406205][ T7780] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 574.438004][ T9062] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1418'. [ 574.596121][ T7780] usb 2-1: Using ep0 maxpacket: 8 [ 574.613516][ T7780] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 574.639221][ T7780] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 574.650300][ T7780] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 574.666726][ T7780] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 574.731855][ T7780] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 574.753412][ T7780] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 574.949509][ T33] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 574.993602][ T7780] usb 2-1: GET_CAPABILITIES returned 0 [ 575.001117][ T7780] usbtmc 2-1:16.0: can't read capabilities [ 575.218516][ T7786] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 575.238337][ T8370] usb 2-1: USB disconnect, device number 4 [ 575.416202][ T7786] usb 1-1: Using ep0 maxpacket: 8 [ 575.423377][ T7786] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 575.443838][ T7786] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 575.464100][ T7786] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 575.477068][ T4344] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 575.497000][ T7786] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 575.536191][ T7786] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 575.565828][ T7786] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 575.608691][ T7786] hub 1-1:1.0: bad descriptor, ignoring hub [ 575.614747][ T7786] hub: probe of 1-1:1.0 failed with error -5 [ 575.634558][ T7786] cdc_wdm 1-1:1.0: skipping garbage [ 575.656126][ T7786] cdc_wdm 1-1:1.0: skipping garbage [ 575.682745][ T7786] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 575.700474][ T7786] cdc_wdm 1-1:1.0: Unknown control protocol [ 576.019520][ T4344] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 576.040301][ T9123] 9pnet_fd: Insufficient options for proto=fd [ 576.522052][ T9136] blktrace: Concurrent blktraces are not allowed on nbd1 [ 576.561481][ T9] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 576.678697][ T26] audit: type=1326 audit(2000000378.580:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9146 comm="syz.4.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ca3d8e969 code=0x7ffc0000 [ 576.687235][ T9149] netlink: 284 bytes leftover after parsing attributes in process `syz.2.1457'. [ 576.721615][ T26] audit: type=1326 audit(2000000378.580:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9146 comm="syz.4.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f0ca3d8e969 code=0x7ffc0000 [ 576.748713][ T26] audit: type=1326 audit(2000000378.580:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9146 comm="syz.4.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ca3d8e969 code=0x7ffc0000 [ 576.774989][ T26] audit: type=1326 audit(2000000378.580:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9146 comm="syz.4.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0ca3d8e56b code=0x7ffc0000 [ 576.801171][ T26] audit: type=1326 audit(2000000378.580:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9146 comm="syz.4.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ca3d8e969 code=0x7ffc0000 [ 576.827645][ T9151] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1458'. [ 576.846894][ T9151] bridge0: port 2(bridge_slave_1) entered disabled state [ 576.854883][ T9151] bridge0: port 1(bridge_slave_0) entered disabled state [ 576.862789][ T26] audit: type=1326 audit(2000000378.580:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9146 comm="syz.4.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0ca3d8e969 code=0x7ffc0000 [ 576.885448][ T26] audit: type=1326 audit(2000000378.580:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9146 comm="syz.4.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ca3d8e969 code=0x7ffc0000 [ 576.908576][ T26] audit: type=1326 audit(2000000378.580:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9146 comm="syz.4.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0ca3d8e969 code=0x7ffc0000 [ 576.933650][ T9153] overlayfs: failed to clone upperpath [ 576.954572][ T26] audit: type=1326 audit(2000000378.580:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9146 comm="syz.4.