last executing test programs: 45.713515419s ago: executing program 0 (id=871): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2c00) fcntl$setown(0xffffffffffffffff, 0x8, 0x0) ioprio_set$pid(0x3, 0x0, 0x2004) 42.975538801s ago: executing program 0 (id=875): bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x5, 0x9fd, 0x84, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000340), 0x800, r4}, 0x38) 41.578864923s ago: executing program 0 (id=878): ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) kcmp(0x0, 0x0, 0x1, 0xffffffffffffffff, 0xffffffffffffffff) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, 0x0, 0x0) bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0xfffffffc, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x600, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c) 40.152598974s ago: executing program 0 (id=883): r0 = socket$inet(0x2, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r2 = socket(0x2b, 0xa, 0x0) sendmsg$nl_route_sched(r2, 0x0, 0x8884) r3 = getpid() r4 = syz_pidfd_open(r3, 0x0) setns(r4, 0x8020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf, 0x0, 0x100000}, 0x20) syz_clone3(&(0x7f00000008c0)={0x14860000, 0x0, 0x0, 0x0, {0x28}, 0x0, 0x0, 0x0, 0x0}, 0x58) setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0) 37.278361299s ago: executing program 0 (id=888): r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x3, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000380)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a80)=@acquire={0x178, 0x17, 0x1, 0x0, 0x0, {{@in6=@private0}, @in6=@remote, {@in6=@loopback, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x10}, {{@in6=@private2, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@sec_ctx={0xc, 0x8, {0x8, 0x8, 0x0, 0x2}}, @tmpl={0x44, 0x5, [{{@in=@loopback, 0x0, 0x3c}, 0x0, @in6=@mcast1}]}]}, 0x178}}, 0x0) 35.702566653s ago: executing program 0 (id=893): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0xfffffffe, @local, 0x1}, 0x1c) r4 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_pts(r4, 0x141601) syz_open_dev$MSR(0x0, 0x9, 0x0) syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x79, 0x0, 0x419}}}, 0x7) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x20008000}, 0x44014) sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0) 14.835478513s ago: executing program 4 (id=941): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x10000008, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f0000000100)=0x3) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r3, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0x1000, 0x2, 0x1, 0x2, 0x1bffffffffffffc, 0x4, 0xfd8f, 0x400, 0x9b, 0xfff, 0x2, 0x2, 0x7, 0x1ff, 0x0, 0x22, {0x0, 0xa}, 0x5, 0x4}}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) r4 = mq_open(&(0x7f0000000480)='!sel\x00\x00\x00\x10\x00\x00\x00\x00\xd7\\P\xc1\xde.O\xcb]0y\x00\x00\x00\x00\x00\x00\x00\x00', 0x6e93ebbbcc0884f2, 0x196, &(0x7f0000000440)={0x2000000000002000, 0x1, 0x56, 0x3}) mq_timedsend(r4, 0x0, 0x0, 0x0, 0x0) mq_timedreceive(r4, &(0x7f0000000880)=""/202, 0x8f, 0x200000000004, 0x0) 14.056465505s ago: executing program 4 (id=944): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) syz_usb_connect(0x5, 0x24, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x85}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in=@loopback, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x3, 0x7}}, 0xe8) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0) 12.088051155s ago: executing program 1 (id=946): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="ec020000", @ANYRES16=r1, @ANYBLOB], 0xec}, 0x1, 0x0, 0x0, 0x4084}, 0x20000010) r2 = syz_open_dev$swradio(&(0x7f00000000c0), 0x0, 0x2) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'gre0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newlink={0x38, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_IGNORE_DF={0x5, 0x13, 0x1}]}}}]}, 0x38}}, 0x0) ioctl$VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000280)={0xf0f048}) openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x4880, 0x74) ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, &(0x7f0000000240)) socket$packet(0x11, 0x2, 0x300) r5 = syz_init_net_socket$bt_cmtp(0x1f, 0x3, 0x5) r6 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00') pread64(r6, &(0x7f0000002240)=""/237, 0xed, 0x4eb) r7 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r7, 0xc1004110, &(0x7f0000000040)={0x0, [0x2, 0x9, 0x5], [{0x40006, 0x0, 0x0, 0x0, 0x1}, {0x9, 0x0, 0x0, 0x1}, {0x0, 0x2}, {}, {}, {}, {}, {}, {0x2}, {}, {0x0, 0x1000}], 0x20}) ioctl$sock_bt_cmtp_CMTPGETCONNLIST(r5, 0x800443d2, &(0x7f00000001c0)={0x6, &(0x7f0000000140)=[{@fixed}, {}, {}, {}, {@none}, {@fixed}]}) 9.82437452s ago: executing program 2 (id=949): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, 0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r4, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24) sendmmsg(r4, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r4, &(0x7f0000000d00), 0xf000, 0x10002, 0x0) 9.82242091s ago: executing program 3 (id=950): r0 = socket$inet(0x2, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r2 = socket(0x2b, 0xa, 0x0) sendmsg$nl_route_sched(r2, 0x0, 0x8884) r3 = getpid() r4 = syz_pidfd_open(r3, 0x0) setns(r4, 0x8020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf, 0x0, 0x100000}, 0x20) syz_clone3(&(0x7f00000008c0)={0x14860000, 0x0, 0x0, 0x0, {0x28}, 0x0, 0x0, 0x0, 0x0}, 0x58) setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0) 6.688329668s ago: executing program 3 (id=951): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000f40)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000003680)='sched_switch\x00', r3}, 0x10) io_setup(0x6, &(0x7f0000001380)=0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00') io_submit(r4, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x5, 0x0, r5, 0x0}]) 6.478473411s ago: executing program 4 (id=952): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000", @ANYBLOB="dfc2a0551d1d41bb91d33a02422ad38e007b4244cb5a34cc775f9801158d582e546a3a9951e2e42f82cc7e1e3bd94930b9e4878cad93a82216675450022f07799461fec4bb76f0a78c60f1647f32acd546ca3f78079463675d6e19995c92ac3e1d41ffe4dec343d761736ca74ada13cef4d98dd3c6c2180a065842990ba3da57bdef01355a5ee053207976f3dd4181ee7920d2c27f"], 0x27, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP") mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff}) connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e) 5.398450378s ago: executing program 1 (id=953): timer_create(0xfffffffd, 0x0, 0x0) timer_create(0xfffffffd, 0x0, &(0x7f0000000040)) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x200, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = dup3(r2, r1, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000440)={@flat=@weak_binder={0x77622a85, 0x1000, 0x2}, @flat=@binder={0x73622a85, 0xa, 0x1}, @flat=@binder={0x73622a85, 0x1000}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) read$FUSE(r5, &(0x7f00000034c0)={0x2020}, 0xcac) 5.397778668s ago: executing program 2 (id=954): socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket(0x10, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0], 0x64}}, 0x0) 5.25417446s ago: executing program 3 (id=955): mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, &(0x7f00000002c0)=[@ioring_restriction_sqe_flags_required={0x3, 0x22}, @ioring_restriction_sqe_flags_allowed={0x2, 0x18}], 0x2) bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @none}, 0xe) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x6) getsockopt$inet6_tcp_buf(r3, 0x6, 0x1a, 0x0, &(0x7f0000000080)) 4.59849561s ago: executing program 1 (id=956): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) fstat(0xffffffffffffffff, &(0x7f00000000c0)) lstat(0x0, 0x0) r0 = socket(0x2, 0x80805, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getsockopt$bt_hci(r0, 0x84, 0x6d, &(0x7f0000000000)=""/4102, &(0x7f0000001040)=0x1006) 4.59814625s ago: executing program 4 (id=957): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES32=0x41424344], 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850", 0x4, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ebffffffffffffff280012800b"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xffffffffffffff02, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 4.221849286s ago: executing program 3 (id=958): open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0) 4.079551058s ago: executing program 2 (id=959): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) sendmmsg(r0, 0x0, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x1c, 0x0, 0x331, 0x0, 0x0, {0x8}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000200)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) 2.915166656s ago: executing program 3 (id=960): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x50) socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) socket(0x10, 0x3, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) r4 = socket$phonet_pipe(0x23, 0x5, 0x2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{}, 0x0, &(0x7f0000000200)=r4}, 0x1e) ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r3], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)=[0x7fffffff]}) 2.702844279s ago: executing program 1 (id=961): r0 = syz_open_procfs(0x0, 0x0) madvise(&(0x7f000003e000/0x3000)=nil, 0x3000, 0x14) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, &(0x7f0000000280)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) socket$inet(0x2, 0x2, 0x1) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341) openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) pselect6(0x40, &(0x7f0000000000)={0x0, 0x40000000002, 0x8000000000000000, 0x8000f, 0x7fff, 0x0, 0x100, 0x10001000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0x9, 0x4, 0x2, 0x0, 0x2, 0x7}, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 2.562584541s ago: executing program 2 (id=962): socket$inet(0x2, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r1 = socket(0x2b, 0xa, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x8884) r2 = getpid() r3 = syz_pidfd_open(r2, 0x0) setns(r3, 0x8020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf, 0x0, 0x100000}, 0x20) 1.575913686s ago: executing program 2 (id=963): r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) close(r1) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"}) r3 = socket$nl_generic(0x10, 0x3, 0x10) io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)={0x60, r4, 0xb7a006d1969b963b, 0x1, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x44, 0x33, @probe_request={{{}, {}, @device_a, @device_b}, @val, @val, @void, @val={0x2d, 0x1a, {0x8802, 0x3, 0x6, 0x0, {0x6, 0xd, 0x0, 0xc0, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x1, 0x95ce, 0x9}}, @val={0x72, 0x6}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x8011}, 0x10) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) 1.561158787s ago: executing program 1 (id=964): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) prctl$PR_SET_THP_DISABLE(0x29, 0x1) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r3, &(0x7f0000000000)="3f0000000100f4", 0x7) r4 = add_key$user(&(0x7f0000000400), &(0x7f0000000440), &(0x7f0000001640)="be757b136be0357656f10d0ff26044d2a5d19fa95b7cc5c33806f61eb10f6a04fcdb35f9e184cbe3496a81af630460a9eeac05bd0992cd1fd060fe5f3492e030bedfcd99d99220b87dcf89dda8883ec3cf1e77b73f9632bfa41026325604d31a75d4ef378ab3fda434f4c78a9db9c0a10ecb2301641dca5a337000f911541262da236ae1ffffffff00e27ea584dffac25a189404257025973198b06d2435253cdba9839e3724ca53bbc40e5e47ccb54fda7ca28374bb626c77127d0a791853757988246bc3aff46ae19fdeb0c50b78436070945a20b33b69", 0xd8, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={0x0, r4}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) unshare(0x4020400) 1.459242708s ago: executing program 4 (id=965): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00') fchdir(r4) getdents64(0xffffffffffffffff, &(0x7f0000007ac0)=""/4107, 0x100b) 1.37050377s ago: executing program 3 (id=966): timer_create(0x3, 0x0, &(0x7f0000000300)) timer_create(0xfffffffd, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{}, {0x77359400}}, 0x0) r0 = syz_open_dev$video(&(0x7f0000000000), 0xd, 0x0) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000002c0)={0xa, @pix={0x2, 0x0, 0x30314247, 0x0, 0x0, 0x0, 0x6, 0x1, 0x3, 0x0, 0x0, 0x1}}) connect$qrtr(0xffffffffffffffff, &(0x7f0000000040), 0xc) write$binfmt_aout(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[@ANYBLOB="03010000b5"], 0xc8) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) r1 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x21182, 0x0) read$FUSE(r1, &(0x7f0000000040)={0x2020}, 0x2084) r2 = socket(0x2a, 0x2, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r3, &(0x7f0000000240)="f2435f0100088000000000850800", 0xe, 0x0, &(0x7f0000000200)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c00000013000100000000000000000000000002", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=r4, @ANYBLOB="1400350064756d6d7930"], 0x3c}}, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000080)={'dummy0\x00'}) 254.844236ms ago: executing program 4 (id=967): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r1 = socket(0x2b, 0xa, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x8884) r2 = getpid() r3 = syz_pidfd_open(r2, 0x0) setns(r3, 0x8020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf, 0x0, 0x100000}, 0x20) syz_clone3(&(0x7f00000008c0)={0x14860000, 0x0, 0x0, 0x0, {0x28}, 0x0, 0x0, 0x0, 0x0}, 0x58) migrate_pages(0x0, 0x3, 0x0, 0x0) 2.95754ms ago: executing program 2 (id=968): bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x3) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) socket$inet_udplite(0x2, 0x2, 0x88) r2 = userfaultfd(0x80801) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000600)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000}) 0s ago: executing program 1 (id=978): socket$inet6(0xa, 0x2, 0x3a) socket$inet_udp(0x2, 0x2, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000740)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0200", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x10}}}}}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) socket$kcm(0x2, 0xa, 0x2) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000080)=@req={0xffffffff, 0x5, 0x0, 0x2}, 0x10) ioctl$FS_IOC_GETFSUUID(r0, 0x80111500, &(0x7f0000000100)) write$tun(r0, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) r3 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000040)={0x18, 0x0, {0x4, @random="bb7fb37b9489", 'bond0\x00'}}, 0x1e) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0}}, 0x80) sendmmsg(r3, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}}], 0x3e8, 0x0) kernel console output (not intermixed with test programs): trongly recommended to keep mac addresses unique to avoid problems! [ 73.996649][ T4171] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.009413][ T4170] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.020457][ T4170] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.030818][ T4170] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.040148][ T4170] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.059108][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 74.075608][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.090534][ T4171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.103408][ T4171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.120394][ T4171] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.155313][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.170300][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.193745][ T4177] device veth0_macvtap entered promiscuous mode [ 74.222766][ T4171] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.235734][ T4171] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.246853][ T4213] Bluetooth: hci0: command 0x040f tx timeout [ 74.252713][ T4171] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.253991][ T4213] Bluetooth: hci2: command 0x040f tx timeout [ 74.270061][ T4171] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.270443][ T4213] Bluetooth: hci1: command 0x040f tx timeout [ 74.287126][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 74.298937][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.313614][ T4177] device veth1_macvtap entered promiscuous mode [ 74.321281][ T4213] Bluetooth: hci3: command 0x040f tx timeout [ 74.329773][ T4213] Bluetooth: hci4: command 0x040f tx timeout [ 74.377868][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 74.386716][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 74.408988][ T4177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.420419][ T4177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.433524][ T4177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.446092][ T4177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.459346][ T4177] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.472606][ T4177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.485134][ T4177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.496733][ T4177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.509985][ T4177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.522080][ T4177] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.545209][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 74.557297][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.567759][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 74.579127][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.588817][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.598206][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.611208][ T4179] device veth0_macvtap entered promiscuous mode [ 74.627296][ T4179] device veth1_macvtap entered promiscuous mode [ 74.659520][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 74.670539][ T3048] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.676360][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 74.687287][ T3048] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.696302][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 74.707028][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 74.719421][ T4177] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.729690][ T4177] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.739706][ T4177] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.749024][ T4177] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.781382][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 74.829267][ T4179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.847048][ T4179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.859112][ T4179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.871211][ T4179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.883947][ T4179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.896472][ T4179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.910609][ T4179] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.940074][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 74.954069][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.980494][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.990481][ T4179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.991225][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.012954][ T4179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.024308][ T4179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.035193][ T4179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.045805][ T4179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.057030][ T4179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.070591][ T4179] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.091720][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 75.101347][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 75.111270][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 75.124921][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 75.135417][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 75.144677][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 75.153222][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 75.164087][ T4183] device veth0_vlan entered promiscuous mode [ 75.173160][ T4179] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.182767][ T4179] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.192940][ T4179] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.205059][ T4179] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.230317][ T373] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.250828][ T373] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.290786][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 75.303205][ T4183] device veth1_vlan entered promiscuous mode [ 75.335671][ T373] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.371937][ T373] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.458416][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 75.482227][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 75.493867][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 75.567298][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.606273][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 75.644096][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.666037][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 75.728267][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #142!!! [ 75.850959][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 75.930933][ T4183] device veth0_macvtap entered promiscuous mode [ 76.035276][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 76.120579][ T4183] device veth1_macvtap entered promiscuous mode [ 76.137701][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 76.192494][ T4252] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.240089][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 76.255127][ T4252] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.435457][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 76.465444][ T23] Bluetooth: hci1: command 0x0419 tx timeout [ 76.472044][ T23] Bluetooth: hci2: command 0x0419 tx timeout [ 76.483763][ T23] Bluetooth: hci0: command 0x0419 tx timeout [ 76.490334][ T23] Bluetooth: hci4: command 0x0419 tx timeout [ 76.493801][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.508294][ T23] Bluetooth: hci3: command 0x0419 tx timeout [ 76.570086][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.594498][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.594522][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.594536][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.594549][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.594560][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.594574][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.615558][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.777448][ T4253] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.799099][ T4253] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.814250][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.833503][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.854947][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 77.309235][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.442405][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.463171][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.493192][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.505153][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.561878][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.574791][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.592865][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.622454][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.850842][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 77.874329][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 78.248519][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 78.258541][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!! [ 78.268605][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!! [ 78.278940][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!! [ 78.288484][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 78.298907][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 78.968688][ T4274] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3'. [ 78.978495][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.987900][ T4275] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3'. [ 79.076086][ T4183] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.087397][ T4183] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.097425][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.105565][ T4183] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.124245][ T4183] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.142028][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 80.166369][ T3048] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.201988][ T4291] netlink: 'syz.2.10': attribute type 1 has an invalid length. [ 80.215150][ T4290] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 80.219858][ T3048] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.272425][ T373] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.282357][ T4291] device vlan2 entered promiscuous mode [ 80.296816][ T373] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.306642][ T4291] device ip6gretap0 entered promiscuous mode [ 80.344055][ T4253] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 80.353756][ T4253] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 80.842603][ T4301] loop2: detected capacity change from 0 to 512 [ 80.905808][ T4298] loop4: detected capacity change from 0 to 40427 [ 80.992120][ T4298] F2FS-fs (loop4): invalid crc value [ 81.039108][ T4298] F2FS-fs (loop4): Found nat_bits in checkpoint [ 81.063713][ T4301] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 81.081158][ T4301] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 81.165231][ T4298] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 81.798919][ T4322] attempt to access beyond end of device [ 81.798919][ T4322] loop4: rw=10241, want=45104, limit=40427 [ 82.063436][ T4183] attempt to access beyond end of device [ 82.063436][ T4183] loop4: rw=2049, want=45112, limit=40427 [ 82.250327][ T4325] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 82.471088][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 82.564908][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 82.607770][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 82.693369][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 82.738307][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 82.779868][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 82.821507][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 83.004143][ T4343] netlink: 8 bytes leftover after parsing attributes in process `syz.3.21'. [ 83.086121][ T4343] netlink: 4 bytes leftover after parsing attributes in process `syz.3.21'. [ 83.108339][ T4329] syz.1.15 (4329) used greatest stack depth: 20256 bytes left [ 83.320915][ T4348] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 83.339029][ T4348] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 83.440099][ T4348] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 83.478298][ T4348] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 83.612529][ T4360] loop1: detected capacity change from 0 to 1024 [ 85.942575][ T4382] nfs: Unknown parameter 'ntext' [ 86.463445][ T4373] netlink: 'syz.0.29': attribute type 10 has an invalid length. [ 86.556171][ T4373] netlink: 40 bytes leftover after parsing attributes in process `syz.0.29'. [ 86.876189][ T4373] netlink: 'syz.0.29': attribute type 10 has an invalid length. [ 86.922679][ T4373] netlink: 40 bytes leftover after parsing attributes in process `syz.0.29'. [ 87.015126][ T4388] loop3: detected capacity change from 0 to 32768 [ 87.479747][ T4392] netlink: 'syz.4.33': attribute type 24 has an invalid length. [ 87.581424][ T4388] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 87.590114][ T4388] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 87.624836][ T4388] gfs2: fsid=syz:syz.0: journal 0 mapped with 7 extents in 0ms [ 87.644111][ T4216] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 87.681581][ T4216] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 87.858726][ T4398] loop0: detected capacity change from 0 to 256 [ 87.953255][ T4216] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 271ms [ 88.004526][ T4216] gfs2: fsid=syz:syz.0: jid=0: Done [ 88.019277][ T4398] ======================================================= [ 88.019277][ T4398] WARNING: The mand mount option has been deprecated and [ 88.019277][ T4398] and is ignored by this kernel. Remove the mand [ 88.019277][ T4398] option from the mount to silence this warning. [ 88.019277][ T4398] ======================================================= [ 88.099668][ T4388] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 88.123719][ T4388] attempt to access beyond end of device [ 88.123719][ T4388] loop3: rw=12288, want=9007199254757624, limit=32768 [ 88.136743][ T4388] gfs2: fsid=syz:syz.0: can't lock local "qc" file: -5 [ 88.303644][ T4407] netlink: 32 bytes leftover after parsing attributes in process `syz.4.39'. [ 90.234470][ T4426] 9pnet: Insufficient options for proto=fd [ 92.253690][ T3146] cfg80211: failed to load regulatory.db [ 94.063826][ T4457] lo speed is unknown, defaulting to 1000 [ 94.125634][ T4460] netlink: 4 bytes leftover after parsing attributes in process `syz.4.52'. [ 94.342973][ T26] audit: type=1326 audit(1750099900.380:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4461 comm="syz.0.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 94.572580][ T26] audit: type=1326 audit(1750099900.610:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4461 comm="syz.0.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 94.825981][ T26] audit: type=1326 audit(1750099900.830:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4461 comm="syz.0.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 95.079380][ T4457] lo speed is unknown, defaulting to 1000 [ 95.122872][ T4457] lo speed is unknown, defaulting to 1000 [ 95.300368][ T4216] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz1 [ 95.466024][ T4457] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 95.766190][ T4457] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 95.766878][ T4480] netlink: 8 bytes leftover after parsing attributes in process `syz.0.56'. [ 95.866465][ T26] audit: type=1326 audit(1750099900.830:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4461 comm="syz.0.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 96.068334][ T26] audit: type=1326 audit(1750099900.830:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4461 comm="syz.0.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 96.264772][ T4457] lo speed is unknown, defaulting to 1000 [ 96.316757][ T26] audit: type=1326 audit(1750099900.830:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4461 comm="syz.0.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 97.097007][ T4457] lo speed is unknown, defaulting to 1000 [ 97.221997][ T26] audit: type=1326 audit(1750099900.850:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4461 comm="syz.0.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 97.285897][ T4457] lo speed is unknown, defaulting to 1000 [ 97.306758][ T26] audit: type=1326 audit(1750099900.850:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4461 comm="syz.0.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 97.354578][ T4457] lo speed is unknown, defaulting to 1000 [ 97.379332][ T4457] lo speed is unknown, defaulting to 1000 [ 97.393657][ T4457] lo speed is unknown, defaulting to 1000 [ 97.401572][ T4494] loop4: detected capacity change from 0 to 2048 [ 97.411691][ T26] audit: type=1326 audit(1750099900.850:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4461 comm="syz.0.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 97.895584][ T4494] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 98.396349][ T26] audit: type=1326 audit(1750099900.850:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4461 comm="syz.0.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 99.594794][ T26] audit: type=1326 audit(1750099900.850:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4461 comm="syz.0.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 99.628989][ T26] audit: type=1326 audit(1750099900.860:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4461 comm="syz.0.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 100.418959][ T26] audit: type=1326 audit(1750099900.860:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4461 comm="syz.0.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 100.473803][ T4531] netlink: 4 bytes leftover after parsing attributes in process `syz.2.69'. [ 100.517644][ T26] audit: type=1326 audit(1750099900.860:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4461 comm="syz.0.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 100.620733][ T26] audit: type=1326 audit(1750099900.860:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4461 comm="syz.0.