last executing test programs: 7m45.815209555s ago: executing program 0 (id=892): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x872bc000) r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0xc) fchdir(r2) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r3, &(0x7f0000001f80)=""/4102, 0x1006) 7m45.609257246s ago: executing program 0 (id=893): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000001840)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="c6", 0x1}], 0x1, 0x0, 0x0, 0x20048054}}], 0x1, 0x8800) sendto$inet(r1, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000100)={0x3}, 0x10) sendto$inet(r1, &(0x7f0000000300)="b3", 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0x1}, 0x8) sendto$inet6(r1, &(0x7f0000000380)=')', 0x1, 0x11, 0x0, 0x0) close(r1) 7m45.418027125s ago: executing program 0 (id=894): openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x800, &(0x7f00000006c0)=ANY=[@ANYBLOB="73686f72746e616d653d77696e39352c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c6e66732c73686f72746e616d653d77696e6e742c726f6469722c696f636861727365743d6b6f69382d72752c73686f72746e616d653d6d697865642c757466383d302c756e695f786c6174653d312c756e695f786c6174653d312c006a4fcfcc9fc5ea902e1a6384d405e843e1dfa18259eaaba553a63617a0f84f2e66f4a8121e2cea67640f61a98cef24cdbc0121ddb0212c7365c895e70775f8c82357782f45acff678373e50747f0dbd34a6c51a45f248402fd4340c0024ca0ee5de3af9233d9e31dd6f105e2696137379613fb63ef2a91ccf785af00684cfa440b01bda2cbcd1b326a0ee91991ebfbd00ec2a75ac8d59d1e7793dfb73a16dd3b166bc6a158528f"], 0x1, 0x26c, &(0x7f0000000840)="$eJzs3U9rU1kYB+A3bTpJC0OyGCgzDMwdZjOr0HaYfcrQgWECipKFriw2RWlqoYWCLtruit9Bv4Iu3QouxK1fQASpghvrqgshEm//JDWJjZpG7PNs+nLu++Ock17upYueXPl1eWlhZW1xd3cn8vlMZMtRjr1MFGMkRiO1FQDA92Sv0Yg3jdSw1wIAnA7vfwA4e3q9/zNbh2PnT39lAMCgfNHf/yMDWRIAMGAXL13+f7ZSmbuQJPmI5e316no1/Zlen12M61GPWkxFId5FNA6l9b//VeamkqaXxcgvb46k+c316mh7fjoKUeycn05SUW3mDvJjMbGffzYRtZiJQvzUOT/TMf9D/PlHy/ylKMTTq7ES9ViIZjbN5yJiYzpJ/jlXOZbPfegDAAAAAAAAAAAAAAAAAAAAAIBBKCWHiu3n36Tn95RK3a6n+dbzgcZ7nQ/U2Dx2vk42fskOd+8AAAAAAAAAAAAAAAAAAADwrVi7eWtpvl6vrfYqbjy592gnlwY+2dy7yOzP219qu2fP+Ml2caz48fcXdzpdykWu38/n84qxiGgdSfanfPjbACf9WsXjnWs//7U2+Xe3nsi2jtxubrWtp8uNlB3UB/66ENG1J9/3Ddla3D8oym8/6jm4lWqr48P+xU3eLc8/2Hj+6qSpHg+NxuggHkUAAAAAAAAAAAAAAAAAAHDmHf3T77BXAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDc/T9//0WuWgbyXdt3hr2HgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4H0AAAD//7qXlSU=") syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x840013, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) r0 = open(&(0x7f0000000040)='.\x00', 0x20000, 0x0) madvise(&(0x7f0000000000/0x4000)=nil, 0x0, 0x4) getdents64(r0, &(0x7f0000000fc0)=""/224, 0xe0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x141b82, 0xa9) 7m45.158545398s ago: executing program 0 (id=895): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000001100)='./file0\x00', 0x3000490, &(0x7f0000000280)={[{@lazytime}, {@usrjquota}, {@errors_remount}, {@bsdgroups}, {@auto_da_alloc}, {@jqfmt_vfsv1}, {@nouid32}, {@journal_dev={'journal_dev', 0x3d, 0x3}}, {@debug}, {}]}, 0x45, 0x7b1, &(0x7f00000004c0)="$eJzs3c9rHNcdAPDvrFY/7VYqFFr3JCi0BuNV5ap2C4Wq9FAKNRjaUw+1xWotHK20RrsylhCJTQjkEkhCbsnF5/y8hFzz45BL8n8EGyeRTRxyCAqzP6SVtCvvOtKuHX8+MNZ7M2/2ve+82TfPmtFuAE+tyfSfTMSJiHg5iRivr08iYrCaykbM1so92NzIp0sSW1v/+Sqplrm/uZGPpn1Sx+qZX0fExy9EnMrsr7e8tr44VywWVur5qcrS1any2vrpK0tzC4WFwvLZ6ZmZM+f+dO7s4cX6zefrx++88s/fvzP73fO/evelT5KYjeP1bc1xHJbJmKwfk8H0EO7yj8OurG/ef7aDQk1nQPYoG0OX0o4ZqPfKiRiPgYP6Z7SXLQMAjspzEbHVzkDbLQDAEy2pXf//1u92AAC90vg9wP3NjXxj6e9vJHrr7t8jYqQWf+P+Zm1Ltn7PbqR6H3TsfrLrzkgSEROHUP9kRLzxwf/fSpc4ovuQAK3cuBkRlyYm94//yb5nFrr1h9arF5ozk3s2Gv+gdz5M5z9/bjX/y2zPf6LF/Ge4xXv3UTz8/Z+5fQjVtJXO//7a9Gzbg6b46yYG6rmfVed8g8nlK8VCOrb9PCJOxuBwmp8+oI6T976/125b8/zv61efeTOtP/25UyJzOzu8e5/5ucrcj4m52d2bEb/Jtoo/Hf+Hq/2ftJn/Xuiwjn/95cXX221L40/jbSz74z9aW7ciftey/5PtMsmBzydOVU+HqcZJ0cJ7szHWrv7J7E7/p0taf+P/Ar2Q9v/YwfFPJM3Pa5Y7funtp8U+uzX+UbtCzed/6/hbn/9DyX+r6aH6uutzlcrKdMRQ8u/968/s7NvIN8qn8Z/8bev3f2P8a3H+/y99/UsdHojsnS/ffvT4j1Ya/3xX/d91IkYeLA60q7+z/p/ZtU8n41+nDXzU4wYAAAAAAAAAAAAAAAAAAAAAAAAA3chExPFIMrntdCaTy9W+w/uXMZYplsqVU5dLq8vzUf2u7IkYzDQ+6nK86fNQp+ufh9/In9mT/2NE/CIiXhsereZz+VJxvt/BAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDdsTbf/5/6YnhP4YF+tBAAOBIjLuwA8LRJstl+NwEA6LWRrkqPHlk7AIDe6e76DwD8FLj+A8DT5yHX/71/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdunD+fLpsfbu5kU/z89fWVhdL107PF8qLuaXVfC5fWrmaWyiVFoqFXL601PaFbtR+FEulqzOxvHp9qlIoV6bKa+sXl0qry5WLV5bmFgoXC4M9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOldeW1+cKxYLKxJ9SSx+WuuHx6U9Et0l4kat/x6X9hxeIoZ2RonR/gxOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+AHwIAAP//4VQjgA==") r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000002140)={0x2020, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(r0, &(0x7f0000004180)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9464a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d80762ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0xffffffffffffffff, {0xffffffffffffffff, 0x2, 0x101, 0x0, 0x0, 0x10000000, {0x40, 0xd08, 0x0, 0x100, 0x0, 0x0, 0x7, 0x0, 0x122, 0x6000, 0x10000, 0x0, 0x0, 0x902}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_INIT(r0, &(0x7f0000000440)={0x50, 0x0, r1, {0x7, 0x29, 0x0, 0x0, 0x0, 0x2, 0xfffffffd, 0x2, 0x0, 0x0, 0x0, 0x1}}, 0x50) openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x3) gettid() timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x3) ioctl$TIOCGPTPEER(r2, 0x40480923, 0x200000000005) 7m44.042853055s ago: executing program 0 (id=900): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mount(0x0, &(0x7f0000000800)='.\x00', &(0x7f0000000000)='cifs\x00', 0x0, &(0x7f00000006c0)='=\n\x9b\xa1Q\a\x00\n@\xf6\"2a\xd7\x1fch\x1a}#\x1f\xff\xff\xffIT\xe4\x8c&\xac\xe6:\xc5\xe8\xd9\"\x82\xd5\xeb\x90\xef1:\xba\xc3\xc3\xd3\xad\'\xc44\x17,,\x8dZz\x04\x17-#F\xc7<\xe6\xf5]%gC\x9e\xca\nR\xc3\xc8\x98\xd8\xc8\x9eZ\xa76\x9f\xc2=\xaa\xcet7\xb9\xbd\xd47\xe3\xc8@$8\v\x9f\xfd\xe1!\x11\x19Y\x06J\x8f\x80\xef9Tw8\x1b\xe2\xf3\x85\xd5}\xa5\xb7\xd5|\xd8ZE\x92\xb4\x18|\x14\xc8\x14\xab\xe3\xd2\xb8\xf9J\x13\xbc\xea\xccp;\xa5\xe8\r=\n\x9e\xfb\x17\"\xc4QJ\xdf\xa9\x02BQ\x11\b\xab\x14\xf7\x16\xde\xc3\x89\xc6d\xdd\x18\x01\xdd\xf3\xe2\xa5\xef\x02\x17T\x94\xb9\xd4v\xb1\xe3\xb7L\xe6>*\x11e\x18\xe7-\b\xe9\x87\x81,N\x1f\x94\xa4\xe5\xd6\xd4m\x92\xccg3jNvd\xd2O|c\xb3\xa0\xf2\xc6\\\x8a\'\xb3\x81S\x9b6\xf5\xb7\x93\v\xb0\aD\xb9\xf7>\xcf?\xea\xfb\xfc\xb9\x9d\xa5\xb5\xbc\xe2\xddUJN\xb2\xb7\x9c\xc3qk\x06\xdb\xd69\x8b\x00'/288) 7m41.58723012s ago: executing program 0 (id=905): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x4}, 0x50) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) r0 = io_uring_setup(0x4a86, &(0x7f0000000240)={0x0, 0x4178, 0x800, 0x8001002, 0x10003d6}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0xffffffff}, 0x10) socket(0x1e, 0x4, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) io_uring_enter(r0, 0x7153, 0x1e4e, 0x0, &(0x7f0000000000)={[0x13b6]}, 0x8) sendmmsg(r1, &(0x7f0000003240), 0x4000000000000e4, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 7m40.724767183s ago: executing program 32 (id=905): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x4}, 0x50) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) r0 = io_uring_setup(0x4a86, &(0x7f0000000240)={0x0, 0x4178, 0x800, 0x8001002, 0x10003d6}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0xffffffff}, 0x10) socket(0x1e, 0x4, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) io_uring_enter(r0, 0x7153, 0x1e4e, 0x0, &(0x7f0000000000)={[0x13b6]}, 0x8) sendmmsg(r1, &(0x7f0000003240), 0x4000000000000e4, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 5m48.990074406s ago: executing program 3 (id=1309): r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_submit(r3, 0xf000, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f00000001c0)='m', 0xfffffdfc}]) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r4 = socket$igmp(0x2, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_int(r4, 0x0, 0x6, 0x0, 0x0) sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x0) syz_clone3(&(0x7f0000000300)={0x4000, 0x0, &(0x7f0000000100), 0x0, {0x2}, &(0x7f00000001c0)=""/158, 0x9e, 0x0, 0x0, 0x0, {r0}}, 0x58) sendto$inet(r4, 0x0, 0x0, 0x804, 0x0, 0x0) 5m46.650400723s ago: executing program 3 (id=1315): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) read$FUSE(r2, &(0x7f0000000880)={0x2020}, 0x2020) 5m42.915065219s ago: executing program 3 (id=1324): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x40000) r0 = socket$kcm(0x2, 0x5, 0x84) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) close(0xffffffffffffffff) setsockopt$sock_attach_bpf(r0, 0x84, 0x6e, &(0x7f0000000000), 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x11, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1802000001000000000000000000000085"], 0x0, 0x3, 0x7, 0x0, 0x41000, 0x7c}, 0x94) r1 = socket$kcm(0x2, 0x5, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r3) recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r1, 0x84, 0xd, &(0x7f0000000000)=r4, 0x8) 5m42.649307923s ago: executing program 3 (id=1326): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mount(&(0x7f0000000040)=@filename='\x00', &(0x7f00000000c0)='.\x00', &(0x7f0000000040)='ubifs\x00', 0x0, 0x0) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) 5m40.238815653s ago: executing program 3 (id=1332): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000600)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 5m39.555600057s ago: executing program 3 (id=1334): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@updpolicy={0xc0, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x2}}, [@XFRMA_IF_ID={0x8, 0x1f, 0x2}]}, 0xc0}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@newspdinfo={0x1c, 0x24, 0x21, 0x0, 0x0, 0x0, [@XFRMA_SPD_IPV6_HTHRESH={0x6}]}, 0x1c}}, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x2}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xb, 0xf, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1550, 0x0, 0x0, 0x0, 0x9}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x4, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x62}, 0x94) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) unshare(0x62040200) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_xfrm(r2, &(0x7f00000000c0)={0x0, 0xa00, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="9402000021000100fcffffff00000000ac1414aae5fffff8b49ed9825133a900fc0100000000000000070000000000000000add500200000000000801aeaaec1", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000700004e6706362632874776f666973682900000000000000000000000480000000000000000000000000000000000000000000000000000000000000000000000000000040010000dc06216ef2c68e9f6da05d886dbc3273ef99796b36698e2bd5179c3eea5474fc78c9720bfc4f90a708001f0001000000cc0111"], 0x294}}, 0x0) 5m24.482335118s ago: executing program 33 (id=1334): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@updpolicy={0xc0, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x2}}, [@XFRMA_IF_ID={0x8, 0x1f, 0x2}]}, 0xc0}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@newspdinfo={0x1c, 0x24, 0x21, 0x0, 0x0, 0x0, [@XFRMA_SPD_IPV6_HTHRESH={0x6}]}, 0x1c}}, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x2}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xb, 0xf, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1550, 0x0, 0x0, 0x0, 0x9}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x4, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x62}, 0x94) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) unshare(0x62040200) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_xfrm(r2, &(0x7f00000000c0)={0x0, 0xa00, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="9402000021000100fcffffff00000000ac1414aae5fffff8b49ed9825133a900fc0100000000000000070000000000000000add500200000000000801aeaaec1", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000700004e6706362632874776f666973682900000000000000000000000480000000000000000000000000000000000000000000000000000000000000000000000000000040010000dc06216ef2c68e9f6da05d886dbc3273ef99796b36698e2bd5179c3eea5474fc78c9720bfc4f90a708001f0001000000cc0111"], 0x294}}, 0x0) 5m10.128811684s ago: executing program 1 (id=1408): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x101801, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r3, @ANYBLOB="00001000252155b21c0012000c000100626f6e64"], 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001cc0)=ANY=[@ANYBLOB="3c0000001000030500000000fcffffff00000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001400128009000100626f6e64000000000400028008000a00", @ANYRES32=r3], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x23, &(0x7f0000000140)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646, 0x800}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ALL_SLAVES_ACTIVE={0x5, 0x11, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40e95}, 0x20048040) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=ANY=[@ANYBLOB="5c00000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800b0001006772657461700000240002800800070064010100060003001008000008001500700f0d0008000700ac1414bb08000a00", @ANYRES32=r3], 0x5c}}, 0x40) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r3], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0) 5m8.571452132s ago: executing program 1 (id=1411): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) keyctl$set_reqkey_keyring(0xe, 0x5) request_key(&(0x7f0000000040)='id_resolver\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='y\xa9n::e\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00', 0x0) 5m7.245549858s ago: executing program 1 (id=1413): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$nl_route(0x10, 0x3, 0x0) signalfd(r0, &(0x7f0000000040)={[0xff]}, 0x8) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000340)={'netdevsim0\x00', &(0x7f0000000700)=@ethtool_flash={0x33, 0xea6, '.