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ca3d8e969 code=0x7ffc0000 [ 576.989067][ T26] audit: type=1326 audit(2000000378.580:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9146 comm="syz.4.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ca3d8e969 code=0x7ffc0000 [ 577.112050][ T4401] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 577.681061][ T9] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 577.810661][ T9183] overlayfs: failed to clone upperpath [ 577.966848][ C0] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:17 [ 578.134808][ T9199] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1479'. [ 578.217814][ T4425] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 578.720515][ T9215] overlayfs: failed to clone upperpath [ 578.756516][ T4398] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 579.002771][ T9210] loop1: detected capacity change from 0 to 32768 [ 579.094220][ T9222] netlink: 136 bytes leftover after parsing attributes in process `syz.3.1489'. [ 579.828372][ T4502] net_ratelimit: 2 callbacks suppressed [ 579.828392][ T4502] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 579.867563][ T9247] syz.2.1499[9247] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 579.867723][ T9247] syz.2.1499[9247] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 580.226212][ T9258] 9pnet_fd: Insufficient options for proto=fd [ 580.304426][ T9080] cdc_wdm 1-1:1.0: Error autopm - -16 [ 580.304569][ T8370] usb 1-1: USB disconnect, device number 5 [ 580.366987][ T9] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 580.622932][ T9269] loop0: detected capacity change from 0 to 164 [ 580.674405][ T9269] Unable to read rock-ridge attributes [ 580.912309][ T4398] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 580.980048][ T9281] 9pnet_fd: Insufficient options for proto=fd [ 581.005689][ T9280] tipc: Started in network mode [ 581.046478][ T9280] tipc: Node identity ff75, cluster identity 4711 [ 581.108615][ T9280] tipc: Enabling of bearer rejected, failed to enable media [ 581.345287][ T9283] blktrace: Concurrent blktraces are not allowed on nbd0 [ 581.473669][ T4398] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 581.473992][ T9278] loop1: detected capacity change from 0 to 32768 [ 581.523639][ T9278] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.1513 (9278) [ 581.579037][ T9278] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 581.612463][ T9278] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 581.633306][ T9278] BTRFS info (device loop1): enabling auto defrag [ 581.647727][ T9278] BTRFS info (device loop1): doing ref verification [ 581.661541][ T9278] BTRFS info (device loop1): max_inline at 0 [ 581.674558][ T9278] BTRFS info (device loop1): force clearing of disk cache [ 581.689659][ T9278] BTRFS info (device loop1): turning on sync discard [ 581.704830][ T9278] BTRFS info (device loop1): disabling free space tree [ 581.881322][ T9278] BTRFS info (device loop1): enabling ssd optimizations [ 581.905395][ T9278] BTRFS info (device loop1): rebuilding free space tree [ 582.027659][ T9278] BTRFS info (device loop1): disabling free space tree [ 582.050236][ T4398] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 582.053728][ T9278] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 582.093530][ T9278] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 582.551336][ T4262] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 582.657151][ T4398] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 583.228458][ T4398] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 583.734031][ T9368] loop1: detected capacity change from 0 to 1024 [ 583.819594][ T4398] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 583.844268][ T9368] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 583.853281][ T9368] ext4 filesystem being mounted at /275/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 583.937570][ T26] kauditd_printk_skb: 9 callbacks suppressed [ 583.937586][ T26] audit: type=1800 audit(2000000385.840:170): pid=9368 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1545" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 584.059642][ T4262] EXT4-fs (loop1): unmounting filesystem. [ 584.416628][ T9386] blktrace: Concurrent blktraces are not allowed on nbd1 [ 584.505185][ T4341] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 585.430271][ T4341] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 586.168487][ T4341] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 586.297028][ T8370] hid-generic 009C:0008:0003.0004: unknown main item tag 0x0 [ 586.305165][ T8370] hid-generic 009C:0008:0003.0004: unknown main item tag 0x0 [ 586.314393][ T8370] hid-generic 009C:0008:0003.0004: unknown main item tag 0x2 [ 586.376185][ T8370] hid-generic 009C:0008:0003.0004: unknown main item tag 0x0 [ 586.383643][ T8370] hid-generic 009C:0008:0003.0004: unknown main item tag 0x0 [ 586.424085][ T8370] hid-generic 009C:0008:0003.0004: unknown main item tag 0x5 [ 586.446981][ T8370] hid-generic 009C:0008:0003.0004: unknown main item tag 0x0 [ 586.454466][ T8370] hid-generic 009C:0008:0003.0004: unknown main item tag 0x0 [ 586.506336][ T8370] hid-generic 009C:0008:0003.0004: unknown main item tag 0x0 [ 586.513895][ T8370] hid-generic 009C:0008:0003.0004: unknown main item tag 0x0 [ 586.546297][ T8370] hid-generic 009C:0008:0003.0004: unknown main item tag 0x0 [ 586.604994][ T8370] hid-generic 009C:0008:0003.0004: hidraw0: HID v0.05 Device [syz1] on syz0 [ 586.731214][ T4398] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 587.282469][ T33] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 587.584486][ T9406] loop0: detected capacity change from 0 to 40427 [ 587.683759][ T9406] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 587.699810][ T9406] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 587.734057][ T9406] F2FS-fs (loop0): Found nat_bits in checkpoint [ 587.815334][ T9406] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 587.831455][ T9406] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 587.838147][ T9] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 588.131704][ T9442] support for the xor transformation has been removed. [ 588.182225][ T4249] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 588.182303][ T4249] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 588.195443][ T4249] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 588.221973][ T4249] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 588.362704][ T4249] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 588.406674][ T4249] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 588.418904][ T4249] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 588.523805][ T4398] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 588.769003][ T9461] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1580'. [ 589.097063][ T6174] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 589.760825][ T6174] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 590.413205][ T4425] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 590.966149][ T4425] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 591.244583][ T9505] loop0: detected capacity change from 0 to 40427 [ 591.274273][ T9505] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x3ffff [ 591.338580][ T9505] F2FS-fs (loop0): invalid crc value [ 591.369674][ T9505] F2FS-fs (loop0): Found nat_bits in checkpoint [ 591.512586][ T4425] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 591.593709][ T9505] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 592.894608][ T9540] overlayfs: failed to clone upperpath [ 593.495174][ T4425] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 594.164357][ T9] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 594.850796][ T4425] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 595.450432][ T4398] batman_adv: batadv0: Local translation table size (76) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 700.965959][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 700.972969][ C1] (detected by 1, t=10502 jiffies, g=38577, q=110 ncpus=2) [ 700.980278][ C1] rcu: All QSes seen, last rcu_preempt kthread activity 10500 (4295007244-4294996744), jiffies_till_next_fqs=1, root ->qsmask 0x0 [ 700.993662][ C1] rcu: rcu_preempt kthread starved for 10500 jiffies! g38577 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 701.004881][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 