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 101.547473][ T4561] netlink: 'syz.4.77': attribute type 10 has an invalid length. [ 102.044108][ T4571] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 102.086946][ T4569] loop4: detected capacity change from 0 to 4096 [ 102.282417][ T4574] mmap: syz.3.81 (4574) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 105.398037][ C0] sched: RT throttling activated [ 105.767806][ T4595] loop1: detected capacity change from 0 to 256 [ 105.898962][ T4598] Zero length message leads to an empty skb [ 105.956904][ T4598] device sit1 entered promiscuous mode [ 106.043868][ T4599] device netdevsim0 entered promiscuous mode [ 106.209253][ T4599] device netdevsim0 left promiscuous mode [ 107.582541][ T4611] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 108.967781][ T4616] netlink: 4 bytes leftover after parsing attributes in process `syz.1.94'. [ 109.285658][ T4631] netlink: 'syz.4.97': attribute type 29 has an invalid length. [ 109.393385][ T4622] syz.1.94 uses obsolete (PF_INET,SOCK_PACKET) [ 111.107793][ T4641] process 'syz.0.98' launched './file2' with NULL argv: empty string added [ 111.586255][ T4625] netlink: 4 bytes leftover after parsing attributes in process `syz.3.96'. [ 111.650873][ T4631] netlink: 'syz.4.97': attribute type 29 has an invalid length. [ 111.728233][ T1324] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 113.398825][ T1324] usb 1-1: device not accepting address 2, error -71 [ 114.236707][ T4692] netlink: 4 bytes leftover after parsing attributes in process `syz.3.110'. [ 114.267927][ C0] Unknown status report in ack skb [ 114.352080][ T4694] mip6: mip6_rthdr_init_state: state's mode is not 2: 4 [ 115.316181][ T4694] netlink: 24 bytes leftover after parsing attributes in process `syz.0.111'. [ 115.877916][ T4711] netlink: 28 bytes leftover after parsing attributes in process `syz.4.112'. [ 115.972464][ T4715] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 115.988900][ T4715] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 115.999686][ T4715] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 116.010269][ T4715] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 116.020433][ T4715] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 116.029122][ T4715] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 116.038505][ T4715] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 116.056472][ T4715] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 116.073248][ T4715] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 116.081531][ T4715] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 116.802631][ T4717] loop2: detected capacity change from 0 to 512 [ 116.890789][ T4723] bridge0: port 1(bridge_slave_0) entered listening state [ 117.178219][ T1108] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 117.182560][ T4717] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.117: bg 0: block 248: padding at end of block bitmap is not set [ 118.658565][ T4717] Quota error (device loop2): write_blk: dquota write failed [ 118.755152][ T4717] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 118.856321][ T4717] EXT4-fs error (device loop2): ext4_acquire_dquot:6204: comm syz.2.117: Failed to acquire dquot type 1 [ 118.904028][ T4717] EXT4-fs (loop2): 1 truncate cleaned up [ 118.933474][ T4717] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 119.026067][ T4717] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 120.228222][ T1108] usb 1-1: unable to read config index 0 descriptor/all [ 120.253641][ T1108] usb 1-1: can't read configurations, error -71 [ 123.394877][ T4773] loop0: detected capacity change from 0 to 1024 [ 123.621129][ T4773] EXT4-fs (loop0): Ignoring removed orlov option [ 124.360594][ T4773] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv1,resgid=0x0000000000000000,nodioread_nolock,norecovery,debug_want_extra_isize=0x0000000000000080,quota,errors=remount-ro,grpid,orlov,. Quota mode: writeback. [ 125.757606][ T26] audit: type=1326 audit(1750099931.790:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4799 comm="syz.0.139" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1ba652b929 code=0x0 [ 126.856892][ T26] audit: type=1800 audit(1750099932.880:18): pid=4803 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.141" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 127.208278][ T4812] loop0: detected capacity change from 0 to 512 [ 127.422254][ T4812] EXT4-fs (loop0): orphan cleanup on readonly fs [ 127.457406][ T4812] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.144: bg 0: block 248: padding at end of block bitmap is not set [ 127.663001][ T4812] Quota error (device loop0): write_blk: dquota write failed [ 127.676145][ T4817] loop4: detected capacity change from 0 to 512 [ 127.687322][ T4812] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 127.708565][ T4812] EXT4-fs error (device loop0): ext4_acquire_dquot:6204: comm syz.0.144: Failed to acquire dquot type 1 [ 127.788631][ T4812] EXT4-fs (loop0): 1 truncate cleaned up [ 127.849950][ T4812] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 128.010807][ T4817] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 128.089223][ T4817] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 128.135526][ T4812] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 128.170469][ T4817] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 128.209184][ T4817] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 128.226110][ T4817] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=e040e01c, mo2=0000] [ 128.239044][ T4812] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback. [ 128.250756][ T4824] Quota error (device loop0): find_block_dqentry: Quota for id 131072 referenced but not present [ 128.265543][ T4824] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 131072 [ 128.274651][ T4817] EXT4-fs (loop4): failed to initialize system zone (-117) [ 128.282136][ T4824] EXT4-fs error (device loop0): ext4_acquire_dquot:6204: comm syz.0.144: Failed to acquire dquot type 1 [ 128.321695][ T4817] EXT4-fs (loop4): mount failed [ 128.497174][ T4831] tipc: Started in network mode [ 128.528280][ T4831] tipc: Node identity 6, cluster identity 4711 [ 128.534865][ T4831] tipc: Node number set to 6 [ 132.438775][ T4852] loop3: detected capacity change from 0 to 512 [ 132.576077][ T4852] EXT4-fs (loop3): Ignoring removed bh option [ 132.598168][ T4852] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 132.681939][ T4852] EXT4-fs (loop3): 1 truncate cleaned up [ 132.728371][ T4852] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x0000000000000000,bh,noload,data_err=ignore,noblock_validity,,errors=continue. Quota mode: none. [ 133.078527][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.085063][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.130578][ T4862] tipc: Started in network mode [ 134.135742][ T4862] tipc: Node identity 7f000001, cluster identity 4711 [ 134.183594][ T4862] tipc: Enabled bearer , priority 10 [ 134.239916][ T4865] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00aa [ 134.343191][ T4865] tipc: Enabled bearer , priority 10 [ 135.339101][ T4216] tipc: Node number set to 2130706433 [ 135.410596][ T4879] netlink: zone id is out of range [ 135.490474][ T4881] xt_recent: hitcount (16385) is larger than allowed maximum (255) [ 135.513344][ T4881] netlink: 'syz.2.166': attribute type 27 has an invalid length. [ 135.754839][ T4883] loop4: detected capacity change from 0 to 4096 [ 135.876071][ T4883] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512) [ 137.182843][ T4216] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 137.317599][ T4881] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.326276][ T4881] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.410706][ T1108] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 137.445152][ T4216] usb 4-1: Using ep0 maxpacket: 8 [ 137.643111][ T4216] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 137.656081][ T4216] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 137.671574][ T4216] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 137.684949][ T4216] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024 [ 137.703135][ T4216] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 137.714442][ T1108] usb 2-1: Using ep0 maxpacket: 8 [ 137.725804][ T4216] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 137.736681][ T4216] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.760274][ T4216] usb 4-1: config 0 descriptor?? [ 137.788230][ T4881] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 137.800735][ T4892] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 137.822526][ T4881] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 137.880142][ T1108] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 137.994866][ T1108] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 138.021392][ T1108] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 138.033648][ T1108] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 138.045555][ T1108] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 138.055505][ T1108] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.119236][ T1108] hub 2-1:1.0: bad descriptor, ignoring hub [ 138.125745][ T1108] hub: probe of 2-1:1.0 failed with error -5 [ 138.134460][ T1108] cdc_wdm 2-1:1.0: skipping garbage [ 138.140434][ T1108] cdc_wdm 2-1:1.0: skipping garbage [ 138.153058][ T1108] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 138.161831][ T1108] cdc_wdm 2-1:1.0: Unknown control protocol [ 138.436918][ T4216] usb 4-1: USB disconnect, device number 2 [ 139.462609][ T4881] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.472260][ T4881] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.482001][ T4881] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.491589][ T4881] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.615266][ T4881] device vlan2 left promiscuous mode [ 139.626419][ T4881] device ip6gretap0 left promiscuous mode [ 139.647947][ T4215] lo speed is unknown, defaulting to 1000 [ 139.803410][ T4215] usb 2-1: USB disconnect, device number 2 [ 139.825252][ T4918] netlink: 4 bytes leftover after parsing attributes in process `syz.2.175'. [ 139.989180][ T4927] netlink: 24 bytes leftover after parsing attributes in process `syz.0.174'. [ 140.006491][ T4922] netlink: 24 bytes leftover after parsing attributes in process `syz.0.174'. [ 142.669202][ T4956] netlink: 24 bytes leftover after parsing attributes in process `syz.2.187'. [ 142.905601][ T4958] loop3: detected capacity change from 0 to 256 [ 143.184423][ T4958] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 143.196411][ T4958] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 143.216442][ T4958] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 146.910282][ T26] audit: type=1804 audit(1750099952.870:19): pid=4971 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.191" name="file1" dev="ramfs" ino=34249 res=1 errno=0 [ 146.983447][ T4965] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.016724][ T26] audit: type=1800 audit(1750099953.020:20): pid=4971 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.191" name="file1" dev="ramfs" ino=34249 res=0 errno=0 [ 147.414471][ T4965] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.219936][ T4965] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.410471][ T4965] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.613349][ T4965] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.645692][ T4965] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.655313][ T26] audit: type=1326 audit(1750099955.690:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5014 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feeb9797929 code=0x7ffc0000 [ 149.694279][ T4965] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.737616][ T4965] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.746469][ T26] audit: type=1326 audit(1750099955.720:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5014 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7feeb9797929 code=0x7ffc0000 [ 149.817785][ T26] audit: type=1326 audit(1750099955.720:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5014 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feeb9797929 code=0x7ffc0000 [ 149.903023][ T26] audit: type=1326 audit(1750099955.720:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5014 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7feeb9797929 code=0x7ffc0000 [ 149.928181][ T26] audit: type=1326 audit(1750099955.720:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5014 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feeb9797929 code=0x7ffc0000 [ 150.021341][ T26] audit: type=1326 audit(1750099955.720:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5014 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7feeb9797929 code=0x7ffc0000 [ 150.338407][ T26] audit: type=1326 audit(1750099955.720:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5014 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feeb9797929 code=0x7ffc0000 [ 150.361400][ C0] vkms_vblank_simulate: vblank timer overrun [ 151.690163][ T5036] netlink: 8 bytes leftover after parsing attributes in process `syz.1.207'. [ 151.862040][ T5040] netlink: 4 bytes leftover after parsing attributes in process `syz.0.210'. [ 151.884142][ T26] audit: type=1326 audit(1750099955.720:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5014 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7feeb9797929 code=0x7ffc0000 [ 152.044891][ T5047] netlink: 4 bytes leftover after parsing attributes in process `syz.0.210'. [ 152.151828][ T26] audit: type=1326 audit(1750099955.720:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5014 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feeb9797929 code=0x7ffc0000 [ 152.317903][ T26] audit: type=1326 audit(1750099955.730:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5014 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7feeb9797929 code=0x7ffc0000 [ 152.355284][ T26] audit: type=1326 audit(1750099955.730:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5014 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feeb9797929 code=0x7ffc0000 [ 152.382080][ C0] vkms_vblank_simulate: vblank timer overrun [ 152.396684][ T26] audit: type=1326 audit(1750099955.730:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5014 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7feeb9797929 code=0x7ffc0000 [ 152.567258][ T26] audit: type=1326 audit(1750099955.730:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5014 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feeb9797929 code=0x7ffc0000 [ 152.568500][ T26] audit: type=1326 audit(1750099955.730:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5014 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7feeb9797929 code=0x7ffc0000 [ 152.640212][ T26] audit: type=1326 audit(1750099955.730:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5014 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feeb9797929 code=0x7ffc0000 [ 152.663429][ C0] vkms_vblank_simulate: vblank timer overrun [ 153.148948][ T5052] netlink: 'syz.1.212': attribute type 21 has an invalid length. [ 153.192910][ T5052] netlink: 4 bytes leftover after parsing attributes in process `syz.1.212'. [ 153.205583][ T26] audit: type=1326 audit(1750099955.730:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5014 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7feeb9797929 code=0x7ffc0000 [ 153.229003][ C0] vkms_vblank_simulate: vblank timer overrun [ 153.241694][ T26] audit: type=1326 audit(1750099955.730:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5014 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feeb9797929 code=0x7ffc0000 [ 153.265865][ C0] vkms_vblank_simulate: vblank timer overrun [ 153.307479][ T26] audit: type=1326 audit(1750099955.730:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5014 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7feeb9797929 code=0x7ffc0000 [ 153.331617][ C0] vkms_vblank_simulate: vblank timer overrun [ 155.127792][ T5067] syz.2.216[5067] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 155.127905][ T5067] syz.2.216[5067] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 155.152545][ T5068] wlan0 speed is unknown, defaulting to 1000 [ 155.235210][ T5068] wlan0 speed is unknown, defaulting to 1000 [ 155.250879][ T5068] wlan0 speed is unknown, defaulting to 1000 [ 155.344655][ T5068] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 155.425993][ T5068] wlan0 speed is unknown, defaulting to 1000 [ 155.459491][ T5068] wlan0 speed is unknown, defaulting to 1000 [ 155.499970][ T5068] wlan0 speed is unknown, defaulting to 1000 [ 155.507912][ T5068] wlan0 speed is unknown, defaulting to 1000 [ 155.526535][ T5068] wlan0 speed is unknown, defaulting to 1000 [ 156.140022][ T5079] hugetlbfs: syz.1.219 (5079): Using mlock ulimits for SHM_HUGETLB is deprecated [ 158.563413][ T5093] netlink: 'syz.4.223': attribute