\x00'}}) socket$rxrpc(0x21, 0x2, 0x2) r3 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000000c0)="1400000035000b0bc8d643234724d3f90324fc60", 0x14}], 0x1}, 0x0) 5m6.243121878s ago: executing program 1 (id=1416): unshare(0x22060600) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000071183b000000000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @cgroup_sock=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) r1 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8) r2 = gettid() timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r2}, &(0x7f0000000080)) read$FUSE(r1, &(0x7f00000008c0)={0x2020}, 0xfffffef0) timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x9a974000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) madvise(&(0x7f00001c1000/0x3000)=nil, 0x40000, 0x9) 5m0.245228757s ago: executing program 1 (id=1426): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) r2 = syz_open_procfs(0x0, 0x0) renameat2(r2, 0x0, r2, 0x0, 0x0) setns(r1, 0x24020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xa, 0x0, 0x100000}, 0x20) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r3 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = syz_pidfd_open(r3, 0x0) setns(r4, 0x24020000) mount(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x284d026, 0x0) 4m59.619005258s ago: executing program 1 (id=1430): r0 = socket(0x2a, 0x2, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2}, 0x10) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, 0x0, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x1, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=@newtfilter={0x58, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r2, {0xe}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_basic={{0xa}, {0x8, 0x2, [@TCA_BASIC_POLICE={0x4}]}}, @filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_UDP_SRC_PORT={0x6}, @TCA_FLOWER_KEY_ENC_IPV4_DST={0x8, 0x1d, @multicast2}]}}]}, 0x58}}, 0x4000) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) 4m59.19630881s ago: executing program 34 (id=1430): r0 = socket(0x2a, 0x2, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2}, 0x10) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, 0x0, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x1, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=@newtfilter={0x58, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r2, {0xe}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_basic={{0xa}, {0x8, 0x2, [@TCA_BASIC_POLICE={0x4}]}}, @filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_UDP_SRC_PORT={0x6}, @TCA_FLOWER_KEY_ENC_IPV4_DST={0x8, 0x1d, @multicast2}]}}]}, 0x58}}, 0x4000) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) 4m15.407476213s ago: executing program 5 (id=1525): syz_emit_ethernet(0x36, 0x0, 0x0) syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[], 0x0) syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f00"], 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) write$cgroup_devices(0xffffffffffffffff, 0x0, 0xf) r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, 0x0) openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0) sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000200)={&(0x7f0000000080)={0xcc, 0x0, 0x4, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x5e}, @void, @void}}, [@NL80211_ATTR_VENDOR_DATA={0x4}, @NL80211_ATTR_VENDOR_DATA={0xa9, 0xc5, "a40818f8049f9d817425ca6b90d0e9667ac79daa91b50ec1ae5596485281859dae6cca5277775f6a769eba52ae0515b5e7d738c519b33ba478db52af8a8b494714e95e75d7f5b63a2d9d74c638452fca5512335aecbd8a1116f3a90edfc5c99fdc64319fd76315c48e377c20e998d2bede40ec9b67da86dc41feca0c1dbc6f10250e7b26718d05bc4c8214e232e0c942478765e576fb8f0aa4a162ec7de0d635270dd8dc6d"}]}, 0xcc}, 0x1, 0x0, 0x0, 0x4}, 0x20040010) mount$tmpfs(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000080), 0x140010, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24) clock_getres(0x3, 0x0) 4m13.793718284s ago: executing program 5 (id=1527): prlimit64(0x0, 0xe, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000000300)=""/102392, 0x18ff8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="f8000000190001000000000000000000e0000002000000000000000000000000fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000007000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000001"], 0xf8}}, 0x0) connect$inet(r1, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r1, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c) 4m10.604939923s ago: executing program 5 (id=1531): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x14, r1, 0x301, 0x70bd2a, 0x25dfdbfd, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x40014}, 0x0) 4m9.023962301s ago: executing program 5 (id=1534): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x0, 0x31237648, 0x6, 0x2, 0x80}]}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8000040000000001, 0xffffffffffffffff}) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 4m8.098929797s ago: executing program 5 (id=1536): r0 = io_uring_setup(0x650b, &(0x7f0000000180)={0x0, 0x2c3f, 0x0, 0x21, 0xab}) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r1) r2 = socket(0x28, 0x5, 0x0) r3 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r3, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r3, 0x4) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20) recvfrom$inet_nvme(r2, 0x0, 0x0, 0x40000002, 0x0, 0x0) accept$inet(r2, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 4m7.64396404s ago: executing program 5 (id=1537): socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) socket(0x18, 0x2, 0x1) socket$packet(0x11, 0x2, 0x300) socket$key(0xf, 0x3, 0x2) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) 3m52.489913026s ago: executing program 35 (id=1537): socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) socket(0x18, 0x2, 0x1) socket$packet(0x11, 0x2, 0x300) socket$key(0xf, 0x3, 0x2) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) 3m34.207892958s ago: executing program 6 (id=1589): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000280)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000002380)='./bus\x00', 0x200000, &(0x7f00000023c0)=ANY=[], 0x13, 0x70a, &(0x7f0000000740)="$eJzs3U1sHGcZAOB31uv12kDqtGlSUKRajVQQFokd44K5EBACHypUlQPnVeI0ljdOZW+REyHi8HPn0APiVA65VRxQuUeCM1UlVImTDxwqIfVATz4gLZrZmd21d727jh3bheexZuab+X7nnZ2Z/ZE1AfzfWp6N8pNIYnn29a10fecf/25mWtn1iKhERCmi3FpEsp5X/eLluJEuv5xuzLclB/Xz7urSmx9/tvNJa62cT1n5ZFC9Piq9m7bzKWYiYixf9qge1OIH+7vf097Ng9obWWcP04BdyZcRvz9Sq3BkzR7b7bz3/57NB1U/zHkLnFFJ677ZYzpiKr91TkRxV2y9Efhc2z7tAQAAAMBhTR6+ynO7sRtbce5ZDAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+V+XP/0/yqVSkZyIpnv9fybdFnj6Dhj8I8aOJ1vLJsx8MAAAAAAAAADxzL+/GbmzFuWK9mWS/+b/S9Rv/F+Kd2IyV2IirsRW1aEQjNmI+Iqa7Gqps1RqNjfmsZsSFATWvx4fdNSsR0WhsXD94jDeOe6cBAAAAAAAA4GyrDslfG+/d9stY7vz+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ0ESMdZaZNOFIj0dpXJEVIty2xEfRkTldEd7KEm/jU9OfhwAAABwJNW9q0l1hDrPPYzd2IpzxXozyT7zX8w+L1fjnViPRqxGI+qxErfyz9Dpp/7SzuOF+s7jhbvp1Nvu9z491NCzFqP13UP/nl/KSkzG7VjNtlyNm5FEM1PKW3lp5/FCurzbf1yP0jEl380NGM1YV/pWOrv0QZb+7d5vEcqH2sWnVDowZzrLHW9HZC4fW1rjfBGB/pEYenTKA3uaj1L7m58Lg3vqH/NHfboc7ySn9pXq+83NqdgfietRah+hi4MjEfHVP7//0zv19bU7tzdnz84u9fVwaIl2JL5ZXGY6kbg0ciQmj3vgx2h8xHJz2b6/2F5fjh/GT2I2Pp14IzZiNX4WtWjEykyRX8tfz+l8enCkPprqXntj2EjSc3Kmff3qN6aZ2DOmmIkfZKlavJId03OxGknci4iVeC37ux7z7atB5wi/OMJZXxrhStvlyteyRTtMMeC18cfRmjwuaVzPd8W1+5o7neV1b+lE6fm+USrudb3Xxurwm0r5K3kibeFXA+8PJ21/JOa7IvHCQa+XVkj/0Eznm/X1tY07tbdH7O/VfJmeR785U3eJSjyK56Oa79z5bJ5k59RcdvRfaB/nvfGq5L+4tJT25/3od+16rTP1x3Evbu05U78Vi7EYS1lLF7PS4z13rDTvUrul7ryFLC99p1Vu/7DT/X7rXtRb74cAONumvj5VmfzX5N8m35v89eSdyder35/49sTlSoz/dfw75bmxV0uXkz/Fe/GLzud/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg6W3ef7BWq9dXNvonSv2zksG1avVm8SCxAWX2JJL8UTkjFE427z9oDm1wcGIiH94hav3nsH09jJEKF49RG1h4Ih6s1WaOtMuDE8n2/uNVHX4siqc8jdBF0hPwtPJTj7noubNl/JmE5WiJmeNrsHjBdmWN/ur955dalZtJn+M1FhH9ag25cLSecXWWn+MHDHGtcffta5v3H3xj9W7trZW3VtbHFxeX5pYWX1u4dnu1vjLXmndVOJGH3wInofvtRFslIl4eXtfNHwAAAAAAAAAAAE7HSfwvxGnvIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD5tjwb5SeRxPzc1bl0fefxQj2dinSnZDkiShGR/Dwi+UvEjWhNMd3VXHJQP++uLr358Wc7n3TaKsdYq3wpYvvAeqPZzqeYiUibzZbH1d7N4e1VOsmJPtlJOzJpwK4UgYPT9t8AAAD//ydr7i4=") truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000040)=@framed={{0x18, 0x7, 0x0, 0x0, 0x400000}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00'}, 0x94) 3m33.179369169s ago: executing program 6 (id=1592): fsopen(&(0x7f0000000200)='fusectl\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xad, &(0x7f0000000140)=""/173, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) openat$sequencer2(0xffffff9c, 0x0, 0x1001, 0x0) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x8080) ioctl$SNDRV_TIMER_IOCTL_GINFO(r2, 0xc0f85403, &(0x7f0000000040)={{0x1, 0x0, 0x800, 0x3}, 0x7, 0x1, 'id0\x00', 'timer0\x00'}) 3m31.943056911s ago: executing program 6 (id=1594): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000404000000002e"], 0x0, 0x37}, 0x20) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0xa, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r3, 0x2, 0x1}, 0x48) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000000)={r4, 0x0, 0x0}, 0x20) 3m30.660176464s ago: executing program 6 (id=1596): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) syz_mount_image$f2fs(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x450, &(0x7f0000001080)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000000000000003b814e50a959736d65720f73ecea54b5e5be45ace9a88f723cb005aeff24212c651baef614d442ae89412ad3dcd0b7586d02002a6d6d65cacd4fc5002207ce994dda65c4b1d23a9bd5ba0f4ce5e0b5a5718c6aa918080002223d2753a5cac974110144cd0a1e368652324a41b31e1eb3b32dccbdf8f68bd96a45a75427a5f789d267fd92f6a5540200b81d5b9fa9b40fe4d7fbd50a6afc3a989c6d60045663c59cbdc4c700000000bc7f6b22df0191acf5912afdcc1c061835177068c40f757dd123d2600b1c544f1525aa8d00000000000000000000002e8b5c733d362417c17f527c0bfebec112d57fc69fabb9b31ef97b2147931ff60cdf666c25244218b1f1a6010000000100000020563b835d0e8e9a09070ef1691fcb2f37bda5d4e3d9d7a2d0ac82b45a53001057f321acc45d5e065a461de90100000077d200000000000040b78f0dd3836f5ab2f6a1a5b798bb7752f192c6b46e568973a59cd9c74bd9a14721856c5499cd8f93f8beaa9cf76718ce7244c84268030000000000000208886b313bd01a22d576e414011a4f0a897515329f86d4585fa0ea17068f8af349696da4a2b3e24310ca52ec51bc23b57897cb55a2d513e6a00765ee3f58b471c54dd57f0af584afe4a21f92b515d7f2fa6fbb273ca0f751e684584320534667aea39ad7222c8ef531f514939177a47395e94c1723abb3fd44fd64fde4b45cc2f55f4ae05ff48648a4c998247856bcdcf2fa02010000001f54fb936570450e91c8d55abad76a7b7a000016f81ec9da9ccc1191c211632266d907e4d9b23496ae19bac24dc23c43f514f1b4af19988bbe61ee29a368a999435d6872d01b79c7821e875859dfbf3c57e4f1fb0be46cb5f7a0fa13516c0926d19dd2d5862085e1e4cb8279be17cba17ee4d06ad97b4ca282e73ea142b01b4a742fa11c0927ba811dd60903d575db449d775021b542db617086b3ed42e6e60fe043cff79b0c067c584bbf82657974c3736912b4b522052b9467d0da116ccc1652d861a420f0b00f694c5bef739aaf67d3e9f6160100000001000000ae6335ad9896abd3cc00413638cb9bc62ab8054325d72e9144cf4f88702f586507e3147198e0bc4060a7c8f4dce73b653177ecf8228e6e6fae02510000000000000000000000000000f43739fdd2d24e50e0233acfe1c8639070fe00f40b0d01f8a0a35fcfe3ea10faf9c24b8488ed4ed83fb06a9a7c57442ede9e1fc2853b8f4d2241cff61d0125b7750e3fdae6a4ab9c776a191ed8098a780ea2bbaa64978cd3a6458fcc6b949bcbca0dceb7361f66e46731eba4f3aed335e7c8c541e82453218a19d39489e1525466ac93759787e767f601931d94c9c425179b741a6bc8abf475e4bf859e1ce7f7227069e9f51e25fa3d1b18dc565180a1af464a1dd697db85e2b27b90f6bd7cf1b6bc0bcd8ba552ced3d3cfbf9c9bc04f65b6f83cb40173b4bdc393d47e5da95b63a40ac18daf11e8d0706b47795fbe2b56d0ea7ffc5a59ede88621a08b25ca6ebe041317b62373a60951af33eb7954a9731aaa125add0913ed2435a207439e9122512d77096747a4b404459cebc8faff8f7a31758e630c75a1ff90402754d339dc21cf6b8e04e1aedf14df0b4aaf0e03194df3eb41ba066bc343b323a3162d7e7ba687633c2faa8f28b42364b72e3a457476fd6b2a54e670ba798172c44c4390f73fdab743a4cac88b2bd0545b8483f2e2f9846b138a4d8a7332978da70e9050417087c5ae034a735e8b448dd9701404c669485a2e714ec9bb31ae0f201ca2e5b9ece2b035fbe2ee8d90aa87a986a307fe4fe90b7b2a48217f79001e60692c", @ANYRES64], 