701.014870][ C1] rcu: RCU grace-period kthread stack dump: [ 701.020781][ C1] task:rcu_preempt state:R running task stack:28096 pid:16 ppid:2 flags:0x00004000 [ 701.031648][ C1] Call Trace: [ 701.034953][ C1] [ 701.038014][ C1] __schedule+0x10e9/0x40d0 [ 701.042566][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 701.047808][ C1] ? _raw_spin_unlock+0x40/0x40 [ 701.052713][ C1] ? release_firmware_map_entry+0x18a/0x18a [ 701.058650][ C1] schedule+0xb9/0x180 [ 701.062745][ C1] schedule_timeout+0x15c/0x280 [ 701.067621][ C1] ? console_conditional_schedule+0x40/0x40 [ 701.073625][ C1] ? _raw_spin_unlock_irqrestore+0x82/0x100 [ 701.079547][ C1] ? update_process_times+0x1b0/0x1b0 [ 701.084951][ C1] ? prepare_to_swait_event+0x335/0x350 [ 701.090535][ C1] rcu_gp_fqs_loop+0x2f2/0x1310 [ 701.095420][ C1] ? dump_blkd_tasks+0x810/0x810 [ 701.100380][ C1] ? rcu_gp_init+0x14b0/0x14b0 [ 701.105257][ C1] ? rcu_gp_cleanup+0xb4c/0xca0 [ 701.110135][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 701.115363][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 701.120599][ C1] rcu_gp_kthread+0x95/0x380 [ 701.125221][ C1] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 701.130358][ C1] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 701.136280][ C1] ? __kthread_parkme+0x162/0x1c0 [ 701.141338][ C1] kthread+0x29d/0x330 [ 701.145435][ C1] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 701.150568][ C1] ? kthread_blkcg+0xd0/0xd0 [ 701.155189][ C1] ret_from_fork+0x1f/0x30 [ 701.159651][ C1] [ 701.162696][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 701.169294][ C1] CPU: 1 PID: 9573 Comm: syz.0.1619 Not tainted 6.1.139-syzkaller #0 [ 701.177381][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 701.187542][ C1] RIP: 0010:_raw_spin_unlock_irq+0x25/0x40 [ 701.193381][ C1] Code: f5 ff 0f 1f 00 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 ee 3e 4a f7 48 89 df e8 46 04 4b f7 e8 b1 06 6e f7 fb bf 01 00 00 00 56 81 3e f7 65 8b 05 f7 42 e9 75 85 c0 74 02 5b c3 e8 44 54 e7 [ 701.213019][ C1] RSP: 0018:ffffc90003567bb8 EFLAGS: 00000286 [ 701.219115][ C1] RAX: 69db85b05838fc00 RBX: ffff88802f6165c0 RCX: 69db85b05838fc00 [ 701.227111][ C1] RDX: dffffc0000000000 RSI: ffffffff8a6c0000 RDI: 0000000000000001 [ 701.235107][ C1] RBP: ffff88802f616858 R08: dffffc0000000000 R09: ffffed1005ec2cb9 [ 701.243105][ C1] R10: ffffed1005ec2cb9 R11: 1ffff11005ec2cb8 R12: 1ffff11005ec2d0b [ 701.251132][ C1] R13: 0000000000000011 R14: dffffc0000000000 R15: 0000000000000000 [ 701.259134][ C1] FS: 00007fb92ed8c6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 701.268095][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 701.274703][ C1] CR2: 0000001b2d41fffc CR3: 00000000534db000 CR4: 00000000003506e0 [ 701.282701][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 701.290696][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 701.298692][ C1] Call Trace: [ 701.301988][ C1] [ 701.304940][ C1] get_signal+0x1163/0x1350 [ 701.309493][ C1] arch_do_signal_or_restart+0xb0/0x1230 [ 701.315159][ C1] ? __ia32_sys_rt_sigreturn+0x660/0x790 [ 701.320913][ C1] ? bpf_trace_run2+0xda/0x3b0 [ 701.325715][ C1] ? load_gs_index+0x120/0x120 [ 701.330520][ C1] ? get_sigframe_size+0x10/0x10 [ 701.335504][ C1] ? exit_to_user_mode_loop+0x3b/0x110 [ 701.341001][ C1] exit_to_user_mode_loop+0x70/0x110 [ 701.346310][ C1] exit_to_user_mode_prepare+0xb1/0x140 [ 701.351879][ C1] syscall_exit_to_user_mode+0x16/0x40 [ 701.357380][ C1] do_syscall_64+0x58/0xa0 [ 701.361837][ C1] ? clear_bhb_loop+0x60/0xb0 [ 701.366546][ C1] ? clear_bhb_loop+0x60/0xb0 [ 701.371260][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 701.377181][ C1] RIP: 0033:0x7fb92df8e969 [ 701.381628][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 701.401267][ C1] RSP: 002b:00007fb92ed8c0e8 EFLAGS: 00000246 [ 701.407363][ C1] RAX: 0000000000000000 RBX: 00007fb92e1b5fa8 RCX: 00007fb92df8e969 [ 701.415365][ C1] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb92e1b5fac [ 701.423454][ C1] RBP: 00007fb92e1b5fa0 R08: 003845469f965d4e R09: 0000000000000000 [ 701.431455][ C1] R10: 0000200000000000 R11: 0000000000000246 R12: 00007fb92e1b5fac [ 701.439447][ C1] R13: 0000000000000000 R14: 00007fff8da93490 R15: 00007fff8da93578 [ 701.447477][ C1]