type 4 has an invalid length. [ 159.824107][ T5093] syz.4.223 (5093) used greatest stack depth: 20064 bytes left [ 160.416990][ T5107] xt_CT: You must specify a L4 protocol and not use inversions on it [ 162.294463][ T5145] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 162.406591][ T5148] netlink: 12 bytes leftover after parsing attributes in process `syz.3.234'. [ 162.533174][ T5127] DRBG: could not allocate digest TFM handle: hmac(sha512) [ 162.735342][ T5159] netlink: 224 bytes leftover after parsing attributes in process `syz.4.235'. [ 162.764386][ T5159] netlink: 16 bytes leftover after parsing attributes in process `syz.4.235'. [ 163.751104][ T5174] netlink: 24 bytes leftover after parsing attributes in process `syz.4.239'. [ 163.931548][ T5177] netlink: 64 bytes leftover after parsing attributes in process `syz.2.240'. [ 163.965427][ T5177] netlink: 'syz.2.240': attribute type 11 has an invalid length. [ 163.990540][ T5177] netlink: 428 bytes leftover after parsing attributes in process `syz.2.240'. [ 164.874321][ T5185] netlink: 16 bytes leftover after parsing attributes in process `syz.4.242'. [ 164.969084][ T5190] netlink: 28 bytes leftover after parsing attributes in process `syz.3.244'. [ 165.016528][ T5194] netlink: 28 bytes leftover after parsing attributes in process `syz.3.244'. [ 166.449746][ T5214] loop1: detected capacity change from 0 to 4096 [ 167.386897][ T5214] ntfs3: loop1: Different NTFS' sector size (1024) and media sector size (512) [ 168.399385][ T5228] @: renamed from vlan0 [ 168.504783][ T5231] loop0: detected capacity change from 0 to 2048 [ 169.199056][ T5231] EXT4-fs (loop0): failed to initialize system zone (-117) [ 169.480252][ T5231] EXT4-fs (loop0): mount failed [ 172.529907][ T5269] syz.1.262 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 173.034585][ T5263] bridge: RTM_NEWNEIGH with invalid ether address [ 176.362007][ T5278] netlink: 'syz.2.267': attribute type 10 has an invalid length. [ 176.779903][ T5291] capability: warning: `syz.1.270' uses deprecated v2 capabilities in a way that may be insecure [ 176.815827][ T5278] team0: Port device dummy0 added [ 176.834681][ T5288] netlink: 'syz.2.267': attribute type 10 has an invalid length. [ 176.922780][ T5288] team0: Port device dummy0 removed [ 176.938955][ T5288] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 176.961134][ T5284] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 177.008561][ T5284] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 177.027424][ T5284] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 177.046431][ T5284] device bridge_slave_0 left promiscuous mode [ 177.058934][ T5284] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.094355][ T5284] device bridge_slave_1 left promiscuous mode [ 177.109202][ T5284] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.141001][ T5284] bond0: (slave bond_slave_0): Releasing backup interface [ 177.188165][ T5284] bond0: (slave bond_slave_1): Releasing backup interface [ 177.271890][ T5284] team0: Port device team_slave_0 removed [ 177.295500][ T5296] loop1: detected capacity change from 0 to 40427 [ 177.329808][ T5284] team0: Port device team_slave_1 removed [ 177.352687][ T5296] F2FS-fs (loop1): invalid crc value [ 177.402375][ T5285] team0: Mode changed to "loadbalance" [ 177.434604][ T5296] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 177.510173][ T5292] device syzkaller0 entered promiscuous mode [ 177.543495][ T5301] netlink: 8 bytes leftover after parsing attributes in process `syz.2.273'. [ 177.617486][ T5296] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 177.741506][ T5307] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 178.408897][ T5323] IPVS: set_ctl: invalid protocol: 44 172.20.20.187:20000 [ 178.425390][ T5322] loop0: detected capacity change from 0 to 256 [ 178.495307][ T5326] netlink: 'syz.2.279': attribute type 16 has an invalid length. [ 178.515049][ T5326] netlink: 'syz.2.279': attribute type 3 has an invalid length. [ 178.531810][ T5326] netlink: 132 bytes leftover after parsing attributes in process `syz.2.279'. [ 178.571553][ T5322] netlink: 'syz.0.278': attribute type 39 has an invalid length. [ 178.945260][ T5334] netlink: 28 bytes leftover after parsing attributes in process `syz.3.283'. [ 180.085817][ T5353] loop3: detected capacity change from 0 to 512 [ 180.166350][ T5349] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 180.176862][ T5349] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 180.186368][ T5349] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 180.196066][ T5349] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 180.249936][ T5353] EXT4-fs (loop3): mounted filesystem without journal. Opts: auto_da_alloc,init_itable,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 180.267270][ T5353] ext4 filesystem being mounted at /55/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 180.272604][ T5349] team0: Port device vxlan0 added [ 181.346610][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 181.346628][ T26] audit: type=1326 audit(1750102565.371:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5352 comm="syz.3.288" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5911ac0929 code=0x0 [ 181.396961][ T5353] netlink: 'syz.3.288': attribute type 13 has an invalid length. [ 182.144709][ T5373] loop2: detected capacity change from 0 to 256 [ 182.193028][ T26] audit: type=1326 audit(1750102566.231:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5374 comm="syz.4.293" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8bb88b2929 code=0x0 [ 182.477089][ T5383] usb usb1: usbfs: process 5383 (syz.1.295) did not claim interface 6 before use [ 182.492687][ T5383] loop1: detected capacity change from 0 to 256 [ 182.656759][ T5386] syz.0.298 sent an empty control message without MSG_MORE. [ 184.554568][ T5396] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 185.329022][ T5398] netlink: 'syz.0.302': attribute type 1 has an invalid length. [ 185.374677][ T5398] netlink: 'syz.0.302': attribute type 4 has an invalid length. [ 185.415057][ T5398] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.302'. [ 185.424874][ T5399] netlink: 'syz.0.302': attribute type 1 has an invalid length. [ 185.443378][ T5399] netlink: 'syz.0.302': attribute type 4 has an invalid length. [ 185.451801][ T5399] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.302'. [ 186.108278][ T3146] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 186.677338][ T5409] tipc: Started in network mode [ 186.728133][ T3146] usb 4-1: Using ep0 maxpacket: 8 [ 186.732076][ T5409] tipc: Node identity ac14140f, cluster identity 4711 [ 186.753520][ T5409] tipc: New replicast peer: 255.255.255.255 [ 186.774124][ T5409] tipc: Enabled bearer , priority 10 [ 186.851966][ T3146] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 186.856678][ T5421] netlink: 12 bytes leftover after parsing attributes in process `syz.0.305'. [ 186.873932][ T5421] tipc: Disabling bearer [ 186.902782][ T3146] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 186.935560][ T5409] tipc: Enabling of bearer rejected, failed to enable media [ 186.958178][ T3146] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.987922][ T3146] usb 4-1: config 0 descriptor?? [ 187.014488][ T5427] netlink: 8 bytes leftover after parsing attributes in process `syz.2.309'. [ 187.043196][ T5427] netlink: 8 bytes leftover after parsing attributes in process `syz.2.309'. [ 187.129177][ T5430] netlink: 'syz.0.311': attribute type 32 has an invalid length. [ 187.177602][ T26] audit: type=1326 audit(1750102571.221:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5432 comm="syz.1.312" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feeb9797929 code=0x0 [ 187.260389][ T3146] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 187.435491][ T5441] netlink: 'syz.2.315': attribute type 3 has an invalid length. [ 187.529147][ T5441] netlink: 8 bytes leftover after parsing attributes in process `syz.2.315'. [ 188.356748][ T5405] udc-core: couldn't find an available UDC or it's busy [ 188.482399][ T5405] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 188.652877][ T5459] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 188.661779][ T5459] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 188.671264][ T5459] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 188.682564][ T5459] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 188.824526][ T5457] device syzkaller0 entered promiscuous mode [ 188.856081][ T5464] loop2: detected capacity change from 0 to 1024 [ 188.940895][ T5464] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodiscard,,errors=continue. Quota mode: writeback. [ 189.896530][ T5478] DRBG: could not allocate CTR cipher TFM handle: ctr(aes) [ 190.065997][ T4216] usb 4-1: USB disconnect, device number 3 [ 190.217281][ T5491] loop3: detected capacity change from 0 to 512 [ 190.277833][ T5488] lo speed is unknown, defaulting to 1000 [ 190.488647][ T5495] device batadv0 entered promiscuous mode [ 190.501709][ T5495] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.073915][ T5488] wlan0 speed is unknown, defaulting to 1000 [ 191.110995][ T5485] loop1: detected capacity change from 0 to 8192 [ 191.128654][ T5491] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 191.245132][ T5491] ext4 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 191.343390][ T5508] loop2: detected capacity change from 0 to 3 [ 191.358447][ T5506] netlink: 4 bytes leftover after parsing attributes in process `syz.4.333'. [ 191.405973][ T5508] squashfs: Unknown parameter 'û' [ 191.459486][ T5491] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.330: bg 0: block 13312: padding at end of block bitmap is not set [ 192.344366][ T7] Bluetooth: hci1: command 0x0406 tx timeout [ 192.352250][ T7] Bluetooth: hci2: command 0x0406 tx timeout [ 192.358538][ T7] Bluetooth: hci3: command 0x0406 tx timeout [ 192.366031][ T7] Bluetooth: hci0: command 0x0406 tx timeout [ 194.644488][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.651362][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.685207][ T3146] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 194.689461][ T5537] loop2: detected capacity change from 0 to 512 [ 194.745063][ T5537] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 195.047361][ T5537] EXT4-fs (loop2): 1 orphan inode deleted [ 195.094095][ T5537] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 195.160500][ T5545] loop0: detected capacity change from 0 to 32768 [ 195.169696][ T5537] ext4 filesystem being mounted at /71/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 195.286186][ T3146] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 195.368501][ T3146] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 195.553901][ T3146] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.929618][ T3146] usb 2-1: config 0 descriptor?? [ 195.954879][ T3146] usb 2-1: can't set config #0, error -71 [ 195.979897][ T3146] usb 2-1: USB disconnect, device number 3 [ 196.158719][ T26] audit: type=1326 audit(1750102580.202:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5559 comm="syz.0.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 196.270113][ T26] audit: type=1326 audit(1750102580.202:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5559 comm="syz.0.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 197.814218][ T26] audit: type=1326 audit(1750102580.252:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5559 comm="syz.0.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 198.193274][ T5573] loop1: detected capacity change from 0 to 32768 [ 198.201178][ T26] audit: type=1326 audit(1750102580.252:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5559 comm="syz.0.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 198.249744][ T26] audit: type=1326 audit(1750102580.252:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5559 comm="syz.0.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 198.316833][ T5573] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 198.325495][ T5573] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 198.339332][ T5573] gfs2: fsid=syz:syz.0: journal 0 mapped with 7 extents in 0ms [ 198.348956][ T26] audit: type=1326 audit(1750102580.252:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5559 comm="syz.0.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=242 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 198.374844][ T7] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 198.394511][ T7] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 198.484721][ T7] attempt to access beyond end of device [ 198.484721][ T7] loop1: rw=0, want=402653192, limit=32768 [ 198.517247][ T26] audit: type=1326 audit(1750102580.252:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5559 comm="syz.0.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 198.558968][ T7] gfs2: fsid=syz:syz.0: jid=0: Failed [ 198.602653][ T5573] gfs2: fsid=syz:syz.0: error recovering journal 0: -5 [ 198.750157][ T26] audit: type=1326 audit(1750102580.252:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5559 comm="syz.0.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 199.362205][ T26] audit: type=1326 audit(1750102580.252:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5559 comm="syz.0.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 199.638727][ T26] audit: type=1326 audit(1750102580.252:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5559 comm="syz.0.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ba652b929 code=0x7ffc0000 [ 200.948730][ T5597] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 201.002948][ T5599] netlink: 4 bytes leftover after parsing attributes in process `syz.1.357'. [ 201.022703][ T4161] wlan1: authenticate with 08:02:11:00:00:00 [ 201.049626][ T4161] wlan1: No basic rates, using min rate instead [ 201.072365][ T4161] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 201.197093][ T373] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 201.298787][ T5603] netlink: 'syz.3.358': attribute type 10 has an invalid length. [ 201.319904][ T5606] loop0: detected capacity change from 0 to 128 [ 201.334195][ T4253] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 201.391191][ T5603] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.409562][ T5606] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 201.412720][ T5603] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 201.455275][ T4253] wlan1: authentication with 08:02:11:00:00:00 timed out [ 201.463295][ T5604] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 201.494928][ T5606] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 201.509987][ T5604] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 201.536681][ T5604] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 201.561242][ T5604] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 201.632677][ T144] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 201.653531][ T5604] bond0: (slave batadv0): Releasing backup interface [ 201.751003][ T5606] netlink: 24 bytes leftover after parsing attributes in process `syz.0.359'. [ 201.968062][ T5617] netlink: 8 bytes leftover after parsing attributes in process `syz.3.361'. [ 202.229944][ T26] kauditd_printk_skb: 23 callbacks suppressed [ 202.229962][ T26] audit: type=1326 audit(1750102586.273:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5624 comm="syz.0.364" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1ba652b929 code=0x0 [ 204.532281][ T5651] netlink: 'syz.0.371': attribute type 3 has an invalid length. [ 205.357461][ T5653] netlink: 8 bytes leftover after parsing attributes in process `syz.0.371'. [ 205.616793][ T5662] loop0: detected capacity change from 0 to 256 [ 205.645959][ T5660] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 205.667398][ T5660] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 205.761905][ T5663] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 205.922293][ T5669] loop0: detected capacity change from 0 to 1024 [ 206.761465][ T5681] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 206.787562][ T5681] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 207.088090][ T5683] kvm [5682]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x100000000 [ 207.099248][ T5683] kvm [5682]: vcpu0, guest rIP: 0x1b8 disabled perfctr wrmsr: 0xc1 data 0x0 [ 207.115520][ T5683] kvm [5682]: vcpu0, guest rIP: 0x18e ignored wrmsr: 0x11e data 0x80 [ 207.137169][ T5683] kvm [5682]: vcpu0, guest rIP: 0x1b8 ignored wrmsr: 0x11e data 0xbe702111 [ 207.164762][ T5683] kvm [5682]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x186 data 0x80 [ 207.256303][ T5690] netlink: 'syz.2.385': attribute type 10 has an invalid length. [ 207.302119][ T5690] netlink: 