0x2, 0x5582, &(0x7f0000004700)="$eJzs3EtvG1UUAOBrO30/iBALdh2pQiRSbdVpUsEuQCseIlXEY8GqOLZjubU9Uew4ISsELBEL/gkCiRUSG34DC9bsEAsQO6SgeaQQ0hYiO3HSfp80PjN3rs/cM7JaHU/kADy1pqM/fiuEy+FcCKEUQrhYCOl+Id9Si1l4PoRwJYRQ/MdWyMcfDJwOIZwPIVxOkofwfT+bk5z68trw6sKvb/3+3Y9npi589e1Pk6samLQXQgjdtWx/s5vFuJXFe/l4bdhOY3d+mMfsRPd+fhxncbO5kmbYrO3Oq6XxRiubH69t9JO42qnVk9hqr6bja73sgv1hazdP+oZ7tfX0uNFcSWO7H6extZ2ta2s7+/dyuz/I8jTyfB+l6cNgsBuz8eZWM6tn7X4a671BPp7ljRvNrSQO85hfLtTjTiNdx8ood/p4e7vd29iKhs31fjvuRQuV6kuV6s1ydT1uNAfN+XKt27g5H820Osm08ot3a93FVhy3Os1KPe7ORjOter1crUYzt5or7VovqlYrNyrXywuz+d616PU770edRjSTxFfbvY3T7U4/Wo3Xo+wds9Fc5cbLs9HVavTu0nK0/M7t20vL79299cGdV5befC2ftG9Z0czc9bm5cvV6ea46e4T1D5oPrz/5f/d/1j8Ypf7P8kUfoP7CaLcHHs8HDODA9vX/Ybz9fyno/4H9Tmz/v7Ozs5PXMLb+P2mpHtv/nx3lVh9rB+p/i4/ofw/Q/4/U/x7X/v8E1w8j0f8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADy1fj719RvpznR2fCEfv5QPPZsfF0IIxRDCzkOUwuk9OUt5nlOPmH/qX2v4oRDSDMk1zuTb+RDCYr79+cxh3wUAAAB4cn3z8ZUvsm49e5me9II4StnXMMWLH44pXyHJOf3LmLIVk5fnxpQs/XxPha0xZUvv3NkxJcu+cpsKIXxyZlwp/0tpN3x66e/BtKBCFopHtRIAAODolPaEqYmuBQAAgMP0+aQXwGQUwoOHwLt/wJ8/gMwfbZ7bcw4AAAA4gQqTXgAAAABw6NL+3+//AQAAwJMt+/0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+Yud+btQGojgAPxsM5J+CotzTSm5QRkrIMUeggDRBCaSFNEAN5JZ7LhGssEdI3gVptYzXAn2fZJux0W9mgMsbCwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB06U+1mf9afPkZi+ty9ofr5JoPAAAA8NSu2szrF9Om/S6d/5BOfUrtIiLKiDhXuw9i1MocpJzqwvurR2P4HVEnHPsYp+1tRHxN2/+PXX8KAAAAcL+2q/Wsqdab3bTvAfGamkWb8v23THlFRFTTv5nSyuPuc6aw+vc9jB+Z0uoFrEmmsGbJbXj+2ihXJ22D1iHNZLKsv8S6VXbTLwAA0Kd2JXChCgEAAOAOfO97APSjOO1O9xnHzSHdEHzTagEAAAA3qOh7AAAAAEDn6vr/Fp7/98/fEgAAAODFmuf/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KVdtZlvV+vZpevLZ+bsD9fJNyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAf25x4FQBiMAein+LtJ739TByWiY1en96AQEkopAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQM/wnhq/8DRHVU1pE+bUraqWTAlrpoQtc8KeC63zyHn9+SUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICb/XlJgRAIgiiYM/530vc/rCToGUSIgIZHFbVoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4GN+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICLnfvnbaMMAwD++Oxz/wAiBJQhgIrEAAtN3NLSEQZQxMBHQIpSp4S6FNoMNIpAWWBCmbsgGBFCAoWt36FzI3UpW4cMQWIG3fkuubYuNYXcueT3k16/j32Xe5/3fIny5D0HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDSzjvxUlLE7exhahiXr93aXV/K+u37+syNzduzWcvi1qMG+vrt/z75yfZy9cmJmcqTL+tPBgAAgMOhXdb3EXEn3VrI+mQqr//Tcp+s5v/umWFc1vP31/3bu+tHi02zZf3/6y93X9gbaGo4TnbQ5ZVBf/7BVDoHNMWJ9+wj9+jkZz7/20s7f0OS9zee30nz89n65ubNd7t5eKSObAGAx3Gy7LPg6P7vQ1nfazg3AA6HTqXwLuv/9lSzOQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUYWcjnirjVkTMdvbjzPbu+tKo/sbm7dmynb1+fbN6zOwQaUQsrwz6aY1zmXRXr61dXBwM+ldGBhEP3fTvgxMRcTBHfkgQIzZ9OMaXR/z9PsXlGfXMYu3iYmf8nVv1nd6JDZLi/Sle6dZ71R1skF17x8b6Xv6nQUM/kAAA+N9Ki5bV9XfSrYXstdZ0xJ/f31v/v1aJY8z6/+5HZ29Vx6rW/73aZjj55lYvfTp39draGyuXFi/0L/Q/efNU763e6XNnzpyby87V/NxyJP35ptMEAADgCdYtWrX+T6YfXP8/XoljzPr/s297X1THaqv/R9pf9Gs6EwAAgMOouxc998ofv7dG7NHqduPzxdXVK73h497zU8PHWtN9TEeKVq3/29NNZwUAAADUYWejdc/6//lKHGOu/z/9w4s/VY/ZHn5O9nJE9E8uXR6cr286E62ODyrnA3WbnikAAABNOVa06vp/mt//n+zd8pBExOuvDuPy/6yNU/+33/vqx+pY1fv/T9c3xYmUzAzPR97PRHRmms4IAACAJ9G4S71Hi5YV+7+lWwsf/3z8g677/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq9lcAAAD//+NqOL0=") bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x40060) wait4(r0, 0x0, 0x2, 0x0) ptrace$cont(0x9, r0, 0xba, 0x8) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) 3m27.967111239s ago: executing program 6 (id=1606): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = gettid() ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) r4 = syz_clone(0x200, 0x0, 0x0, 0x0, 0x0, 0x0) kcmp(r3, r4, 0x5, 0xffffffffffffffff, 0xffffffffffffffff) 3m24.116212631s ago: executing program 6 (id=1608): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000300)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_io_uring_submit(0x0, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0xfeffffff, &(0x7f0000000100)={&(0x7f0000000000)=@ipv6_newroute={0x3c, 0x18, 0x1ef, 0xfc, 0x0, {}, [@RTA_MULTIPATH={0xc, 0x9, {0x8}}, @RTA_GATEWAY={0x14, 0x5, @loopback={0x0, 0x2}}]}, 0x3c}, 0x1, 0x11}, 0x0) 3m23.675434393s ago: executing program 36 (id=1608): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000300)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_io_uring_submit(0x0, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0xfeffffff, &(0x7f0000000100)={&(0x7f0000000000)=@ipv6_newroute={0x3c, 0x18, 0x1ef, 0xfc, 0x0, {}, [@RTA_MULTIPATH={0xc, 0x9, {0x8}}, @RTA_GATEWAY={0x14, 0x5, @loopback={0x0, 0x2}}]}, 0x3c}, 0x1, 0x11}, 0x0) 9.792740261s ago: executing program 8 (id=2018): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000340)={0x1d, r4, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18) setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f00000001c0)={0x1d, r5, 0x0, {0x0, 0x0, 0x4}, 0x2}, 0x18) socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@newtfilter={0x24, 0x11, 0x1, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x74, r5, {0x3, 0x8}, {0xfff1, 0xa}, {0x2, 0x8}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x2400c840}, 0x4000850) 8.758393363s ago: executing program 7 (id=2021): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) getrandom(0x0, 0x0, 0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$nvme_fabrics(0xffffff9c, &(0x7f0000000000), 0x80081, 0x0) write$uinput_user_dev(r3, 0x0, 0x0) 8.665841527s ago: executing program 4 (id=2022): sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0xa, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x439, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, 0x9801, 0x1303}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_SPORT={0x6, 0x11, 0x4e21}, @IFLA_IPTUN_LOCAL={0x8, 0x2, @private=0xa010102}]}}}]}, 0x40}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x9}, 0x0) 7.882125996s ago: executing program 2 (id=2023): prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x200000089}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r3, 0x0, 0x0) listen(r3, 0x5) close_range(r3, 0xffffffffffffffff, 0x0) 7.454617118s ago: executing program 7 (id=2024): syz_genetlink_get_family_id$wireguard(&(0x7f0000000100), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x20, 0x1) brk(0x689d80000003) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x2, 0x8, 0x40, 0x42, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000440)={r2, &(0x7f0000000600), &(0x7f0000000580)=""/95}, 0x20) 7.19866131s ago: executing program 8 (id=2025): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300) setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000000100)=0x3, 0x4) setsockopt$inet_int(r0, 0x0, 0xd, &(0x7f0000000280)=0x3, 0x4) process_vm_writev(0x0, &(0x7f0000000240)=[{0x0}, {0x0}, {&(0x7f0000000400)=""/150, 0x96}], 0x3, 0x0, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x1562, &(0x7f0000000040)={0x0, 0x36d, 0xc000, 0xc, 0xa0002f5}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0xfffffffffffffda2, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x24, &(0x7f0000000000)=0xa, 0x4) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 6.083055256s ago: executing program 4 (id=2026): getpeername$packet(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r2, 0x74) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x30, r5, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}}, 0x0) 6.082139386s ago: executing program 2 (id=2027): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_io_uring_setup(0x113, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x3e0}, &(0x7f0000000200)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000004c0)=@IORING_OP_OPENAT={0x12, 0xf, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x11, 0x400000, 0x12345}) io_uring_enter(r3, 0x8aa, 0x0, 0x0, 0x0, 0x0) 5.787027661s ago: executing program 4 (id=2028): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000100000001000013"], 0x0, 0x35, 0x0, 0x1}, 0x28) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r3, 0xae80, 0x0) 4.864637187s ago: executing program 2 (id=2029): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xff}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$rxrpc(0x21, 0x2, 0xa) connect$rxrpc(r3, &(0x7f0000000000)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e20, 0x200, @ipv4={'\x00', '\xff\xff', @remote}, 0x1}}, 0x24) sendmsg$inet(r3, &(0x7f0000000180)={0x0, 0xfffffffffffffd6b, 0x0, 0x0, &(0x7f00000000c0)=[@ip_tos_int={{0x18, 0x110}}], 0x18, 0x4c00}, 0x0) 4.864129277s ago: executing program 7 (id=2030): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x20001, 0xcb) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) io_setup(0x200, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) bind$tipc(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) sendmsg$tipc(r1, &(0x7f0000000540)={&(0x7f00000001c0)=@name={0x1e, 0x2, 0x2, {{0x42}, 0x2}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4040000}, 0x10) syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) 4.623533939s ago: executing program 4 (id=2031): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043) dup(r0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000001000/0x1000)=nil, &(0x7f0000000000/0x2000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0xfffffffffffffed1) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r2 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0x20c89e, 0xc000, 0x8, 0xc1}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r4, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a) splice(r3, 0x0, r0, 0x0, 0xffff, 0x2) 4.623290299s ago: executing program 8 (id=2032): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000012c0), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000604000000002e"], 0x0, 0x37}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x2, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r3, 0x0, 0x1}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="070000000400000008"], 0x50) 3.556763532s ago: executing program 2 (id=2033): r0 = fsopen(&(0x7f0000000200)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000240)=':\'-\'\'**,\x00', &(0x7f00000002c0)=',\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r4) ptrace$getregset(0x4204, r4, 0x202, &(0x7f0000000140)={&(0x7f0000000100)=""/32, 0x20}) 3.445121868s ago: executing program 8 (id=2034): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10) listen(r0, 0x7ff) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) r2 = accept4(r0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) r5 = syz_io_uring_setup(0x237, &(0x7f0000000380)={0x0, 0x262e, 0x10100, 0x0, 0x170}, &(0x7f00000002c0)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r3, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r5, 0x708, 0x41e3, 0x0, 0x0, 0x0) recvmsg$kcm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)=""/150, 0x96}], 0x1}, 0x20000002) 3.379114901s ago: executing program 7 (id=2035): syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x50) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {}, 0xfffffffd, 0x0, 0x1, 0x1}}, 0xb8}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x1, 0x0, 0x1}}, 0xb8}}, 0x0) 3.085952986s ago: executing program 7 (id=2036): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000006c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000007c0)={0xa, 0x2, 0x0, @empty, 0x80000001}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000340)="fb", 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x4e24, 0x0, @loopback, 0x1}}, 0x0, 0x0, 0x2, 0x0, "10baa70a93289349d889de25b87376f64276337642b890d33cb5b592266c5b98fb19402835fee1b3871b7ef6619db5b2a94edb6f73ea08b02aa3b47debd38b6d889a8c986b33eb49c3157f1f370dfd67"}, 0xd8) r1 = fsopen(&(0x7f0000000200)='fuseblk\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000040)='source', &(0x7f0000005fc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0x6, 0x0, &(0x7f0000000d40)='syzkaller\x00'}, 0x94) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x7c40280f}, @NFTA_HOOK_HOOKNUM={0x8}]}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}], {0x14}}, 0xb8}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) 2.014660099s ago: executing program 8 (id=2039): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_udp_encap(r3, 0x11, 0x64, &(0x7f0000000040)=0x3, 0x4) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r4, 0xffffffffffffffff, 0x0) 1.99937471s ago: executing program 2 (id=2040): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000846000/0x4000)=nil) socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0xfe1d, 0x9, @local, 0x2}, 0x29) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) brk(0x55555ede6001) 1.877916456s ago: executing program 7 (id=2041): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = gettid() timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r4 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000001f00)="89000000120081ae08060cdc030000017f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00120c0001000c080c00bdad0140310068ad639a8ace8680210bc28b805508bc7a46e39a8285dcdf12176679df069163ce955fed0009d78f0a947ee2b49e33", 0x89}], 0x1}, 0xff0f000020000080) nanosleep(0x0, &(0x7f0000000200)) ioctl$KVM_RUN(r2, 0xae80, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b4050000ffe0f505711018"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) 5.268469ms ago: executing program 8 (id=2042): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) getrandom(0x0, 0x0, 0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$nvme_fabrics(0xffffff9c, &(0x7f0000000000), 0x80081, 0x0) write$uinput_user_dev(r3, 0x0, 0x0) 0s ago: executing program 4 (id=2043): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff030000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000008400050020010000000000000000000000000000000000002b00000000000000000000000000000000000000000500000000000002000700000000000000000000000000e00000020000000000000000000000004000000033"], 0x13c}}, 0x20040880) connect$inet6(r0, &(0x7f0000000200)={0xa, 0xfd, 0x2, @loopback}, 0x1c) kernel console output (not intermixed with test programs): ] EXT4-fs error (device loop2): ext4_free_blocks:6690: comm syz.2.1014: Freeing blocks not in datazone - block = 0, count = 4096 [ 313.531851][ T9110] EXT4-fs (loop2): Remounting filesystem read-only [ 313.561160][ T9110] EXT4-fs (loop2): 1 orphan inode deleted [ 313.583137][ T7553] EXT4-fs (loop2): Quota write (off=2048, len=1024) cancelled because transaction is not started [ 313.609008][ T9110] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 313.629748][ T9122] vlan0: entered promiscuous mode [ 313.635269][ T7553] Quota error (device loop2): write_blk: dquota write failed [ 313.642839][ T7553] Quota error (device loop2): remove_free_dqentry: Can't write block (2) with free entries [ 313.660471][ T9122] bridge0: entered promiscuous mode [ 313.717248][ T9128] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1017'. [ 313.730157][ T7553] EXT4-fs (loop2): Quota write (off=2048, len=1024) cancelled because transaction is not started [ 313.758167][ T7553] Quota error (device loop2): write_blk: dquota write failed [ 313.761722][ T9122] vlan0: entered allmulticast mode [ 313.778678][ T7553] Quota error (device loop2): free_dqentry: Can't move quota data block (2) to free list [ 313.809185][ T7553] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started [ 313.832543][ T7553] Quota error (device loop2): v2_write_file_info: Can't write info structure [ 313.847364][ T9122] bridge0: entered allmulticast mode [ 313.860094][ T9133] autofs4:pid:9133:autofs_fill_super: called with bogus options [ 313.916210][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 313.995479][ T9124] tipc: Started in network mode [ 314.001363][ T9124] tipc: Node identity 7f000001, cluster identity 4711 [ 314.019516][ T9124] tipc: Enabled bearer , priority 10 [ 314.040488][ T9131] bridge_slave_0: left allmulticast mode [ 314.077889][ T9131] bridge_slave_0: left promiscuous mode [ 314.103256][ T9131] bridge0: port 1(bridge_slave_0) entered disabled state [ 314.138075][ T9131] bridge_slave_1: left allmulticast mode [ 314.155525][ T9131] bridge_slave_1: left promiscuous mode [ 314.177677][ T9131] bridge0: port 2(bridge_slave_1) entered disabled state [ 314.250131][ T9131] bond0: (slave bond_slave_0): Releasing backup interface [ 314.274113][ T9131] bond0: (slave bond_slave_1): Releasing backup interface [ 314.310680][ T9144] tipc: Failed to remove unknown binding: 66,0,0/0:243091646/243091648 [ 314.338881][ T9144] tipc: Failed to remove unknown binding: 66,0,0/0:243091646/243091647 [ 314.341833][ T9131] team0: Port device team_slave_0 removed [ 314.363385][ T9131] team0: Port device team_slave_1 removed [ 314.371152][ T9144] tipc: Failed to remove unknown binding: 66,0,0/0:243091646/243091648 [ 314.380445][ T9131] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 314.386932][ T9144] tipc: Failed to remove unknown binding: 66,0,0/0:243091646/243091647 [ 314.447393][ T9131] bond1: (slave veth3): Releasing backup interface [ 314.477659][ T9131] veth3: left promiscuous mode [ 315.146665][ T8601] tipc: Node number set to 2130706433 [ 318.069072][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.075731][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.963538][ T9235] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1041'. [ 319.067195][ T9239] loop4: detected capacity change from 0 to 512 [ 319.147460][ T9239] EXT4-fs (loop4): 1 truncate cleaned up [ 319.160572][ T9239] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 319.439034][ T9247] netlink: 'syz.3.1045': attribute type 1 has an invalid length. [ 319.530169][ T9247] 8021q: adding VLAN 0 to HW filter on device bond3 [ 319.601820][ T9251] bond3: (slave ip6gretap1): making interface the new active one [ 319.660900][ T9251] bond3: (slave ip6gretap1): Enslaving as an active interface with an up link [ 319.706545][ T9249] bond3: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms [ 319.755367][ T9249] bond3: entered allmulticast mode [ 319.772232][ T9249] ip6gretap1: entered allmulticast mode [ 319.989784][ T8637] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 321.432266][ T9280] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1050'. [ 322.144621][ T8601] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 322.345202][ T8601] usb 5-1: Using ep0 maxpacket: 32 [ 322.352522][ T8601] usb 5-1: config 0 has an invalid interface number: 188 but max is 0 [ 322.383088][ T8601] usb 5-1: config 0 has no interface number 0 [ 322.424810][ T8601] usb 5-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 322.463873][ T8601] usb 5-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 322.478165][ T8601] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 322.494806][ T8601] usb 5-1: Product: syz [ 322.499148][ T8601] usb 5-1: Manufacturer: syz [ 322.503780][ T8601] usb 5-1: SerialNumber: syz [ 322.523835][ T8601] usb 5-1: config 0 descriptor?? [ 322.530325][ T9288] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 322.790795][ T9288] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 324.828510][ T8601] asix 5-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 324.849432][ T8601] asix 5-1:0.188 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 324.890707][ T8601] asix: probe of 5-1:0.188 failed with error -71 [ 324.931065][ T8601] usb 5-1: USB disconnect, device number 2 [ 325.039677][ T9344] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1063'. [ 325.060299][ T9344] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1063'. [ 326.521440][ T9382] loop2: detected capacity change from 0 to 4096 [ 326.594960][ T9382] ext4: Unknown parameter 'uid>00000000000000000000' [ 327.246849][ T9385] IPVS: Scheduler module ip_vs_ not found [ 327.496582][ T9395] tipc: Failed to remove unknown binding: 66,1,1/0:1543517794/1543517796 [ 327.523976][ T9395] tipc: Failed to remove unknown binding: 66,1,1/0:1543517794/1543517796 [ 327.562782][ T9395] tipc: Failed to remove unknown binding: 66,1,1/0:1543517794/1543517796 [ 331.666924][ T9446] loop4: detected capacity change from 0 to 128 [ 331.678778][ T9446] FAT-fs (loop4): Unrecognized mount option "18446744073709551615ÿÿÿ" or missing value [ 331.972172][ T28] audit: type=1326 audit(2000000212.311:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9456 comm="syz.2.1094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 332.024750][ T28] audit: type=1326 audit(2000000212.311:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9456 comm="syz.2.1094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 332.091476][ T28] audit: type=1326 audit(2000000212.341:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9456 comm="syz.2.1094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 332.191668][ T28] audit: type=1326 audit(2000000212.341:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9456 comm="syz.2.1094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 332.250827][ T28] audit: type=1326 audit(2000000212.341:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9456 comm="syz.2.1094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 332.281771][ T28] audit: type=1326 audit(2000000212.341:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9456 comm="syz.2.1094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 332.315146][ T28] audit: type=1326 audit(2000000212.341:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9456 comm="syz.2.1094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 332.353286][ T28] audit: type=1326 audit(2000000212.341:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9456 comm="syz.2.1094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 332.376955][ T28] audit: type=1326 audit(2000000212.341:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9456 comm="syz.2.1094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=87 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 332.411656][ T28] audit: type=1326 audit(2000000212.341:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9456 comm="syz.2.1094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 332.624369][ T8604] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 332.825722][ T8604] usb 3-1: config 0 has no interfaces? [ 332.831267][ T8604] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 332.861462][ T8604] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.903610][ T8604] usb 3-1: config 0 descriptor?? [ 333.614233][ T23] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 333.874389][ T23] usb 5-1: Using ep0 maxpacket: 8 [ 333.925693][ T23] usb 5-1: config index 0 descriptor too short (expected 5924, got 36) [ 334.089587][ T23] usb 5-1: config 250 has an invalid interface number: 228 but max is -1 [ 334.315050][ T23] usb 5-1: config 250 has an invalid descriptor of length 0, skipping remainder of the config [ 334.384081][ T23] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 334.422415][ T23] usb 5-1: config 250 has no interface number 0 [ 334.458564][ T23] usb 5-1: config 250 interface 228 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 17 [ 334.540206][ T23] usb 5-1: config 250 interface 228 has no altsetting 0 [ 334.566675][ T23] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 334.593089][ T23] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 334.627505][ T23] usb 5-1: Product: syz [ 334.631778][ T23] usb 5-1: SerialNumber: syz [ 334.681667][ T23] hub 5-1:250.228: bad descriptor, ignoring hub [ 334.704194][ T23] hub: probe of 5-1:250.228 failed with error -5 [ 335.316294][ T8604] usb 3-1: USB disconnect, device number 5 [ 335.384408][ T5811] usb 5-1: USB disconnect, device number 3 [ 335.955269][ T9533] vlan3: entered promiscuous mode [ 335.960403][ T9533] bridge0: entered promiscuous mode [ 336.009593][ T9533] vlan3: entered allmulticast mode [ 336.024237][ T9533] bridge0: entered allmulticast mode [ 336.114560][ T9533] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1108'. [ 336.182724][ T9533] bridge_slave_0: left allmulticast mode [ 336.202715][ T9533] bridge_slave_0: left promiscuous mode [ 336.223871][ T9533] bridge0: port 1(bridge_slave_0) entered disabled state [ 336.246619][ T9533] bridge_slave_1: left allmulticast mode [ 336.252630][ T9533] bridge_slave_1: left promiscuous mode [ 336.273167][ T9533] bridge0: port 2(bridge_slave_1) entered disabled state [ 336.302972][ T9533] bond0: (slave bond_slave_0): Releasing backup interface [ 336.358299][ T9533] bond0: (slave bond_slave_1): Releasing backup interface [ 336.451727][ T9533] team0: Port device team_slave_0 removed [ 336.499638][ T9533] team0: Port device team_slave_1 removed [ 336.525409][ T9533] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 336.547403][ T9533] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 336.571783][ T9533] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 336.584917][ T9533] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 336.647140][ T9533] team0: Port device vlan2 removed [ 336.676463][ T9533] bond1: (slave bridge1): Releasing backup interface [ 336.728285][ T9533] bond2: (slave veth5): Releasing active interface [ 336.740434][ T9533] bond2: (slave veth5): the permanent HWaddr of slave - c2:67:0c:bb:4f:7d - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 336.765914][ T9533] gretap1: entered promiscuous mode [ 336.807744][ T9533] bond2: (slave gretap1): Releasing active interface [ 336.820017][ T9533] gretap1: left promiscuous mode [ 337.634389][ T9569] openvswitch: netlink: Key 22 has unexpected len 2 expected 4 [ 338.869115][ T9592] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 341.268762][ T9616] netlink: 'syz.2.1127': attribute type 1 has an invalid length. [ 341.484593][ T9619] bond4: (slave gretap1): making interface the new active one [ 341.504380][ T9619] bond4: (slave gretap1): Enslaving as an active interface with an up link [ 341.548303][ T9623] vlan4: entered allmulticast mode [ 341.615471][ T9623] bond4: entered allmulticast mode [ 341.620721][ T9623] gretap1: entered allmulticast mode [ 341.666984][ T9623] bond4: (slave vlan4): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 341.843600][ T23] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 342.119534][ T23] usb 5-1: config 0 has an invalid interface number: 2 but max is 0 [ 342.183550][ T23] usb 5-1: config 0 has no interface number 0 [ 342.226549][ T23] usb 5-1: config 0 interface 2 altsetting 2 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 342.292495][ T23] usb 5-1: config 0 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 342.352569][ T23] usb 5-1: config 0 interface 2 altsetting 2 endpoint 0x82 has invalid maxpacket 192, setting to 64 [ 342.418027][ T23] usb 5-1: config 0 interface 2 has no altsetting 0 [ 342.496962][ T23] usb 5-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f [ 342.507474][ T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 342.526623][ T23] usb 5-1: Product: syz [ 342.530863][ T23] usb 5-1: Manufacturer: syz [ 342.544441][ T23] usb 5-1: SerialNumber: syz [ 342.566548][ T23] usb 5-1: config 0 descriptor?? [ 342.582673][ T9630] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 342.591226][ T9630] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 342.971357][ T23] usb 5-1: Quirk or no altest; falling back to MIDI 1.0 [ 343.275856][ T23] usb 5-1: USB disconnect, device number 4 [ 343.480007][ T5783] udevd[5783]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.2/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 344.323338][ T9664] netlink: 'syz.4.1136': attribute type 4 has an invalid length. [ 344.644925][ T9668] bond1: entered promiscuous mode [ 344.690225][ T9668] ip6gretap1: entered promiscuous mode [ 344.696873][ T9668] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 344.754548][ T9668] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface [ 344.787989][ T9668] ip6gretap1: left promiscuous mode [ 344.820974][ T9668] bond1 (unregistering): Released all slaves [ 344.914685][ T9674] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1138'. [ 345.023935][ T9674] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 345.045783][ T9674] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 345.082415][ T9674] bond0 (unregistering): Released all slaves [ 347.902346][ T9721] xt_hashlimit: overflow, try lower: 18446744073709551615/255 [ 349.002732][ T28] kauditd_printk_skb: 49 callbacks suppressed [ 349.002750][ T28] audit: type=1326 audit(2000000229.332:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9728 comm="syz.3.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb8c199c799 code=0x7fc00000 [ 349.065614][ T28] audit: type=1326 audit(2000000229.372:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9728 comm="syz.3.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fb8c199c799 code=0x7fc00000 [ 349.905201][ T9738] 9pnet: p9_errstr2errno: server reported unknown error aaaaaaaaa [ 354.638234][ T9788] openvswitch: netlink: Key 22 has unexpected len 2 expected 4 [ 357.188065][ T9808] binder_alloc: 9807: pid 9807 spamming oneway? 2 buffers allocated for a total size of 5120 [ 357.211830][ T9808] binder_alloc: 9807: pid 9807 spamming oneway? 3 buffers allocated for a total size of 5128 [ 357.526936][ T9815] openvswitch: netlink: Message has 4 unknown bytes. [ 358.278702][ T9817] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1181'. [ 358.301736][ T9817] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 358.311175][ T9817] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 358.320286][ T9817] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 358.329370][ T9817] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 358.348940][ T9817] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1181'. [ 358.865720][ T9834] fuse: Bad value for 'fd' [ 359.749553][ T9842] fuse: Bad value for 'fd' [ 363.100815][ T9865] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1197'. [ 363.276694][ T9873] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1198'. [ 363.428936][ T9865] bond1: (slave vcan1): refused to change device type [ 363.473926][ T9880] tipc: Enabling of bearer rejected, failed to enable media [ 364.049636][ T9890] loop2: detected capacity change from 0 to 512 [ 364.057206][ T9890] EXT4-fs: Ignoring removed i_version option [ 365.569053][ T9890] EXT4-fs (loop2): 1 truncate cleaned up [ 365.576597][ T9890] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 365.883029][ T9897] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1206'. [ 365.936848][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 366.108856][ T9903] loop2: detected capacity change from 0 to 256 [ 367.812522][ T9919] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1215'. [ 368.067845][ T9928] syzkaller0: entered promiscuous mode [ 368.079023][ T9928] syzkaller0: entered allmulticast mode [ 368.235119][ T9932] netlink: 41 bytes leftover after parsing attributes in process `syz.3.1219'. [ 368.545000][ T9940] netlink: 'syz.1.1223': attribute type 1 has an invalid length. [ 368.728107][ T9940] 8021q: adding VLAN 0 to HW filter on device bond4 [ 368.737081][ T9940] bond3: (slave bond4): making interface the new active one [ 368.745244][ T9940] bond3: (slave bond4): Enslaving as an active interface with an up link [ 369.845907][ T9952] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1226'. [ 370.580386][ T9971] loop4: detected capacity change from 0 to 4096 [ 370.647513][ T9971] ntfs3: loop4: Failed to load $MFT (-22). [ 371.077622][ T9982] netlink: 'syz.3.1236': attribute type 1 has an invalid length. [ 371.940937][ T9984] 8021q: adding VLAN 0 to HW filter on device bond5 [ 372.021698][ T9984] bond4: (slave bond5): making interface the new active one [ 372.085082][ T9984] bond4: (slave bond5): Enslaving as an active interface with an up link [ 372.132508][ T9986] bond4: (slave gretap1): Enslaving as a backup interface with an up link [ 373.144819][ T9991] lo speed is unknown, defaulting to 1000 [ 373.182505][T10003] netlink: 'syz.1.1241': attribute type 10 has an invalid length. [ 373.324596][T10003] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 374.138694][T10029] netlink: 'syz.1.1249': attribute type 10 has an invalid length. [ 374.253981][T10029] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 376.488196][T10063] vlan2: entered promiscuous mode [ 376.673097][T10063] bridge0: entered promiscuous mode [ 376.678671][T10063] vlan2: entered allmulticast mode [ 376.693662][T10063] bridge0: entered allmulticast mode [ 376.854630][T10066] bridge_slave_0: left allmulticast mode [ 376.879645][T10066] bridge_slave_0: left promiscuous mode [ 376.904844][T10066] bridge0: port 1(bridge_slave_0) entered disabled state [ 376.991757][T10066] bridge_slave_1: left allmulticast mode [ 377.013835][T10066] bridge_slave_1: left promiscuous mode [ 377.019884][T10066] bridge0: port 2(bridge_slave_1) entered disabled state [ 377.728506][T10066] bond0: (slave bond_slave_0): Releasing backup interface [ 377.794371][T10066] bond0: (slave bond_slave_1): Releasing backup interface [ 377.937149][T10066] team0: Port device team_slave_0 removed [ 377.977122][T10066] team0: Port device team_slave_1 removed [ 378.007057][T10066] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 378.022661][T10066] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 378.033778][T10066] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 378.047711][T10066] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 378.186718][T10082] bond0: (slave wlan1): Releasing backup interface [ 378.220532][T10085] netlink: 'syz.2.1264': attribute type 1 has an invalid length. [ 378.301755][T10085] 8021q: adding VLAN 0 to HW filter on device bond0 [ 378.345116][T10086] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1264'. [ 378.385626][T10086] bond0: entered promiscuous mode [ 378.390834][T10086] bond0: entered allmulticast mode [ 378.449871][T10087] bond0: (slave dummy0): making interface the new active one [ 378.472813][T10087] dummy0: entered promiscuous mode [ 378.478279][T10087] dummy0: entered allmulticast mode [ 378.527589][T10087] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 378.630549][T10078] lo speed is unknown, defaulting to 1000 [ 379.546547][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.557725][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.001294][T10105] netlink: 'syz.1.1277': attribute type 11 has an invalid length. [ 381.401643][T10115] loop4: detected capacity change from 0 to 128 [ 381.432096][T10115] FAT-fs (loop4): bogus number of FAT sectors [ 381.452742][T10115] FAT-fs (loop4): Can't find a valid FAT filesystem [ 381.544432][T10108] netlink: 'syz.2.1269': attribute type 10 has an invalid length. [ 381.570852][T10115] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1271'. [ 381.586839][T10116] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1271'. [ 383.313593][T10141] team0: Mode changed to "loadbalance" [ 383.377885][T10146] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1281'. [ 383.471196][T10148] netlink: 'syz.3.1282': attribute type 10 has an invalid length. [ 383.489171][T10148] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 383.506053][T10134] vlan0: entered promiscuous mode [ 383.560486][T10134] team0: Port device vlan0 added [ 383.593252][T10141] tipc: Enabled bearer , priority 0 [ 383.923121][T10158] netlink: 'syz.4.1284': attribute type 1 has an invalid length. [ 383.971681][T10158] 8021q: adding VLAN 0 to HW filter on device bond2 [ 384.173580][T10158] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1284'. [ 384.210309][T10158] bond2: entered promiscuous mode [ 384.223721][T10158] bond2: entered allmulticast mode [ 384.304414][T10158] bond2: (slave dummy0): making interface the new active one [ 384.311889][T10158] dummy0: entered promiscuous mode [ 384.350395][T10158] dummy0: entered allmulticast mode [ 384.358501][T10158] bond2: (slave dummy0): Enslaving as an active interface with an up link [ 386.406521][T10181] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1292'. [ 386.552505][T10188] loop4: detected capacity change from 0 to 128 [ 386.772012][T10188] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 386.834003][T10188] ext4 filesystem being mounted at /78/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 387.112221][T10184] netlink: 'syz.3.1292': attribute type 5 has an invalid length. [ 387.308041][T10184] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1292'. [ 388.692933][ T8637] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 388.723999][T10195] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1297'. [ 389.441725][T10211] xt_TPROXY: Can be used only with -p tcp or -p udp [ 391.329028][T10199] lo speed is unknown, defaulting to 1000 [ 392.726617][T10231] loop4: detected capacity change from 0 to 256 [ 392.831163][T10231] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e00961, utbl_chksum : 0xe619d30d) [ 392.900962][T10235] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1308'. [ 392.968935][T10231] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1307'. [ 396.761213][T10258] loop4: detected capacity change from 0 to 128 [ 396.807358][T10258] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 396.883828][T10256] bond0: (slave netdevsim0): Releasing backup interface [ 396.924250][T10258] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 396.962790][T10258] ext2 filesystem being mounted at /84/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 397.003541][T10256] bond3: (slave bond4): Releasing backup interface [ 397.290984][T10261] team0: Mode changed to "loadbalance" [ 397.303450][ T8637] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 397.614330][T10262] veth0_vlan: left promiscuous mode [ 397.619661][T10262] vlan0: entered promiscuous mode [ 397.733219][T10262] veth0_vlan: entered promiscuous mode [ 397.789650][T10262] team0: Port device vlan0 added [ 401.010159][T10300] UBIFS error (pid: 10300): cannot open "ubifs", error -22 [ 401.706353][T10311] IPVS: wlc: FWM 3 0x00000003 - no destination available [ 402.399866][ T28] audit: type=1326 audit(2000000538.738:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10312 comm="syz.2.1333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 402.472708][ T28] audit: type=1326 audit(2000000538.738:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10312 