40 bytes leftover after parsing attributes in process `syz.2.385'. [ 207.329498][ T5690] netlink: 'syz.2.385': attribute type 10 has an invalid length. [ 207.381261][ T5690] netlink: 40 bytes leftover after parsing attributes in process `syz.2.385'. [ 208.242285][ T5699] netlink: 'syz.3.387': attribute type 3 has an invalid length. [ 208.676834][ T5705] netlink: 8 bytes leftover after parsing attributes in process `syz.3.387'. [ 209.266392][ T4213] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 209.312466][ T5711] tipc: Started in network mode [ 209.319136][ T5711] tipc: Node identity 5ab84c90efe8, cluster identity 4711 [ 209.328328][ T5711] tipc: Enabled bearer , priority 0 [ 209.338966][ T5711] device syzkaller0 entered promiscuous mode [ 209.350374][ T5709] tipc: Started in network mode [ 209.358744][ T5709] tipc: Node identity 7f000001, cluster identity 4711 [ 209.367641][ T5709] tipc: Enabling of bearer rejected, failed to enable media [ 209.396555][ T5711] tipc: Resetting bearer [ 209.425457][ T5709] tipc: Enabling of bearer rejected, failed to enable media [ 209.449034][ T5710] tipc: Resetting bearer [ 209.476442][ T5710] tipc: Disabling bearer [ 209.605226][ T5717] netlink: 'syz.4.404': attribute type 3 has an invalid length. [ 209.664502][ T4213] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 209.697644][ T4213] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 209.737535][ T4213] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 209.782541][ T4213] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 209.819021][ T4213] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.871632][ T4213] usb 3-1: config 0 descriptor?? [ 209.981192][ T5720] loop3: detected capacity change from 0 to 40427 [ 209.997936][ T5722] netlink: 8 bytes leftover after parsing attributes in process `syz.4.404'. [ 210.104064][ T5720] F2FS-fs (loop3): invalid crc value [ 210.157014][ T5720] F2FS-fs (loop3): Found nat_bits in checkpoint [ 210.232031][ T5720] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 210.381701][ T4213] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 210.432463][ T5728] loop4: detected capacity change from 0 to 512 [ 210.520069][ T4213] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 210.670371][ T5730] attempt to access beyond end of device [ 210.670371][ T5730] loop3: rw=10241, want=45104, limit=40427 [ 211.100071][ T4177] attempt to access beyond end of device [ 211.100071][ T4177] loop3: rw=2049, want=45112, limit=40427 [ 211.193498][ T5728] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 211.231462][ T5728] ext4 filesystem being mounted at /87/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 211.369185][ T5737] loop1: detected capacity change from 0 to 512 [ 211.551882][ T5737] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.398: bg 0: block 248: padding at end of block bitmap is not set [ 211.594765][ T5737] Quota error (device loop1): write_blk: dquota write failed [ 211.636253][ T5737] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 211.690757][ T5737] EXT4-fs error (device loop1): ext4_acquire_dquot:6204: comm syz.1.398: Failed to acquire dquot type 1 [ 211.734852][ T5737] EXT4-fs (loop1): 1 truncate cleaned up [ 211.740918][ T5737] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 211.761188][ T5737] ext4 filesystem being mounted at /79/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 211.881949][ T5737] tipc: Enabled bearer , priority 10 [ 212.016009][ T373] Quota error (device loop1): remove_tree: Getting block too big (0 >= 6) [ 212.285486][ T373] EXT4-fs error (device loop1): ext4_release_dquot:6240: comm kworker/u4:3: Failed to release dquot type 1 [ 214.219848][ T4215] tipc: Node number set to 3041938576 [ 214.461970][ T5753] loop4: detected capacity change from 0 to 32768 [ 214.489737][ T5755] netlink: 56 bytes leftover after parsing attributes in process `syz.3.396'. [ 215.217013][ T5753] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 215.349115][ T5757] loop1: detected capacity change from 0 to 32768 [ 217.088103][ T5772] tipc: Enabled bearer , priority 10 [ 217.106581][ T4183] ocfs2: Unmounting device (7,4) on (node local) [ 217.120495][ T5774] netlink: 'syz.3.407': attribute type 10 has an invalid length. [ 217.163315][ T5774] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.170971][ T5774] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.197035][ T5774] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.204630][ T5774] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.213198][ T5774] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.220503][ T5774] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.240450][ T5774] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 217.260516][ T5777] netlink: 4 bytes leftover after parsing attributes in process `syz.3.407'. [ 217.320044][ T5777] device bridge_slave_1 left promiscuous mode [ 217.327373][ T4215] usb 3-1: USB disconnect, device number 2 [ 217.334139][ T5777] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.399254][ T5777] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.442601][ T5777] bond0: (slave bridge0): Releasing backup interface [ 217.582194][ T5772] tipc: Bearer : already 2 bearers with priority 10 [ 217.590319][ T5772] tipc: Bearer : trying with adjusted priority [ 217.604491][ T5772] tipc: Enabling of bearer rejected, failed to enable media [ 217.616933][ T5780] device syzkaller0 entered promiscuous mode [ 217.637677][ T5776] tipc: Enabled bearer , priority 0 [ 217.689199][ T5776] tipc: Resetting bearer [ 217.712970][ T5776] tipc: Disabling bearer [ 219.955267][ T5789] loop1: detected capacity change from 0 to 128 [ 220.108058][ T5801] loop2: detected capacity change from 0 to 512 [ 220.166358][ T5789] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 220.238242][ T5789] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 220.860921][ T5801] EXT4-fs (loop2): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,max_dir_size_kb=0x0000000000010000,quota,,errors=continue. Quota mode: writeback. [ 220.944636][ T5801] ext4 filesystem being mounted at /83/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 220.993680][ T5792] netlink: 24 bytes leftover after parsing attributes in process `syz.1.409'. [ 221.051189][ T4253] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 221.197794][ T5821] device syzkaller0 entered promiscuous mode [ 221.429702][ T5826] loop2: detected capacity change from 0 to 32768 [ 221.701113][ T5826] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 223.688491][ T4171] ocfs2: Unmounting device (7,2) on (node local) [ 223.886971][ T5849] netlink: 'syz.0.428': attribute type 10 has an invalid length. [ 224.895208][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.903584][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.954424][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.962533][ T5849] bridge0: port 2(bridge_slave_1) entered forwarding state [ 224.971307][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.979155][ T5849] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.004166][ T5849] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 225.067657][ T5857] netlink: 4 bytes leftover after parsing attributes in process `syz.0.428'. [ 225.119757][ T5857] device bridge_slave_1 left promiscuous mode [ 225.134313][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.146263][ T5857] device bridge_slave_0 left promiscuous mode [ 225.154173][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.179311][ T4215] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 225.190388][ T5857] bond0: (slave bridge0): Releasing backup interface [ 225.242052][ T5868] netlink: 'syz.1.430': attribute type 3 has an invalid length. [ 225.370333][ T5867] netlink: 8 bytes leftover after parsing attributes in process `syz.1.430'. [ 225.405663][ T5870] loop2: detected capacity change from 0 to 128 [ 225.515223][ T5870] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 225.569489][ T5870] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 225.595854][ T4215] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 225.606772][ T4215] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 225.644352][ T5870] netlink: 24 bytes leftover after parsing attributes in process `syz.2.433'. [ 225.655211][ T4253] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 225.721490][ T4215] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 225.731045][ T4215] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 225.740015][ T4215] usb 4-1: Manufacturer: syz [ 225.754564][ T4215] usb 4-1: config 0 descriptor?? [ 226.135263][ T5873] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 226.383395][ T5880] udc-core: couldn't find an available UDC or it's busy [ 226.484207][ T5880] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 226.701547][ T4215] rc_core: IR keymap rc-hauppauge not found [ 226.713610][ T4215] Registered IR keymap rc-empty [ 227.034155][ T4215] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 227.284810][ T4215] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input5 [ 228.347872][ T4232] usb 4-1: USB disconnect, device number 4 [ 230.294240][ T5919] netlink: 8 bytes leftover after parsing attributes in process `syz.1.445'. [ 232.819572][ T5945] netlink: 4 bytes leftover after parsing attributes in process `syz.2.450'. [ 236.061355][ T5975] loop3: detected capacity change from 0 to 8 [ 236.120924][ T5975] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 236.134495][ T5972] loop4: detected capacity change from 0 to 2048 [ 236.248893][ T4305] udevd[4305]: incorrect cramfs checksum on /dev/loop3 [ 236.536990][ T4305] udevd[4305]: incorrect cramfs checksum on /dev/loop3 [ 236.580151][ T5972] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 238.066742][ T5982] cramfs: Error -3 while decompressing! [ 238.073444][ T5982] cramfs: ffffffff961ca228(26)->ffff88807f290000(4096) [ 238.081174][ T5982] cramfs: Error -3 while decompressing! [ 238.086944][ T5982] cramfs: ffffffff961ca242(26)->ffff888055b31000(4096) [ 238.094459][ T5982] cramfs: Error -3 while decompressing! [ 238.100976][ T5982] cramfs: ffffffff961ca25c(16)->ffff88805653b000(4096) [ 238.108439][ T5982] cramfs: Error -3 while decompressing! [ 238.114367][ T5982] cramfs: ffffffff961ca228(26)->ffff88807f290000(4096) [ 238.597228][ T5995] netlink: 'syz.3.461': attribute type 1 has an invalid length. [ 238.658175][ T5993] lo speed is unknown, defaulting to 1000 [ 238.666704][ T5993] wlan0 speed is unknown, defaulting to 1000 [ 238.939411][ T5995] device veth3 entered promiscuous mode [ 238.962532][ T5995] bond1: (slave veth3): Enslaving as a backup interface with a down link [ 240.868843][ T6013] loop4: detected capacity change from 0 to 40427 [ 240.922545][ T6013] F2FS-fs (loop4): invalid crc value [ 240.966162][ T6013] F2FS-fs (loop4): Found nat_bits in checkpoint [ 241.092824][ T6013] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 245.102338][ T4216] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 247.838743][ T4216] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 247.866036][ T4216] usb 5-1: can't read configurations, error -71 [ 248.740242][ T6074] lo speed is unknown, defaulting to 1000 [ 248.747327][ T6074] wlan0 speed is unknown, defaulting to 1000 [ 248.946556][ T6084] loop3: detected capacity change from 0 to 512 [ 249.053377][ T6088] bridge0: port 3(syz_tun) entered blocking state [ 249.126345][ T6088] bridge0: port 3(syz_tun) entered disabled state [ 249.215123][ T6094] loop2: detected capacity change from 0 to 512 [ 249.254698][ T6088] device syz_tun entered promiscuous mode [ 249.263112][ T6096] netlink: 64 bytes leftover after parsing attributes in process `syz.0.484'. [ 249.337068][ T6084] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.482: bg 0: block 248: padding at end of block bitmap is not set [ 249.359210][ T6099] netlink: 'syz.0.484': attribute type 11 has an invalid length. [ 249.368470][ T6099] netlink: 428 bytes leftover after parsing attributes in process `syz.0.484'. [ 249.472040][ T6101] loop4: detected capacity change from 0 to 16 [ 249.523435][ T6084] Quota error (device loop3): write_blk: dquota write failed [ 249.650603][ T6101] erofs: (device loop4): mounted with root inode @ nid 36. [ 249.703507][ T6101] erofs: (device loop4): z_erofs_extent_lookback: unknown type 3 @ lcn 9 of nid 36 [ 249.713866][ T6101] erofs: (device loop4): z_erofs_readahead: readahead error at page 10 @ nid 36 [ 249.723718][ T6101] erofs: (device loop4): z_erofs_map_blocks_iter: unknown type 3 @ offset 40959 of nid 36 [ 249.734119][ T6101] erofs: (device loop4): z_erofs_readahead: readahead error at page 9 @ nid 36 [ 249.746085][ T6101] attempt to access beyond end of device [ 249.746085][ T6101] loop4: rw=524288, want=67108888, limit=16 [ 249.760833][ T6101] attempt to access beyond end of device [ 249.760833][ T6101] loop4: rw=524288, want=728, limit=16 [ 249.955594][ T6084] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 249.991007][ T6094] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 250.004129][ T6084] EXT4-fs error (device loop3): ext4_acquire_dquot:6204: comm syz.3.482: Failed to acquire dquot type 1 [ 250.060376][ T6094] ext4 filesystem being mounted at /99/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 250.080034][ T6084] EXT4-fs (loop3): 1 truncate cleaned up [ 250.085751][ T6084] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 250.138550][ T6084] ext4 filesystem being mounted at /89/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 250.408982][ T6084] tipc: Enabled bearer , priority 10 [ 250.678698][ T4372] Quota error (device loop3): remove_tree: Getting block too big (0 >= 6) [ 250.687610][ T4372] EXT4-fs error (device loop3): ext4_release_dquot:6240: comm kworker/u4:11: Failed to release dquot type 1 [ 250.862120][ T6114] netlink: 20 bytes leftover after parsing attributes in process `syz.1.494'. [ 250.875561][ T6114] netlink: 4 bytes leftover after parsing attributes in process `syz.1.494'. [ 251.075331][ T6116] loop2: detected capacity change from 0 to 4096 [ 251.124762][ T6116] ntfs3: loop2: Different NTFS' sector size (1024) and media sector size (512) [ 255.910938][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.918101][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.180626][ T6140] lo speed is unknown, defaulting to 1000 [ 256.188092][ T6140] wlan0 speed is unknown, defaulting to 1000 [ 256.823333][ T6162] loop4: detected capacity change from 0 to 512 [ 257.240282][ T6168] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 257.698581][ T6167] loop3: detected capacity change from 0 to 512 [ 257.893430][ T6162] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.504: bg 0: block 248: padding at end of block bitmap is not set [ 258.008320][ T6166] block device autoloading is deprecated. It will be removed in Linux 5.19 [ 258.134421][ T6162] Quota error (device loop4): write_blk: dquota write failed [ 258.164103][ T6162] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 258.661073][ T6162] EXT4-fs error (device loop4): ext4_acquire_dquot:6204: comm syz.4.504: Failed to acquire dquot type 1 [ 258.885066][ T6167] EXT4-fs (loop3): 1 orphan inode deleted [ 258.944447][ T6162] EXT4-fs (loop4): 1 truncate cleaned up [ 259.017509][ T6167] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 259.077502][ T6162] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 259.095190][ T6167] ext4 filesystem being mounted at /93/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 259.143779][ T6162] ext4 filesystem being mounted at /110/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 263.225505][ T6203] loop1: detected capacity change from 0 to 4096 [ 263.275726][ T6203] ntfs3: loop1: Different NTFS' sector size (1024) and media sector size (512) [ 263.299063][ T4213] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 263.714363][ T4213] usb 4-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 263.736718][ T4213] usb 4-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0 [ 263.756723][ T4213] usb 4-1: config 0 interface 0 has no altsetting 0 [ 263.774145][ T4213] usb 4-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00 [ 263.794224][ T4213] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.058703][ T4213] usb 4-1: config 0 descriptor?? [ 266.696342][ T4213] usbhid 4-1:0.0: can't add hid device: -71 [ 266.702905][ T4213] usbhid: probe of 4-1:0.0 failed with error -71 [ 266.757341][ T4213] usb 4-1: USB disconnect, device number 5 [ 268.135891][ T6244] loop2: detected capacity change from 0 to 2048 [ 269.793782][ T6250] loop1: detected capacity change from 0 to 1024 [ 270.165268][ T6244] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 270.192398][ T6250] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpjquota=,,errors=continue. Quota mode: writeback. [ 270.749578][ T6255] loop4: detected capacity change from 0 to 40427 [ 270.914482][ T6255] F2FS-fs (loop4): invalid crc value [ 270.953367][ T6260] loop3: detected capacity change from 0 to 8 [ 270.974521][ T6255] F2FS-fs (loop4): Found nat_bits in checkpoint [ 271.071471][ T6255] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 271.293630][ T6269] loop0: detected capacity change from 0 to 512 [ 271.404857][ T6271] attempt to access beyond end of device [ 271.404857][ T6271] loop4: rw=10241, want=45104, limit=40427 [ 271.846179][ T4183] attempt to access beyond end of device [ 271.846179][ T4183] loop4: rw=2049, want=45112, limit=40427 [ 272.701297][ T6269] EXT4-fs warning (device loop0): ext4_fill_super:3982: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 273.284111][ T6260] SQUASHFS error: lzo decompression failed, data probably corrupt [ 273.477973][ T4399] udevd[4399]: incorrect ext4 checksum on /dev/loop0 [ 273.515561][ T6269] EXT4-fs (loop0): VFS: Found ext4 filesystem with unknown checksum algorithm. [ 273.525825][ T6260] SQUASHFS error: Failed to read block 0x144: -5 [ 273.532290][ T6260] SQUASHFS error: Unable to read metadata cache entry [142] [ 273.665544][ T6260] SQUASHFS error: Unable to read inode 0x11f [ 273.753626][ T4399] udevd[4399]: incorrect ext4 checksum on /dev/loop0 [ 277.553691][ T6285] lo speed is unknown, defaulting to 1000 [ 277.626568][ T6285] wlan0 speed is unknown, defaulting to 1000 [ 278.439480][ T21] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 279.909116][ T6317] loop3: detected capacity change from 0 to 256 [ 280.201895][ T6317] FAT-fs (loop3): bogus number of FAT sectors [ 280.246029][ T6317] FAT-fs (loop3): Can't find a valid FAT filesystem [ 280.265581][ T6321] tipc: Enabled bearer , priority 0 [ 281.296304][ T4245] tipc: Node number set to 2886997007 [ 281.351590][ T6319] tipc: Resetting bearer [ 281.377281][ T6317] loop3: detected capacity change from 0 to 1024 [ 282.583408][ T6319] tipc: Disabling bearer [ 283.513615][ T6343] Device name cannot be null; rc = [-22] [ 283.528555][ T6343] loop0: detected capacity change from 0 to 128 [ 283.779764][ T6346] loop1: detected capacity change from 0 to 2048 [ 283.880471][ T6349] loop3: detected capacity change from 0 to 512 [ 284.789561][ T6352] netlink: 'syz.2.557': attribute type 1 has an invalid length. [ 284.846730][ T6352] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 284.882397][ T6352] device veth5 entered promiscuous mode [ 284.893826][ T6352] bond1: (slave veth5): Enslaving as a backup interface with a down link [ 285.339467][ T6343] affs: Unrecognized mount option "verb" or missing value [ 285.347480][ T6343] affs: Error parsing options [ 285.372606][ T6349] EXT4-fs (loop3): Ignoring removed nobh option [ 285.428870][ T6346] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 285.440989][ T6349] EXT4-fs (loop3): Unrecognized mount option "" or missing value [ 285.630032][ T6355] loop2: detected capacity change from 0 to 32768 [ 291.009022][ T6399] loop3: detected capacity change from 0 to 256 [ 291.126400][ T6399] FAT-fs (loop3): Directory bread(block 64) failed [ 291.133154][ T6399] FAT-fs (loop3): Directory bread(block 65) failed [ 291.388711][ T6399] FAT-fs (loop3): Directory bread(block 66) failed [ 291.419355][ T6399] FAT-fs (loop3): Directory bread(block 67) failed [ 292.105733][ T6399] FAT-fs (loop3): Directory bread(block 68) failed [ 292.170441][ T6399] FAT-fs (loop3): Directory bread(block 69) failed [ 292.215259][ T6399] FAT-fs (loop3): Directory bread(block 70) failed [ 292.221998][ T6399] FAT-fs (loop3): Directory bread(block 71) failed [ 292.264031][ T6399] FAT-fs (loop3): Directory bread(block 72) failed [ 292.289241][ T6399] FAT-fs (loop3): Directory bread(block 73) failed [ 299.158249][ T6458] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 299.332369][ T21] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 300.932795][ T21] usb 4-1: config 0 has an invalid interface number: 3 but max is 0 [ 301.372281][ T21] usb 4-1: config 0 has no interface number 0 [ 301.414301][ T21] usb 4-1: config 0 interface 3 altsetting 0 endpoint 0x8 has invalid maxpacket 1024, setting to 64 [ 301.491403][ T21] usb 4-1: config 0 interface 3 altsetting 0 endpoint 0x4 has invalid maxpacket 1023, setting to 64 [ 301.515326][ T21] usb 4-1: config 0 interface 3 altsetting 0 endpoint 0xA has invalid maxpacket 1023, setting to 64 [ 301.528857][ T21] usb 4-1: New USB device found, idVendor=1199, idProduct=6821, bcdDevice=98.59 [ 301.539575][ T21] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.560370][ T21] usb 4-1: config 0 descriptor?? [ 301.645957][ T21] hub 4-1:0.3: bad descriptor, ignoring hub [ 301.898272][ T21] hub: probe of 4-1:0.3 failed with error -5 [ 302.080525][ T21] sierra 4-1:0.3: Sierra USB modem converter detected [ 302.416786][ T21] usb 4-1: Sierra USB modem converter now attached to ttyUSB0 [ 302.556773][ T21] usb 4-1: USB disconnect, device number 6 [ 302.587893][ T21] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 302.649785][ T21] sierra 4-1:0.3: device disconnected [ 304.125734][ T4642] Bluetooth: hci4: command 0x0406 tx timeout [ 304.544476][ T6521] loop2: detected capacity change from 0 to 8 [ 305.311070][ T6519] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 306.384938][ T6545] loop2: detected capacity change from 0 to 2048 [ 306.468290][ T6545] loop2: p1 < > p3 [ 306.500228][ T6545] loop2: p3 size 134217728 extends beyond EOD, truncated [ 307.285464][ T3548] loop2: p1 < > p3 [ 307.322730][ T6557] tipc: Cannot configure node identity twice [ 307.400162][ T3548] loop2: p3 size 134217728 extends beyond EOD, truncated [ 309.199453][ T4305] udevd[4305]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 309.955454][ T4403] udevd[4403]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 313.887444][ T6642] loop0: detected capacity change from 0 to 128 [ 313.982639][ T6639] loop3: detected capacity change from 0 to 40427 [ 314.517851][ T6639] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x1ffff [ 314.526823][ T6639] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x4 [ 314.538136][ T6639] F2FS-fs (loop3): invalid crc value [ 314.641210][ T6639] F2FS-fs (loop3): Found nat_bits in checkpoint [ 314.693022][ T6639] F2FS-fs (loop3): Start checkpoint disabled! [ 314.944465][ T6639] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 316.853410][ T4305] udevd[4305]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 316.899732][ T4403] udevd[4403]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 317.287419][ T6662] loop2: detected capacity change from 0 to 190 [ 317.509440][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.516168][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.243152][ T6672] IPVS: set_ctl: invalid protocol: 11612 224.0.0.2:21 [ 318.467686][ T6672] ODEBUG: Out of memory. ODEBUG disabled [ 318.566148][ T6662] ntfs: (device loop2): is_boot_sector_ntfs(): Invalid boot sector checksum. [ 319.790426][ T6662] ntfs: (device loop2): ntfs_read_locked_inode(): $STANDARD_INFORMATION attribute is missing. [ 319.828567][ T6662] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 319.842920][ T6662] ntfs: (device loop2): load_system_files(): Failed to load $MFTMirr. Will not be able to remount read-write. Run ntfsfix and/or chkdsk. [ 320.233347][ T6662] ntfs: volume version 3.1. [ 320.343519][ T6662] ntfs: (device loop2): load_system_files(): Volume is dirty. Will not be able to remount read-write. Run chkdsk and mount in Windows. [ 320.580686][ T6662] ntfs: (device loop2): ntfs_read_locked_inode(): Inode is an extent inode! [ 320.708662][ T6662] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x2 as bad. Run chkdsk. [ 320.908625][ T6662] ntfs: (device loop2): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 321.514656][ T6662] ntfs: (device loop2): ntfs_lookup_inode_by_name(): No index allocation attribute but index entry requires one. Directory inode 0x5 is corrupt or driver bug. [ 323.292182][ T6662] ntfs: (device loop2): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 323.319201][ T6662] attempt to access beyond end of device [ 323.319201][ T6662] loop2: rw=0, want=232, limit=190 [ 323.409705][ T4232] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 324.738661][ T6721] loop0: detected capacity change from 0 to 512 [ 325.260171][ T4232] usb 2-1: string descriptor 0 read error: -71 [ 325.282138][ T4232] usb 2-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 325.425182][ T4232] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 325.489440][ T6722] delete_channel: no stack [ 325.714832][ T4232] r8152-cfgselector 2-1: config 0 descriptor?? [ 325.859575][ T4232] r8152-cfgselector 2-1: can't set config #0, error -71 [ 325.999168][ T4232] r8152-cfgselector 2-1: Unknown version 0x0000 [ 326.693862][ T4232] r8152-cfgselector 2-1: USB disconnect, device number 4 [ 327.379181][ T6721] EXT4-fs: error -4 creating inode table initialization thread [ 327.425925][ T6721] EXT4-fs (loop0): mount failed [ 333.865178][ T6778] block device autoloading is deprecated. It will be removed in Linux 5.19 [ 334.975679][ T6785] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.884607][ T6801] loop3: detected capacity change from 0 to 2048 [ 336.915775][ T6785] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.946033][ T6801] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 129: 0x32 != 0x7d [ 337.750828][ T6801] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 338.565623][ T6808] delete_channel: no stack [ 338.678669][ T6785] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 338.966548][ T6785] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 338.967708][ T4232] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 339.061222][ T6815] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 339.070613][ T6815] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 339.257654][ T4232] usb 3-1: Using ep0 maxpacket: 16 [ 340.587701][ T4232] usb 3-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 340.632919][ T4232] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 341.586154][ T6785] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.620591][ T6785] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.642648][ T4232] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 341.678831][ T6785] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.687879][ T4232] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 341.708259][ T6785] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.717569][ T4232] usb 3-1: Product: syz [ 341.721986][ T4232] usb 3-1: Manufacturer: syz [ 341.747564][ T4232] usb 3-1: can't set config #1, error -71 [ 341.757837][ T4232] usb 3-1: USB disconnect, device number 3 [ 342.241050][ T6891] xt_hashlimit: size too large, truncated to 1048576 [ 342.249507][ T6891] xt_hashlimit: Unknown mode mask 80FF, kernel too old? [ 348.451639][ T6938] loop0: detected capacity change from 0 to 2048 [ 355.931710][ T6948] delete_channel: no stack [ 356.686430][ T6946] delete_channel: no stack [ 356.692481][ T4305] udevd[4305]: incorrect nilfs2 checksum on /dev/loop0 [ 361.038474][ T6998] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 361.165773][ T6998] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 363.298266][ T7025] loop3: detected capacity change from 0 to 4096 [ 363.361596][ T7035] netlink: 12 bytes leftover after parsing attributes in process `syz.4.722'. [ 363.451774][ T7025] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 363.540491][ T7035] bridge3: port 1(ip6gretap1) entered blocking state [ 363.690061][ T7035] bridge3: port 1(ip6gretap1) entered disabled state [ 364.183355][ T7025] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 364.193632][ T7035] device ip6gretap1 entered promiscuous mode [ 364.347526][ T7039] device veth5 entered promiscuous mode [ 364.353788][ T7039] bridge3: port 2(veth5) entered blocking state [ 364.394508][ T7039] bridge3: port 2(veth5) entered disabled state [ 364.483662][ T7034] kvm [7030]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc2 data 0x4000 [ 364.535607][ T7047] netlink: 20 bytes leftover after parsing attributes in process `syz.2.723'. [ 364.584369][ T7034] kvm [7030]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000 [ 364.660844][ T7047] device vlan0 entered promiscuous mode [ 364.711013][ T7047] device team0 entered promiscuous mode [ 364.864730][ T7047] device team_slave_0 entered promiscuous mode [ 365.282726][ T7047] device team_slave_1 entered promiscuous mode [ 365.290739][ T7047] device vxlan0 entered promiscuous mode [ 366.648895][ T7066] loop3: detected capacity change from 0 to 40427 [ 366.983113][ T7066] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 366.991561][ T7066] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 367.019373][ T7066] F2FS-fs (loop3): invalid crc value [ 367.398310][ T7066] F2FS-fs (loop3): Found nat_bits in checkpoint [ 367.490639][ T7077] xt_ecn: cannot match TCP bits for non-tcp packets [ 367.631746][ T7066] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 367.631848][ T7066] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 375.733535][ T7127] netlink: 20 bytes leftover after parsing attributes in process `syz.1.743'. [ 375.913912][ T7127] 8021q: VLANs not supported on gre0 [ 378.776376][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.783812][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.839794][ T7157] loop4: detected capacity change from 0 to 128 [ 380.201463][ T7167] netlink: 8 bytes leftover after parsing attributes in process `syz.1.752'. [ 380.784599][ T7157] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 380.822384][ T7157] ext4 filesystem being mounted at /162/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 380.876304][ T7179] loop0: detected capacity change from 0 to 256 [ 381.621317][ T7185] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma? [ 385.238809][ T7179] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 385.334212][ T7179] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 385.747336][ T7202] loop3: detected capacity change from 0 to 128 [ 386.054707][ T7204] loop4: detected capacity change from 0 to 1024 [ 387.409734][ T7197] netlink: 12 bytes leftover after parsing attributes in process `syz.0.761'. [ 387.483416][ T7202] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 387.495255][ T7204] EXT4-fs (loop4): Ignoring removed bh option [ 387.515569][ T7202] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 388.365738][ T7204] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,acl,max_batch_time=0x0000000000000007,user_xattr,bh,errors=remount-ro,. Quota mode: none. [ 396.547612][ T7251] loop4: detected capacity change from 0 to 256 [ 396.739920][ T7257] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma? [ 400.009945][ T7266] loop3: detected capacity change from 0 to 2048 [ 400.022776][ T7251] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 400.041040][ T7251] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 400.759609][ T7266] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodioread_nolock,noload,acl,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 401.943079][ T7284] loop4: detected capacity change from 0 to 40427 [ 402.035298][ T7284] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 402.043750][ T7284] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 402.057045][ T7284] F2FS-fs (loop4): invalid crc value [ 402.272515][ T7284] F2FS-fs (loop4): Found nat_bits in checkpoint [ 402.323190][ T7284] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 402.330635][ T7284] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 405.424539][ T7307] loop2: detected capacity change from 0 to 256 [ 405.926809][ T7307] FAT-fs (loop2): Directory bread(block 64) failed [ 405.934380][ T7307] FAT-fs (loop2): Directory bread(block 65) failed [ 405.942589][ T7307] FAT-fs (loop2): Directory bread(block 66) failed [ 405.950536][ T7307] FAT-fs (loop2): Directory bread(block 67) failed [ 405.959091][ T7307] FAT-fs (loop2): Directory bread(block 68) failed [ 405.966749][ T7307] FAT-fs (loop2): Directory bread(block 69) failed [ 405.975701][ T7307] FAT-fs (loop2): Directory bread(block 70) failed [ 405.983513][ T7307] FAT-fs (loop2): Directory bread(block 71) failed [ 405.990432][ T7307] FAT-fs (loop2): Directory bread(block 72) failed [ 405.997636][ T7307] FAT-fs (loop2): Directory bread(block 73) failed [ 406.425781][ T7309] loop0: detected capacity change from 0 to 128 [ 406.632094][ T7309] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000002,nouid32,,errors=continue. Quota mode: none. [ 406.725739][ T7309] ext4 filesystem being mounted at /149/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 407.435690][ T7318] lo speed is unknown, defaulting to 1000 [ 407.451833][ T7318] wlan0 speed is unknown, defaulting to 1000 [ 408.802271][ T4216] Bluetooth: hci3: command 0x0409 tx timeout [ 411.614599][ T7341] loop0: detected capacity change from 0 to 1024 [ 411.841050][ T7341] hfsplus: bad catalog file entry [ 411.847530][ T7341] hfsplus: failed to load root directory [ 412.199545][ T7] Bluetooth: hci3: command 0x041b tx timeout [ 412.375079][ T7346] loop2: detected capacity change from 0 to 40427 [ 412.425916][ T7346] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 412.435078][ T7346] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 412.475012][ T7346] F2FS-fs (loop2): invalid crc value [ 412.640271][ T7346] F2FS-fs (loop2): Found nat_bits in checkpoint [ 413.108988][ T7361] loop0: detected capacity change from 0 to 40427 [ 413.172929][ T7346] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 413.180982][ T7346] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 414.490285][ T7361] F2FS-fs (loop0): invalid crc value [ 415.169391][ T4216] Bluetooth: hci3: command 0x040f tx timeout [ 415.276324][ T7361] F2FS-fs (loop0): Found nat_bits in checkpoint [ 415.325998][ T7361] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 415.452356][ T7318] chnl_net:caif_netlink_parms(): no params data found [ 416.377126][ T4170] attempt to access beyond end of device [ 416.377126][ T4170] loop0: rw=2049, want=45104, limit=40427 [ 416.785435][ T7370] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 416.927532][ T7370] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 417.218093][ T7384] loop3: detected capacity change from 0 to 40427 [ 417.259981][ T4216] Bluetooth: hci3: command 0x0419 tx timeout [ 417.269062][ T7318] bridge0: port 1(bridge_slave_0) entered blocking state [ 417.283539][ T7384] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 417.292291][ T7384] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 417.311530][ T7384] F2FS-fs (loop3): invalid crc value [ 417.328536][ T7318] bridge0: port 1(bridge_slave_0) entered disabled state [ 417.345713][ T7318] device bridge_slave_0 entered promiscuous mode [ 417.384070][ T7384] F2FS-fs (loop3): Found nat_bits in checkpoint [ 417.421123][ T7318] bridge0: port 2(bridge_slave_1) entered blocking state [ 417.432684][ T7384] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 417.440045][ T7384] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 417.441722][ T7393] Set syz1 is full, maxelem 1038 reached [ 417.482521][ T7318] bridge0: port 2(bridge_slave_1) entered disabled state [ 417.499839][ T7318] device bridge_slave_1 entered promiscuous mode [ 417.708265][ T7318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 417.728886][ T7318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 417.803665][ T7402] attempt to access beyond end of device [ 417.803665][ T7402] loop3: rw=2049, want=78344, limit=40427 [ 418.628865][ T7318] team0: Port device team_slave_0 added [ 419.185111][ T7318] team0: Port device team_slave_1 added [ 419.695071][ T7318] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 419.781996][ T7318] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 420.564035][ T7318] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 420.777532][ T7318] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 420.907318][ T7318] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 421.702613][ T7318] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 422.463812][ T7426] Device name cannot be null; rc = [-22] [ 422.483993][ T7426] loop4: detected capacity change from 0 to 128 [ 422.633827][ T7426] affs: Unrecognized mount option "verb" or missing value [ 422.641498][ T7426] affs: Error parsing options [ 423.404344][ T7318] device hsr_slave_0 entered promiscuous mode [ 424.231842][ T7318] device hsr_slave_1 entered promiscuous mode [ 424.327948][ T7318] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 424.345170][ T7318] Cannot create hsr debugfs directory [ 424.464562][ T7435] loop4: detected capacity change from 0 to 512 [ 424.568714][ T7435] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 424.589163][ T7435] EXT4-fs (loop4): Ignoring removed bh option [ 424.595712][ T7435] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 424.765207][ T7438] loop0: detected capacity change from 0 to 32768 [ 426.189194][ T7435] EXT4-fs (loop4): 1 truncate cleaned up [ 426.274708][ T7435] EXT4-fs (loop4): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000002,mblk_io_submit,bh,auto_da_alloc,barrier,quota,nogrpid,,errors=continue. Quota mode: writeback. [ 426.405391][ T7318] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 428.219851][ T7455] lo speed is unknown, defaulting to 1000 [ 428.316910][ T7455] lo speed is unknown, defaulting to 1000 [ 428.461647][ T7455] lo speed is unknown, defaulting to 1000 [ 428.474645][ T7455] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 428.669424][ T7455] lo speed is unknown, defaulting to 1000 [ 428.677363][ T7455] lo speed is unknown, defaulting to 1000 [ 428.684406][ T7455] lo speed is unknown, defaulting to 1000 [ 428.691553][ T7455] lo speed is unknown, defaulting to 1000 [ 428.699004][ T7455] lo speed is unknown, defaulting to 1000 [ 428.706421][ T7455] lo speed is unknown, defaulting to 1000 [ 429.294915][ T7318] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.751665][ T7318] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.931068][ T7485] loop4: detected capacity change from 0 to 256 [ 432.175044][ T7481] netlink: 8 bytes leftover after parsing attributes in process `syz.2.827'. [ 435.194646][ T7481] 8021q: adding VLAN 0 to HW filter on device macvlan0 [ 435.203730][ T7483] netlink: 8 bytes leftover after parsing attributes in process `syz.2.827'. [ 435.240307][ T7318] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 435.283920][ T7485] FAT-fs (loop4): bogus number of FAT sectors [ 435.474328][ T7485] FAT-fs (loop4): Can't find a valid FAT filesystem [ 437.632252][ T7318] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 437.666004][ T7318] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 438.580167][ T7318] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 438.619686][ T7318] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 439.475588][ T7509] netlink: 24 bytes leftover after parsing attributes in process `syz.2.836'. [ 439.822252][ T7318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 439.842537][ T7521] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 439.847506][ T4305] udevd[4305]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 439.924247][ T4370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 439.939430][ T4370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 439.956717][ T4305] udevd[4305]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 439.975365][ T7318] 8021q: adding VLAN 0 to HW filter on device team0 [ 439.998368][ T7523] Set syz0 is full, maxelem 0 reached [ 440.009619][ T4370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 440.024280][ T4370] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 440.122275][ T4370] bridge0: port 1(bridge_slave_0) entered blocking state [ 440.130639][ T4370] bridge0: port 1(bridge_slave_0) entered forwarding state [ 440.237181][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.244301][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.435766][ T4370] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 441.176288][ T4249] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 441.187511][ T4249] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 441.220632][ T4249] bridge0: port 2(bridge_slave_1) entered blocking state [ 441.228227][ T4249] bridge0: port 2(bridge_slave_1) entered forwarding state [ 441.290436][ T4249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 442.176154][ T4370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 442.209330][ T4370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 442.248399][ T4370] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 442.273550][ T4370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 442.320736][ T4370] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 442.340068][ T4370] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 442.474189][ T7318] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 444.416572][ T7318] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 444.486791][ T4370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 444.529167][ T4370] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 444.559520][ T4370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 444.624291][ T7555] loop2: detected capacity change from 0 to 1024 [ 444.645846][ T4370] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 444.727078][ T4370] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 444.790464][ T7557] netlink: 20 bytes leftover after parsing attributes in process `syz.3.847'. [ 445.737843][ T7565] loop3: detected capacity change from 0 to 128 [ 447.477152][ T4370] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 447.529036][ T4370] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 447.594006][ T7318] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 447.673431][ T7588] xt_connbytes: Forcing CT accounting to be enabled [ 447.683601][ T7588] Cannot find add_set index 0 as target [ 447.783908][ T7585] netlink: 8 bytes leftover after parsing attributes in process `syz.3.855'. [ 448.279840][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 448.290883][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 448.316354][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 448.327157][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 448.339280][ T7318] device veth0_vlan entered promiscuous mode [ 448.349690][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 448.381082][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 448.408988][ T7318] device veth1_vlan entered promiscuous mode [ 448.505443][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 448.515019][ T21] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 448.534846][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 448.587362][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 448.765079][ T21] usb 4-1: Using ep0 maxpacket: 16 [ 448.895765][ T21] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 448.980801][ T21] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 449.431485][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 449.580670][ T7318] device veth0_macvtap entered promiscuous mode [ 449.646153][ T21] usb 4-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=8b.57 [ 449.688725][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 449.706741][ T21] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.754183][ T7318] device veth1_macvtap entered promiscuous mode [ 449.774034][ T21] usb 4-1: Product: syz [ 449.861647][ T7601] netlink: 24 bytes leftover after parsing attributes in process `syz.4.859'. [ 450.426429][ T21] usb 4-1: Manufacturer: syz [ 450.439791][ T21] usb 4-1: SerialNumber: syz [ 450.516301][ T21] usb 4-1: config 0 descriptor?? [ 450.594949][ T21] usb 4-1: can't set config #0, error -71 [ 450.611054][ T21] usb 4-1: USB disconnect, device number 7 [ 450.742672][ T7318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 450.854803][ T7318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 451.727884][ T7614] loop0: detected capacity change from 0 to 1024 [ 451.923976][ T7318] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 452.016033][ T4305] udevd[4305]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 452.540107][ T7608] netlink: 20 bytes leftover after parsing attributes in process `syz.3.861'. [ 453.846398][ T4305] udevd[4305]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 453.855479][ T7608] device vlan2 entered promiscuous mode [ 453.872781][ T7608] device bond0 entered promiscuous mode [ 453.879097][ T7608] device bond_slave_0 entered promiscuous mode [ 453.886093][ T7608] device bond_slave_1 entered promiscuous mode [ 453.904767][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 454.031011][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 454.045998][ T7318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 454.057516][ T7318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 454.070375][ T7318] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 454.747793][ T7318] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 454.774269][ T7318] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 454.785133][ T7318] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 454.794062][ T7318] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 456.955793][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 457.135434][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 458.007552][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 458.080636][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 458.132306][ T6865] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 458.384666][ T6865] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 458.393653][ T6865] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 458.428176][ T7660] loop3: detected capacity change from 0 to 256 [ 458.432368][ T4370] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 458.481290][ T7660] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 458.537697][ T7660] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 458.559980][ T7660] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 466.629512][ T7722] overlayfs: failed to resolve './file1': -2 [ 468.058429][ T26] kauditd_printk_skb: 9 callbacks suppressed [ 468.058447][ T26] audit: type=1326 audit(1750102852.134:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7725 comm="syz.3.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5911ac0929 code=0x7ffc0000 [ 468.114532][ T4249] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 468.914669][ T26] audit: type=1326 audit(1750102852.134:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7725 comm="syz.3.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5911ac0929 code=0x7ffc0000 [ 469.062444][ T4249] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.258475][ T26] audit: type=1326 audit(1750102852.134:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7725 comm="syz.3.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5911ac0929 code=0x7ffc0000 [ 469.373004][ T26] audit: type=1326 audit(1750102852.164:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7725 comm="syz.3.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5911a5cb19 code=0x7ffc0000 [ 469.398215][ T26] audit: type=1326 audit(1750102852.164:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7725 comm="syz.3.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5911ac0929 code=0x7ffc0000 [ 469.421689][ T26] audit: type=1326 audit(1750102852.174:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7725 comm="syz.3.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5911a5cb19 code=0x7ffc0000 [ 469.444716][ T26] audit: type=1326 audit(1750102852.174:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7725 comm="syz.3.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5911ac0929 code=0x7ffc0000 [ 469.484897][ T26] audit: type=1326 audit(1750102852.184:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7725 comm="syz.3.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5911a5cb19 code=0x7ffc0000 [ 469.549290][ T26] audit: type=1326 audit(1750102852.184:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7725 comm="syz.3.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5911ac0929 code=0x7ffc0000 [ 469.608598][ T4249] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.786448][ T26] audit: type=1326 audit(1750102852.204:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7725 comm="syz.3.