comm="syz.2.1333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 402.540735][ T28] audit: type=1326 audit(2000000538.768:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10312 comm="syz.2.1333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 402.567902][T10313] loop2: detected capacity change from 0 to 2048 [ 402.573048][ T28] audit: type=1326 audit(2000000538.768:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10312 comm="syz.2.1333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 403.016260][ T28] audit: type=1326 audit(2000000538.768:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10312 comm="syz.2.1333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 403.055471][T10313] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 403.421805][ T28] audit: type=1326 audit(2000000538.778:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10312 comm="syz.2.1333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 403.515405][ T28] audit: type=1326 audit(2000000538.778:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10312 comm="syz.2.1333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 403.538584][ T28] audit: type=1326 audit(2000000538.778:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10312 comm="syz.2.1333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 403.582245][ T28] audit: type=1326 audit(2000000538.778:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10312 comm="syz.2.1333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f00d639c502 code=0x7ffc0000 [ 403.632746][ T28] audit: type=1326 audit(2000000538.808:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10312 comm="syz.2.1333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f00d635cfce code=0x7ffc0000 [ 403.704241][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 404.997432][T10321] lo speed is unknown, defaulting to 1000 [ 407.234813][T10354] syzkaller0: entered promiscuous mode [ 407.244955][T10354] syzkaller0: entered allmulticast mode [ 407.252916][ T5781] Bluetooth: hci2: command 0x0406 tx timeout [ 412.878989][T10390] Cannot find add_set index 0 as target [ 416.700506][T10372] netlink: 'syz.1.1350': attribute type 4 has an invalid length. [ 416.980914][T10396] lo speed is unknown, defaulting to 1000 [ 419.154906][T10416] netlink: 'syz.2.1362': attribute type 1 has an invalid length. [ 419.235179][T10416] 8021q: adding VLAN 0 to HW filter on device bond5 [ 419.571133][T10416] bond5: (slave gretap2): making interface the new active one [ 419.604193][T10416] bond5: (slave gretap2): Enslaving as an active interface with an up link [ 419.745568][ T5781] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 419.759171][ T5781] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 419.769201][ T5781] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 419.779079][ T5781] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 419.795765][ T5781] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 419.813817][ T5781] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 420.657332][T10426] lo speed is unknown, defaulting to 1000 [ 420.898386][ T5863] syz0: rxe_query_port: returned err = -19 [ 421.032394][ T7561] smc: removing ib device syz0 [ 421.893141][ T5781] Bluetooth: hci4: command tx timeout [ 421.920800][T10462] tipc: Started in network mode [ 421.930849][T10462] tipc: Node identity ac1414aa, cluster identity 4711 [ 421.974317][T10462] tipc: Enabled bearer , priority 10 [ 422.070073][T10465] tipc: Enabled bearer , priority 0 [ 422.276820][T10426] chnl_net:caif_netlink_parms(): no params data found [ 422.679256][T10476] vxcan2: entered allmulticast mode [ 422.940672][T10482] netlink: 'syz.4.1379': attribute type 1 has an invalid length. [ 423.115363][T10482] 8021q: adding VLAN 0 to HW filter on device bond3 [ 423.240026][T10426] bridge0: port 1(bridge_slave_0) entered blocking state [ 423.247674][T10426] bridge0: port 1(bridge_slave_0) entered disabled state [ 423.256654][T10426] bridge_slave_0: entered allmulticast mode [ 423.269411][T10426] bridge_slave_0: entered promiscuous mode [ 423.328494][T10484] 8021q: adding VLAN 0 to HW filter on device bond3 [ 423.337223][T10484] bond3: (slave vti0): The slave device specified does not support setting the MAC address [ 423.352632][T10484] bond3: (slave vti0): Error -95 calling set_mac_address [ 424.035559][ T5781] Bluetooth: hci4: command tx timeout [ 424.244018][ T5863] tipc: Node number set to 2886997162 [ 424.288404][T10492] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1381'. [ 424.318591][T10485] bond3: (slave gretap1): making interface the new active one [ 424.328220][T10485] bond3: (slave gretap1): Enslaving as an active interface with an up link [ 424.349386][T10426] bridge0: port 2(bridge_slave_1) entered blocking state [ 424.364681][T10426] bridge0: port 2(bridge_slave_1) entered disabled state [ 424.382374][T10426] bridge_slave_1: entered allmulticast mode [ 424.396384][T10426] bridge_slave_1: entered promiscuous mode [ 424.420076][T10495] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1382'. [ 424.462807][T10492] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1381'. [ 424.472040][T10492] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1381'. [ 424.513241][T10426] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 424.526592][T10426] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 424.586710][T10426] team0: Port device team_slave_0 added [ 425.142743][T10426] team0: Port device team_slave_1 added [ 425.177782][T10426] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 425.185120][T10426] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 425.215588][T10426] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 425.229431][T10426] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 425.240611][T10426] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 425.301841][T10426] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 425.500272][T10426] hsr_slave_0: entered promiscuous mode [ 425.533368][T10426] hsr_slave_1: entered promiscuous mode [ 425.551275][T10426] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 425.562943][T10426] Cannot create hsr debugfs directory [ 426.052975][ T5781] Bluetooth: hci4: command tx timeout [ 426.918903][T10525] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1391'. [ 427.753687][T10426] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 427.789173][T10426] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 427.826808][T10426] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 427.852112][T10426] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 428.066407][T10426] 8021q: adding VLAN 0 to HW filter on device bond0 [ 428.119622][T10426] 8021q: adding VLAN 0 to HW filter on device team0 [ 428.173732][ T5781] Bluetooth: hci4: command tx timeout [ 428.673864][ T7561] bridge0: port 1(bridge_slave_0) entered blocking state [ 428.681123][ T7561] bridge0: port 1(bridge_slave_0) entered forwarding state [ 428.871147][ T7561] bridge0: port 2(bridge_slave_1) entered blocking state [ 428.878478][ T7561] bridge0: port 2(bridge_slave_1) entered forwarding state [ 429.557944][T10548] netlink: 'syz.1.1398': attribute type 1 has an invalid length. [ 429.580385][T10549] overlayfs: failed to resolve './file1': -2 [ 429.671732][T10548] 8021q: adding VLAN 0 to HW filter on device bond5 [ 429.783787][T10551] bond5: (slave gretap2): making interface the new active one [ 429.804565][T10551] bond5: (slave gretap2): Enslaving as an active interface with an up link [ 431.384210][T10426] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 432.354323][T10586] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1408'. [ 432.849760][T10587] 8021q: adding VLAN 0 to HW filter on device bond7 [ 432.859623][T10587] bond6: (slave bond7): Enslaving as an active interface with an up link [ 434.643890][T10610] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 434.652877][T10610] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 434.661446][T10610] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 435.102820][ T5812] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 435.424021][T10426] veth0_vlan: entered promiscuous mode [ 435.449628][T10426] veth1_vlan: entered promiscuous mode [ 435.473009][ T5812] usb 3-1: Using ep0 maxpacket: 16 [ 435.502929][ T5812] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 435.512074][ T5812] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 435.551962][T10426] veth0_macvtap: entered promiscuous mode [ 435.561658][ T5812] usb 3-1: config 0 descriptor?? [ 435.586522][ T5812] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 435.598866][T10426] veth1_macvtap: entered promiscuous mode [ 435.660948][T10426] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 435.723611][T10426] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 436.396634][T10426] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 436.476281][T10426] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 436.566896][T10426] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 436.625896][T10426] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.431888][ T3478] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 437.454211][ T3478] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 437.547389][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 437.556933][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 437.630642][T10628] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 439.059867][ T5812] gspca_sonixj: reg_w1 err -71 [ 439.526170][ T5812] sonixj: probe of 3-1:0.0 failed with error -71 [ 439.538902][ T5812] usb 3-1: USB disconnect, device number 6 [ 439.781696][T10650] loop4: detected capacity change from 0 to 256 [ 440.939809][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.946404][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.427020][T10651] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 441.482060][T10652] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1425'. [ 441.881654][T10657] loop4: detected capacity change from 0 to 128 [ 441.939175][T10654] 9pnet: p9_errstr2errno: server reported unknown error Àñ'IÓ$íÛ·=¼ [ 441.947312][ T6726] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 442.129632][T10662] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1431'. [ 442.229225][T10662] 8021q: adding VLAN 0 to HW filter on device bond5 [ 442.237969][T10662] bond4: (slave bond5): Enslaving as an active interface with an up link [ 442.333559][ T6190] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 442.532907][ T6190] usb 6-1: Using ep0 maxpacket: 16 [ 442.551465][ T6190] usb 6-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 442.569073][ T6190] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 442.583427][ T6190] usb 6-1: Product: syz [ 442.593625][ T6190] usb 6-1: Manufacturer: syz [ 442.601473][ T6190] usb 6-1: SerialNumber: syz [ 442.621152][ T6190] usb 6-1: config 0 descriptor?? [ 443.083949][ T6190] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 443.188416][ T6190] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 443.203134][ T6190] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 443.230074][ T6190] usb 6-1: media controller created [ 444.066926][T10659] Cannot find add_set index 0 as target [ 444.222046][ T6190] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 444.438814][ T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 444.451378][ T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 444.463717][ T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 444.488871][ T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 444.505073][ T52] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 444.516612][ T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 444.650467][T10687] lo speed is unknown, defaulting to 1000 [ 444.857697][ T6190] zl10353_read_register: readreg error (reg=127, ret==0) [ 444.878548][ T6190] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 444.892954][ T6190] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 444.925587][ T6190] usb 6-1: USB disconnect, device number 2 [ 445.099046][ T6190] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 445.275665][T10687] chnl_net:caif_netlink_parms(): no params data found [ 446.679566][T10702] loop4: detected capacity change from 0 to 512 [ 446.839055][ T52] Bluetooth: hci0: command tx timeout [ 447.112960][T10702] EXT4-fs warning (device loop4): ext4_enable_quotas:7184: Failed to enable quota tracking (type=0, err=-13, ino=3). Please run e2fsck to fix. [ 447.128543][T10702] EXT4-fs (loop4): mount failed [ 447.548859][T10718] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1442'. [ 447.587557][ T28] kauditd_printk_skb: 24 callbacks suppressed [ 447.587573][ T28] audit: type=1800 audit(2000000583.928:321): pid=10720 