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5911a5cb19 code=0x7ffc0000 [ 469.810606][ C1] vkms_vblank_simulate: vblank timer overrun [ 469.950677][ T7740] loop2: detected capacity change from 0 to 40427 [ 470.092304][ T4249] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.109731][ T7740] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x1ffff [ 470.118551][ T7740] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x4 [ 470.135595][ T7740] F2FS-fs (loop2): invalid crc value [ 470.991418][ T7740] F2FS-fs (loop2): Found nat_bits in checkpoint [ 471.035181][ T7740] F2FS-fs (loop2): Start checkpoint disabled! [ 471.208116][ T7740] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 471.299693][ T7745] netlink: 4 bytes leftover after parsing attributes in process `syz.1.895'. [ 471.496785][ T7757] loop4: detected capacity change from 0 to 40427 [ 471.640730][ T7757] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 471.649105][ T7757] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 471.660995][ T7757] F2FS-fs (loop4): invalid crc value [ 471.740630][ T7757] F2FS-fs (loop4): Found nat_bits in checkpoint [ 471.752099][ T7747] lo speed is unknown, defaulting to 1000 [ 472.208183][ T7757] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 472.215636][ T7757] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 472.243365][ T7747] wlan0 speed is unknown, defaulting to 1000 [ 472.339503][ T4249] tipc: Left network mode [ 472.468377][ T7747] lo speed is unknown, defaulting to 1000 [ 473.397775][ T4642] Bluetooth: hci0: command 0x0409 tx timeout [ 473.745104][ T7777] loop3: detected capacity change from 0 to 2048 [ 473.825614][ T7747] chnl_net:caif_netlink_parms(): no params data found [ 473.904220][ T7777] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodioread_nolock,min_batch_time=0x0000000000000000,barrier=0x0000000000000040,nodelalloc,,errors=continue. Quota mode: none. [ 473.925104][ C1] vkms_vblank_simulate: vblank timer overrun [ 474.264385][ T7747] bridge0: port 1(bridge_slave_0) entered blocking state [ 474.315008][ T7747] bridge0: port 1(bridge_slave_0) entered disabled state [ 474.325425][ T7747] device bridge_slave_0 entered promiscuous mode [ 474.357088][ T7747] bridge0: port 2(bridge_slave_1) entered blocking state [ 474.371218][ T7747] bridge0: port 2(bridge_slave_1) entered disabled state [ 474.450321][ T7747] device bridge_slave_1 entered promiscuous mode [ 476.289754][ T4232] Bluetooth: hci0: command 0x041b tx timeout [ 476.367138][ T7799] loop1: detected capacity change from 0 to 8192 [ 476.406520][ T7799] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 476.432814][ T7799] REISERFS (device loop1): using ordered data mode [ 476.439500][ T7799] reiserfs: using flush barriers [ 476.704303][ T7815] loop3: detected capacity change from 0 to 512 [ 476.740083][ T7799] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 476.887238][ T7815] EXT4-fs (loop3): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000000,mb_optimize_scan=0x0000000000000001,stripe=0x0000000000000009,,errors=continue. Quota mode: writeback. [ 476.909706][ T7815] ext4 filesystem being mounted at /170/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 476.968889][ T7747] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 477.879006][ T7799] REISERFS (device loop1): checking transaction log (loop1) [ 478.832916][ T4642] Bluetooth: hci0: command 0x040f tx timeout [ 478.907540][ T7747] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 478.925662][ T7799] REISERFS (device loop1): Using r5 hash to sort names [ 479.033048][ T7799] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 479.594428][ T7747] team0: Port device team_slave_0 added [ 479.613852][ T7747] team0: Port device team_slave_1 added [ 479.709901][ T7833] kernel profiling enabled (shift: 7) [ 479.804414][ T7837] loop4: detected capacity change from 0 to 4096 [ 479.852539][ T7837] __ntfs_error: 57 callbacks suppressed [ 479.852555][ T7837] ntfs: (device loop4): parse_options(): Unrecognized mount option diqable_sparse. [ 479.860799][ T7747] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 479.931213][ T7844] loop2: detected capacity change from 0 to 4096 [ 479.951201][ T7747] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 479.982538][ T7841] loop3: detected capacity change from 0 to 1024 [ 480.003684][ T7844] ntfs3: loop2: Different NTFS' sector size (1024) and media sector size (512) [ 480.018755][ T7837] ntfs: (device loop4): parse_options(): NLS character set maccentHuro not found. Using previous one cp857. [ 480.019197][ T7747] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 480.052411][ T7747] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 480.059797][ T7747] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 480.108444][ T7747] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 480.279026][ T7841] EXT4-fs warning (device loop3): ext4_enable_quotas:6456: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 481.171867][ T4642] Bluetooth: hci0: command 0x0419 tx timeout [ 481.267197][ T7841] EXT4-fs (loop3): mount failed [ 482.526759][ T7865] loop1: detected capacity change from 0 to 512 [ 483.711133][ T7865] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 483.779720][ T7865] EXT4-fs (loop1): Ignoring removed bh option [ 483.786888][ T7865] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 483.844542][ T7747] device hsr_slave_0 entered promiscuous mode [ 483.862383][ T7865] EXT4-fs (loop1): 1 truncate cleaned up [ 483.879812][ T7747] device hsr_slave_1 entered promiscuous mode [ 483.889554][ T7865] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000002,mblk_io_submit,bh,auto_da_alloc,barrier,quota,nogrpid,,errors=continue. Quota mode: writeback. [ 483.911385][ T7747] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 483.920608][ T7747] Cannot create hsr debugfs directory [ 483.923001][ T7881] io-wq is not configured for unbound workers [ 484.184338][ T4249] device hsr_slave_0 left promiscuous mode [ 484.281394][ T4249] device hsr_slave_1 left promiscuous mode [ 484.294988][ T4249] device veth1_macvtap left promiscuous mode [ 484.304594][ T4249] device veth0_macvtap left promiscuous mode [ 484.311580][ T4249] device veth1_vlan left promiscuous mode [ 484.325909][ T4249] device veth0_vlan left promiscuous mode [ 485.113596][ T7889] ksmbd: Unknown IPC event: 6, ignore. [ 486.898486][ T7902] loop3: detected capacity change from 0 to 40427 [ 487.252736][ T7902] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 487.260961][ T7902] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 487.302183][ T7902] F2FS-fs (loop3): invalid crc value [ 487.722720][ T7902] F2FS-fs (loop3): Found nat_bits in checkpoint [ 487.822137][ T7902] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 487.829725][ T7902] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 497.011060][ T4249] team0 (unregistering): Port device team_slave_1 removed [ 497.027912][ T4249] team0 (unregistering): Port device team_slave_0 removed [ 497.053117][ T4249] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 497.086729][ T4249] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 497.283410][ T4249] bond0 (unregistering): Released all slaves [ 497.506010][ T7970] loop4: detected capacity change from 0 to 40427 [ 498.251799][ T7970] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 498.260745][ T7970] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 498.284745][ T7970] F2FS-fs (loop4): invalid crc value [ 498.324365][ T7970] F2FS-fs (loop4): Found nat_bits in checkpoint [ 498.441391][ T7970] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 498.449364][ T7970] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 498.683592][ T7981] netlink: 20 bytes leftover after parsing attributes in process `syz.2.954'. [ 499.354037][ T7981] device vlan3 entered promiscuous mode [ 499.395456][ T7981] device bond0 entered promiscuous mode [ 499.416035][ T7981] device bond_slave_0 entered promiscuous mode [ 499.423130][ T7981] device bond_slave_1 entered promiscuous mode [ 499.430227][ T7981] device dummy0 entered promiscuous mode [ 501.642582][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.649281][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.893997][ T5129] device syz_tun left promiscuous mode [ 503.274572][ T5129] bridge0: port 3(syz_tun) entered disabled state [ 503.411637][ T7747] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 503.691517][ T7747] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 504.048681][ C0] ------------[ cut here ]------------ [ 504.055605][ C0] refcount_t: addition on 0; use-after-free. [ 504.062607][ C0] WARNING: CPU: 0 PID: 0 at lib/refcount.c:25 refcount_warn_saturate+0xff/0x1a0 [ 504.072454][ C0] Modules linked in: [ 504.076596][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.15.185-syzkaller #0 [ 504.084724][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 504.095564][ C0] RIP: 0010:refcount_warn_saturate+0xff/0x1a0 [ 504.102169][ C0] Code: 09 01 48 c7 c7 40 6b 59 8a e8 dd 27 bb 05 0f 0b eb e0 e8 04 42 9c fd c6 05 ae 8f 79 09 01 48 c7 c7 80 6a 59 8a e8 c1 27 bb 05 <0f> 0b eb c4 e8 e8 41 9c fd c6 05 93 8f 79 09 01 48 c7 c7 e0 6a 59 [ 504.122852][ C0] RSP: 0018:ffffc90000007848 EFLAGS: 00010246 [ 504.129443][ C0] RAX: d9a143cc39a94200 RBX: 0000000000000002 RCX: ffffffff8bebc3c0 [ 504.137453][ C0] RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000 [ 504.145687][ C0] RBP: ffffc900000079b0 R08: dffffc0000000000 R09: fffff52000000e6d [ 504.154288][ C0] R10: fffff52000000e6d R11: 1ffff92000000e6c R12: ffff888079788000 [ 504.162871][ C0] R13: dffffc0000000000 R14: 0000000000000002 R15: 0000000000000000 [ 504.171174][ C0] FS: 0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 [ 504.181498][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 504.188890][ C0] CR2: 00007f9a0f186eb0 CR3: 000000005d305000 CR4: 00000000003506f0 [ 504.197370][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 504.206310][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 504.214787][ C0] Call Trace: [ 504.218193][ C0] [ 504.221453][ C0] tipc_crypto_xmit+0x1949/0x2560 [ 504.227031][ C0] ? tipc_crypto_do_cmd+0xd60/0xd60 [ 504.232401][ C0] tipc_bearer_xmit_skb+0x228/0x3c0 [ 504.238435][ C0] ? tipc_bearer_min_mtu+0x190/0x190 [ 504.244449][ C0] tipc_disc_timeout+0x568/0x6b0 [ 504.249460][ C0] ? tipc_disc_create+0x920/0x920 [ 504.255000][ C0] ? tipc_disc_create+0x920/0x920 [ 504.260631][ C0] call_timer_fn+0x16c/0x530 [ 504.266129][ C0] ? tipc_disc_create+0x920/0x920 [ 504.272048][ C0] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 504.279100][ C0] ? __run_timers+0x7c0/0x7c0 [ 504.284701][ C0] ? rcu_is_watching+0x11/0xa0 [ 504.289923][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 504.295963][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 504.302044][ C0] ? tipc_disc_create+0x920/0x920 [ 504.307921][ C0] __run_timers+0x525/0x7c0 [ 504.313085][ C0] ? detach_timer+0x2b0/0x2b0 [ 504.318372][ C0] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 504.325124][ C0] ? sched_clock_cpu+0x15/0x3c0 [ 504.330488][ C0] ? ktime_get_real_ts64+0x420/0x420 [ 504.337246][ C0] run_timer_softirq+0x63/0xf0 [ 504.342419][ C0] handle_softirqs+0x328/0x820 [ 504.347239][ C0] ? __irq_exit_rcu+0x12f/0x220 [ 504.352539][ C0] ? do_softirq+0x200/0x200 [ 504.357232][ C0] ? irqtime_account_irq+0xb2/0x1b0 [ 504.362697][ C0] __irq_exit_rcu+0x12f/0x220 [ 504.367709][ C0] ? irq_exit_rcu+0x20/0x20 [ 504.372841][ C0] irq_exit_rcu+0x5/0x20 [ 504.377522][ C0] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 504.383498][ C0] [ 504.386811][ C0] [ 504.389940][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 504.396240][ C0] RIP: 0010:default_idle+0xb/0x10 [ 504.402744][ C0] Code: bf 48 89 df e8 26 8c 12 f8 eb b5 e8 3f be f6 ff 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 00 cc 66 90 0f 00 2d 97 13 5b 00 fb f4 0f 1f 40 00 41 57 41 56 53 49 be 00 00 00 00 00 fc ff df 65 48 [ 504.424045][ C0] vkms_vblank_simulate: vblank timer overrun [ 504.430613][ C0] RSP: 0018:ffffffff8be07dc8 EFLAGS: 000002c6 [ 504.437243][ C0] RAX: d9a143cc39a94200 RBX: ffffffff8bebc3c0 RCX: d9a143cc39a94200 [ 504.446078][ C0] RDX: 0000000000000001 RSI: ffffffff8a0b11c0 RDI: ffffffff8a59a740 [ 504.454576][ C0] RBP: ffffffff8be07ef8 R08: dffffc0000000000 R09: ffffed101720765a [ 504.462908][ C0] R10: ffffed101720765a R11: 1ffff11017207659 R12: ffffffff8d68abe8 [ 504.471591][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff17d7878 [ 504.480106][ C0] default_idle_call+0x81/0xc0 [ 504.485202][ C0] do_idle+0x21b/0x5b0 [ 504.489529][ C0] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 504.495495][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 504.500861][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 504.506530][ C0] ? do_idle+0x8/0x5b0 [ 504.510790][ C0] cpu_startup_entry+0x14/0x20 [ 504.515592][ C0] ? time_init+0x40/0x40 [ 504.519904][ C0] start_kernel+0x486/0x530 [ 504.524702][ C0] secondary_startup_64_no_verify+0xb1/0xbb [ 504.530904][ C0] [ 504.534186][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 504.541579][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.15.185-syzkaller #0 [ 504.549940][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 504.560609][ C0] Call Trace: [ 504.564001][ C0] [ 504.567270][ C0] dump_stack_lvl+0x168/0x230 [ 504.572418][ C0] ? show_regs_print_info+0x20/0x20 [ 504.578040][ C0] ? load_image+0x3b0/0x3b0 [ 504.583046][ C0] panic+0x2c9/0x7f0 [ 504.587162][ C0] ? bpf_jit_dump+0xd0/0xd0 [ 504.591974][ C0] ? secondary_startup_64_no_verify+0xb1/0xbb [ 504.598524][ C0] ? refcount_warn_saturate+0xff/0x1a0 [ 504.604509][ C0] __warn+0x248/0x2b0 [ 504.608529][ C0] ? refcount_warn_saturate+0xff/0x1a0 [ 504.614484][ C0] report_bug+0x1b7/0x2e0 [ 504.619296][ C0] handle_bug+0x3a/0x70 [ 504.623668][ C0] exc_invalid_op+0x16/0x40 [ 504.628316][ C0] asm_exc_invalid_op+0x16/0x20 [ 504.633289][ C0] RIP: 0010:refcount_warn_saturate+0xff/0x1a0 [ 504.639760][ C0] Code: 09 01 48 c7 c7 40 6b 59 8a e8 dd 27 bb 05 0f 0b eb e0 e8 04 42 9c fd c6 05 ae 8f 79 09 01 48 c7 c7 80 6a 59 8a e8 c1 27 bb 05 <0f> 0b eb c4 e8 e8 41 9c fd c6 05 93 8f 79 09 01 48 c7 c7 e0 6a 59 [ 504.660451][ C0] RSP: 0018:ffffc90000007848 EFLAGS: 00010246 [ 504.666907][ C0] RAX: d9a143cc39a94200 RBX: 0000000000000002 RCX: ffffffff8bebc3c0 [ 504.675264][ C0] RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000 [ 504.684043][ C0] RBP: ffffc900000079b0 R08: dffffc0000000000 R09: fffff52000000e6d [ 504.692138][ C0] R10: fffff52000000e6d R11: 1ffff92000000e6c R12: ffff888079788000 [ 504.700841][ C0] R13: dffffc0000000000 R14: 0000000000000002 R15: 0000000000000000 [ 504.721658][ C0] ? refcount_warn_saturate+0xff/0x1a0 [ 504.727613][ C0] tipc_crypto_xmit+0x1949/0x2560 [ 504.732875][ C0] ? tipc_crypto_do_cmd+0xd60/0xd60 [ 504.738270][ C0] tipc_bearer_xmit_skb+0x228/0x3c0 [ 504.743691][ C0] ? tipc_bearer_min_mtu+0x190/0x190 [ 504.749112][ C0] tipc_disc_timeout+0x568/0x6b0 [ 504.754187][ C0] ? tipc_disc_create+0x920/0x920 [ 504.759351][ C0] ? tipc_disc_create+0x920/0x920 [ 504.764746][ C0] call_timer_fn+0x16c/0x530 [ 504.769745][ C0] ? tipc_disc_create+0x920/0x920 [ 504.775243][ C0] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 504.781401][ C0] ? __run_timers+0x7c0/0x7c0 [ 504.786310][ C0] ? rcu_is_watching+0x11/0xa0 [ 504.791465][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 504.797308][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 504.802548][ C0] ? tipc_disc_create+0x920/0x920 [ 504.807692][ C0] __run_timers+0x525/0x7c0 [ 504.812503][ C0] ? detach_timer+0x2b0/0x2b0 [ 504.817298][ C0] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 504.823578][ C0] ? sched_clock_cpu+0x15/0x3c0 [ 504.829168][ C0] ? ktime_get_real_ts64+0x420/0x420 [ 504.835034][ C0] run_timer_softirq+0x63/0xf0 [ 504.840007][ C0] handle_softirqs+0x328/0x820 [ 504.844982][ C0] ? __irq_exit_rcu+0x12f/0x220 [ 504.850138][ C0] ? do_softirq+0x200/0x200 [ 504.855148][ C0] ? irqtime_account_irq+0xb2/0x1b0 [ 504.860474][ C0] __irq_exit_rcu+0x12f/0x220 [ 504.865830][ C0] ? irq_exit_rcu+0x20/0x20 [ 504.870834][ C0] irq_exit_rcu+0x5/0x20 [ 504.875462][ C0] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 504.881389][ C0] [ 504.884431][ C0] [ 504.887669][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 504.893933][ C0] RIP: 0010:default_idle+0xb/0x10 [ 504.899174][ C0] Code: bf 48 89 df e8 26 8c 12 f8 eb b5 e8 3f be f6 ff 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 00 cc 66 90 0f 00 2d 97 13 5b 00 fb f4 0f 1f 40 00 41 57 41 56 53 49 be 00 00 00 00 00 fc ff df 65 48 [ 504.919804][ C0] RSP: 0018:ffffffff8be07dc8 EFLAGS: 000002c6 [ 504.926234][ C0] RAX: d9a143cc39a94200 RBX: ffffffff8bebc3c0 RCX: d9a143cc39a94200 [ 504.934990][ C0] RDX: 0000000000000001 RSI: ffffffff8a0b11c0 RDI: ffffffff8a59a740 [ 504.943269][ C0] RBP: ffffffff8be07ef8 R08: dffffc0000000000 R09: ffffed101720765a [ 504.951382][ C0] R10: ffffed101720765a R11: 1ffff11017207659 R12: ffffffff8d68abe8 [ 504.960106][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff17d7878 [ 504.968336][ C0] default_idle_call+0x81/0xc0 [ 504.973529][ C0] do_idle+0x21b/0x5b0 [ 504.977819][ C0] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 504.983616][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 504.989513][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 504.994936][ C0] ? do_idle+0x8/0x5b0 [ 504.999402][ C0] cpu_startup_entry+0x14/0x20 [ 505.004560][ C0] ? time_init+0x40/0x40 [ 505.009000][ C0] start_kernel+0x486/0x530 [ 505.013802][ C0] secondary_startup_64_no_verify+0xb1/0xbb [ 505.020333][ C0] [ 505.023677][ C0] Kernel Offset: disabled [ 505.028587][ C0] Rebooting in 86400 seconds..