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1443" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 448.287310][T10687] bridge0: port 1(bridge_slave_0) entered blocking state [ 448.345540][T10687] bridge0: port 1(bridge_slave_0) entered disabled state [ 448.425837][T10687] bridge_slave_0: entered allmulticast mode [ 448.521482][T10687] bridge_slave_0: entered promiscuous mode [ 448.585453][T10687] bridge0: port 2(bridge_slave_1) entered blocking state [ 448.602885][T10687] bridge0: port 2(bridge_slave_1) entered disabled state [ 448.610414][T10687] bridge_slave_1: entered allmulticast mode [ 448.629341][T10687] bridge_slave_1: entered promiscuous mode [ 448.743590][T10687] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 448.767330][T10687] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 448.821179][T10729] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000000 [ 448.851837][T10687] team0: Port device team_slave_0 added [ 448.853288][ T52] Bluetooth: hci0: command tx timeout [ 448.873357][T10687] team0: Port device team_slave_1 added [ 448.977792][T10687] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 449.000634][T10687] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 449.037912][T10687] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 449.065912][T10687] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 449.075362][T10687] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 449.112985][T10687] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 449.129733][T10736] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 449.217754][T10687] hsr_slave_0: entered promiscuous mode [ 449.283884][T10687] hsr_slave_1: entered promiscuous mode [ 449.299121][T10687] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 449.307659][T10687] Cannot create hsr debugfs directory [ 450.664582][T10687] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 450.735216][T10687] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 450.799944][T10687] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 450.866743][T10754] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1456'. [ 450.886114][T10687] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 450.933048][ T52] Bluetooth: hci0: command tx timeout [ 451.002191][T10687] 8021q: adding VLAN 0 to HW filter on device bond0 [ 451.028136][T10757] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1456'. [ 451.119571][T10687] 8021q: adding VLAN 0 to HW filter on device team0 [ 451.197725][ T7539] bridge0: port 1(bridge_slave_0) entered blocking state [ 451.205075][ T7539] bridge0: port 1(bridge_slave_0) entered forwarding state [ 451.693782][ T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 452.013603][ T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.105576][ T7555] bridge0: port 2(bridge_slave_1) entered blocking state [ 452.112847][ T7555] bridge0: port 2(bridge_slave_1) entered forwarding state [ 452.184889][T10687] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 452.319495][ T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 452.347446][ T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.013226][ T52] Bluetooth: hci0: command tx timeout [ 453.409416][ T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 453.449417][ T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.532630][T10773] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1458'. [ 453.769967][ T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 453.802046][ T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.830614][T10778] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1462'. [ 454.684760][T10779] bridge4: port 1(veth7) entered blocking state [ 454.722817][T10779] bridge4: port 1(veth7) entered disabled state [ 454.729969][T10779] veth7: entered allmulticast mode [ 454.747234][T10779] veth7: entered promiscuous mode [ 454.844364][T10780] bridge4: port 2(veth9) entered blocking state [ 454.861294][T10780] bridge4: port 2(veth9) entered disabled state [ 454.905149][T10780] veth9: entered allmulticast mode [ 454.928562][T10780] veth9: entered promiscuous mode [ 455.068578][T10687] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 455.458404][ T11] tipc: Disabling bearer [ 455.488889][ T11] tipc: Disabling bearer [ 455.604107][ T11] tipc: Left network mode [ 457.673181][T10819] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1469'. [ 459.768210][T10687] veth0_vlan: entered promiscuous mode [ 459.901253][T10876] netlink: 'syz.2.1476': attribute type 21 has an invalid length. [ 460.014551][T10687] veth1_vlan: entered promiscuous mode [ 460.196417][ T11] bond5: (slave gretap2): Releasing active interface [ 460.319394][T10877] lo speed is unknown, defaulting to 1000 [ 460.497570][ T28] audit: type=1326 audit(2000000596.838:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10893 comm="syz.2.1478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 460.581715][ T28] audit: type=1326 audit(2000000596.858:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10893 comm="syz.2.1478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 460.675005][ T28] audit: type=1326 audit(2000000596.838:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10893 comm="syz.2.1478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 460.771262][T10687] veth0_macvtap: entered promiscuous mode [ 460.812685][ T28] audit: type=1326 audit(2000000596.868:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10893 comm="syz.2.1478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 460.892641][ T28] audit: type=1326 audit(2000000596.868:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10893 comm="syz.2.1478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f00d635cfce code=0x7ffc0000 [ 460.946338][ T28] audit: type=1326 audit(2000000596.868:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10893 comm="syz.2.1478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 460.974358][T10687] veth1_macvtap: entered promiscuous mode [ 461.007112][ T28] audit: type=1326 audit(2000000596.868:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10893 comm="syz.2.1478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 461.131039][ T28] audit: type=1326 audit(2000000596.868:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10893 comm="syz.2.1478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 461.181717][ T11] hsr_slave_0: left promiscuous mode [ 461.208268][ T28] audit: type=1326 audit(2000000596.878:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10893 comm="syz.2.1478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 461.257025][ T11] hsr_slave_1: left promiscuous mode [ 461.308190][ T28] audit: type=1326 audit(2000000596.878:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10893 comm="syz.2.1478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00d639c799 code=0x7ffc0000 [ 461.422969][ T11] veth1_macvtap: left promiscuous mode [ 461.436765][ T11] veth0_macvtap: left promiscuous mode [ 461.453619][ T11] veth1_vlan: left promiscuous mode [ 461.742620][T10912] block device autoloading is deprecated and will be removed. [ 461.759807][T10910] block device autoloading is deprecated and will be removed. [ 462.187869][T10919] loop5: detected capacity change from 0 to 128 [ 463.061942][T10919] Trying to write to read-only block-device loop5 [ 463.107983][T10919] syz.5.1483: attempt to access beyond end of device [ 463.107983][T10919] loop5: rw=2049, sector=145, nr_sectors = 408 limit=128 [ 463.167045][ T11] bond6 (unregistering): (slave bond7): Releasing backup interface [ 463.217343][T10926] syz.5.1483: attempt to access beyond end of device [ 463.217343][T10926] loop5: rw=0, sector=150, nr_sectors = 1 limit=128 [ 463.232019][ T11] bond7 (unregistering): Released all slaves [ 463.279736][ T11] bond6 (unregistering): Released all slaves [ 464.034500][ T11] bond5 (unregistering): Released all slaves [ 464.211822][T10948] kvm_intel: kvm [10945]: vcpu0, guest rIP: 0x0 Unhandled WRMSR(0x1d9) = 0x10164ff [ 464.546069][ T11] bond4 (unregistering): Released all slaves [ 464.568295][ T11] bond3 (unregistering): Released all slaves [ 465.011593][ T11] bond2 (unregistering): Released all slaves [ 465.240908][ T11] bond1 (unregistering): Released all slaves [ 465.708027][ T11] team0 (unregistering): Port device vlan0 removed [ 467.116343][ T11] bond0 (unregistering): Released all slaves [ 467.368293][T10952] bridge_slave_0: left allmulticast mode [ 467.388619][T10952] bridge_slave_0: left promiscuous mode [ 467.419847][T10952] bridge0: port 1(bridge_slave_0) entered disabled state [ 467.463621][T10952] bridge_slave_1: left allmulticast mode [ 467.469375][T10952] bridge_slave_1: left promiscuous mode [ 467.490219][T10952] bridge0: port 2(bridge_slave_1) entered disabled state [ 467.537359][T10952] bond0: (slave bond_slave_0): Releasing backup interface [ 467.607063][T10952] bond0: (slave bond_slave_1): Releasing backup interface [ 467.699786][T10952] team0: Port device team_slave_0 removed [ 467.737617][T10952] team0: Port device team_slave_1 removed [ 467.774079][T10952] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 467.782197][T10952] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 467.819239][T10952] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 467.852856][T10952] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 467.889082][T10953] netlink: 'syz.5.1492': attribute type 10 has an invalid length. [ 467.900712][T10953] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1492'. [ 467.953709][T10953] team0: entered promiscuous mode [ 467.958876][T10953] team0: entered allmulticast mode [ 467.995243][T10953] bridge0: port 1(team0) entered blocking state [ 468.001810][T10953] bridge0: port 1(team0) entered disabled state [ 468.056387][T10953] bridge0: port 1(team0) entered blocking state [ 468.062941][T10953] bridge0: port 1(team0) entered forwarding state [ 468.219871][T10687] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 468.855979][ T7541] bridge0: port 1(team0) entered disabled state [ 469.050402][T10687] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 469.169805][T10961] loop5: detected capacity change from 0 to 2048 [ 469.301775][T10687] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.362753][T10687] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.490388][T10687] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.605361][T10687] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 470.651882][ T5781] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 470.665522][ T5781] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 470.677851][ T5781] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 470.689204][ T5781] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 470.697798][ T5781] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 470.705923][ T5781] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 471.015922][T10965] lo speed is unknown, defaulting to 1000 [ 471.107050][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 471.169703][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 471.341100][T10985] netlink: 'syz.5.1499': attribute type 13 has an invalid length. [ 471.521848][T10994] loop4: detected capacity change from 0 to 512 [ 471.691376][T10994] EXT4-fs (loop4): 1 orphan inode deleted [ 471.704585][T10994] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 472.773197][ T5781] Bluetooth: hci1: command tx timeout [ 472.960582][ T7539] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 472.983560][ T11] IPVS: stop unused estimator thread 0... [ 473.032637][ T7539] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 473.915571][T10965] chnl_net:caif_netlink_parms(): no params data found [ 473.993906][ T8637] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 474.451302][T10965] bridge0: port 1(bridge_slave_0) entered blocking state [ 474.477836][T10965] bridge0: port 1(bridge_slave_0) entered disabled state [ 474.489956][T10965] bridge_slave_0: entered allmulticast mode [ 474.536208][T10965] bridge_slave_0: entered promiscuous mode [ 474.652323][T11023] loop6: detected capacity change from 0 to 256 [ 474.669082][T11023] exfat: Deprecated parameter 'utf8' [ 474.712733][T11023] exfat: Deprecated parameter 'namecase' [ 474.730293][T11023] exfat: Deprecated parameter 'namecase' [ 474.752817][T11023] exfat: Deprecated parameter 'utf8' [ 474.852879][ T5781] Bluetooth: hci1: command tx timeout [ 474.950146][T11023] exFAT-fs (loop6): failed to load upcase table (idx : 0x00012153, chksum : 0x6a70c931, utbl_chksum : 0xe619d30d) [ 475.047103][T11030] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1503'. [ 475.376110][T10965] bridge0: port 2(bridge_slave_1) entered blocking state [ 475.591137][T10965] bridge0: port 2(bridge_slave_1) entered disabled state [ 475.631686][ T28] kauditd_printk_skb: 53 callbacks suppressed [ 475.631707][ T28] audit: type=1800 audit(2000000611.968:385): pid=11023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1504" name="file1" dev="loop6" ino=1048634 res=0 errno=0 [ 475.668853][T10965] bridge_slave_1: entered allmulticast mode [ 476.604002][T10965] bridge_slave_1: entered promiscuous mode [ 476.818634][T11043] damon-dbgfs: DAMON debugfs interface is deprecated, so users should move to DAMON_SYSFS. If you cannot, please report your usecase to damon@lists.linux.dev and linux-mm@kvack.org. [ 476.944513][ T5781] Bluetooth: hci1: command tx timeout [ 477.108803][T10965] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 477.175529][T10965] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 477.366395][T10965] team0: Port device team_slave_0 added [ 477.387962][T10965] team0: Port device team_slave_1 added [ 477.511032][T10965] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 477.540190][T10965] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 477.639601][T10965] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 477.730964][T10965] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 477.753706][T10965] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 477.808026][T10965] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 478.181579][T10965] hsr_slave_0: entered promiscuous mode [ 478.200250][T10965] hsr_slave_1: entered promiscuous mode [ 478.216932][T10965] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 478.231358][T10965] Cannot create hsr debugfs directory [ 478.272072][T11062] lo: Caught tx_queue_len zero misconfig [ 478.286627][T11062] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 478.916580][T11067] netlink: 64 bytes leftover after parsing attributes in process `syz.6.1514'. [ 478.930141][ T11] ip6gretap0 (unregistering): left promiscuous mode [ 479.017256][T11071] UBIFS error (pid: 11071): cannot open "./file0", error -22 [ 479.025558][ T5781] Bluetooth: hci1: command tx timeout [ 480.795184][ T11] bond3: (slave ip6gretap1): Releasing active interface [ 480.818996][ T11] ip6gretap1 (unregistering): left allmulticast mode [ 482.044863][T11088] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1519'. [ 482.828135][T11096] loop6: detected capacity change from 0 to 32768 [ 482.852213][T11096] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 scanned by syz.6.1521 (11096) [ 483.131153][ T11] bond4: (slave gretap1): Releasing backup interface [ 483.159497][T11096] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 483.194630][T11096] BTRFS info (device loop6): using crc32c (crc32c-intel) checksum algorithm [ 483.218178][T11096] BTRFS info (device loop6): setting nodatasum [ 483.249924][T11096] BTRFS info (device loop6): force zlib compression, level 3 [ 483.288969][T11096] BTRFS info (device loop6): setting incompat feature flag for COMPRESS_LZO (0x8) [ 483.312624][T11096] BTRFS info (device loop6): use lzo compression, level 0 [ 483.319872][T11096] BTRFS info (device loop6): turning on flush-on-commit [ 483.376994][T11096] BTRFS info (device loop6): enabling auto defrag [ 483.399979][T11096] BTRFS info (device loop6): max_inline at 4096 [ 483.442754][T11096] BTRFS info (device loop6): using free space tree [ 483.856609][T11133] loop5: detected capacity change from 0 to 512 [ 484.241472][T11096] BTRFS info (device loop6): enabling ssd optimizations [ 485.163041][ T5863] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 485.325175][T10687] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 485.370150][ T11] bond0: (slave wlan1): Releasing backup interface [ 485.484771][ T5863] usb 5-1: Using ep0 maxpacket: 8 [ 485.519255][ T5863] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 485.543188][ T5863] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 485.618928][ T5863] usb 5-1: Product: syz [ 485.633655][ T5863] usb 5-1: Manufacturer: syz [ 485.658918][ T5863] usb 5-1: SerialNumber: syz [ 485.730871][ T5863] usb 5-1: config 0 descriptor?? [ 486.129568][ T5863] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 486.182467][ T11] hsr_slave_0: left promiscuous mode [ 486.203317][ T11] hsr_slave_1: left promiscuous mode [ 486.345726][ T5812] infiniband syz2: ib_query_port failed (-19) [ 486.592909][ T968] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 486.794735][ T968] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 486.812701][ T968] usb 6-1: config 220 has 1 interface, different from the descriptor's value: 3 [ 486.844572][ T968] usb 6-1: config 220 interface 0 has no altsetting 0 [ 486.857765][ T968] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 486.872617][ T968] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 486.891115][ T968] usb 6-1: Product: syz [ 486.910999][ T968] usb 6-1: Manufacturer: syz [ 486.921070][ T968] usb 6-1: SerialNumber: syz [ 487.009936][ T11] bond4 (unregistering): (slave bond5): Releasing backup interface [ 487.044941][ T11] bond5 (unregistering): Released all slaves [ 487.084628][ T11] bond4 (unregistering): Released all slaves [ 487.265542][ T968] usb 6-1: Found UVC 0.00 device syz (8086:0b07) [ 487.273570][ T968] usb 6-1: No valid video chain found. [ 487.288997][ T968] usb 6-1: USB disconnect, device number 3 [ 487.593618][ T5863] dvb_usb_rtl28xxu: probe of 5-1:0.0 failed with error -71 [ 487.604935][ T11] bond3 (unregistering): Released all slaves [ 487.622985][ T5863] usb 5-1: USB disconnect, device number 5 [ 487.833055][ T11] bond2 (unregistering): Released all slaves [ 488.090157][T11153] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1527'. [ 489.105705][ T11] bond1 (unregistering): Released all slaves [ 489.252995][ T5781] Bluetooth: hci4: command tx timeout [ 491.190383][ T11] bond0 (unregistering): Released all slaves [ 492.830705][T10965] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 492.851641][T10965] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 492.878340][T10965] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 492.901503][T10965] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 493.406868][T11179] syzkaller0: entered promiscuous mode [ 493.476658][T11179] syzkaller0: entered allmulticast mode [ 494.307696][T10965] 8021q: adding VLAN 0 to HW filter on device bond0 [ 494.381379][T10965] 8021q: adding VLAN 0 to HW filter on device team0 [ 494.498270][ T7539] bridge0: port 1(bridge_slave_0) entered blocking state [ 494.505690][ T7539] bridge0: port 1(bridge_slave_0) entered forwarding state [ 494.525051][ T7539] bridge0: port 2(bridge_slave_1) entered blocking state [ 494.532243][ T7539] bridge0: port 2(bridge_slave_1) entered forwarding state [ 495.733241][ T968] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 495.824076][T11213] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1541'. [ 495.964247][ T968] usb 7-1: not running at top speed; connect to a high speed hub [ 496.006030][ T968] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 1056, setting to 1023 [ 496.033634][ T968] usb 7-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 252, changing to 4 [ 496.092267][ T968] usb 7-1: New USB device found, idVendor=0bda, idProduct=4014, bcdDevice= 0.40 [ 496.112356][ T968] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.171550][ T968] usb 7-1: Product: syz [ 496.189616][ T968] usb 7-1: Manufacturer: syz [ 496.228204][ T968] usb 7-1: SerialNumber: syz [ 496.276188][ T968] usb 7-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 496.489834][ T968] usb 7-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 496.500989][ T968] usb 7-1: unit 130 not found! [ 496.552296][T10965] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 496.683743][ T968] usb 7-1: USB disconnect, device number 2 [ 496.781165][T10965] veth0_vlan: entered promiscuous mode [ 496.865098][T10965] veth1_vlan: entered promiscuous mode [ 496.884608][ T6726] udevd[6726]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 497.055166][T10965] veth0_macvtap: entered promiscuous mode [ 497.081789][T10965] veth1_macvtap: entered promiscuous mode [ 497.192400][T10965] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 497.220108][T10965] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 497.232802][T10965] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 497.260642][T10965] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 497.292247][T10965] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 497.401424][T10965] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 497.458994][T10965] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 497.480309][T10965] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 497.517388][T10965] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 497.570116][T10965] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 497.887553][ T7561] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 497.927336][ T7561] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 498.041830][ T3504] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 498.097074][ T3504] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 498.884092][T11241] xt_socket: unknown flags 0x50 [ 501.088844][T11252] syzkaller0: entered promiscuous mode [ 501.116654][T11252] syzkaller0: entered allmulticast mode [ 502.395303][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.442827][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.847907][T11264] tipc: Enabling of bearer rejected, failed to enable media [ 510.078476][T11323] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 510.283754][T11323] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 512.538804][ T52] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 512.552858][ T52] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 512.562960][ T52] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 512.573083][ T52] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 512.582449][ T52] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 512.590043][ T52] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 512.953469][T11352] netlink: 'syz.6.1569': attribute type 9 has an invalid length. [ 514.047958][T11356] loop4: detected capacity change from 0 to 256 [ 514.089398][T11356] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 514.130733][T11356] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 514.256544][T11356] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 514.508280][T11363] loop6: detected capacity change from 0 to 16 [ 514.560255][T11363] erofs: (device loop6): mounted with root inode @ nid 36. [ 514.764431][T11363] sch_fq: defrate 0 ignored. [ 514.782819][ T52] Bluetooth: hci3: command tx timeout [ 515.018136][T11345] chnl_net:caif_netlink_parms(): no params data found [ 516.702380][T11376] loop6: detected capacity change from 0 to 764 [ 516.891218][T11376] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 516.900511][ T52] Bluetooth: hci3: command tx timeout [ 517.676665][T11345] bridge0: port 1(bridge_slave_0) entered blocking state [ 517.703075][T11345] bridge0: port 1(bridge_slave_0) entered disabled state [ 517.710586][T11345] bridge_slave_0: entered allmulticast mode [ 517.822777][T11345] bridge_slave_0: entered promiscuous mode [ 517.885131][T11376] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 518.064174][T11385] sch_tbf: burst 6281 is lower than device lo mtu (65550) ! [ 518.233535][T11345] bridge0: port 2(bridge_slave_1) entered blocking state [ 518.240874][T11345] bridge0: port 2(bridge_slave_1) entered disabled state [ 518.289528][T11345] bridge_slave_1: entered allmulticast mode [ 518.312180][T11345] bridge_slave_1: entered promiscuous mode [ 518.596866][T11345] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 518.767242][T11345] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 518.932730][ T52] Bluetooth: hci3: command tx timeout [ 519.078828][T11345] team0: Port device team_slave_0 added [ 519.126366][T11345] team0: Port device team_slave_1 added [ 520.572331][T11205] Set syz1 is full, maxelem 65536 reached [ 521.475641][ T52] Bluetooth: hci3: command tx timeout [ 521.744279][T11345] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 521.772348][T11345] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 522.774508][T11345] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 522.826708][T11345] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 522.862776][T11345] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 522.935067][T11345] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 522.969543][T11423] syzkaller0: entered promiscuous mode [ 522.975718][T11423] syzkaller0: entered allmulticast mode [ 523.322766][ T968] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 523.514973][ T968] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 523.733461][ T968] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 523.754190][T11345] hsr_slave_0: entered promiscuous mode [ 523.760085][ T968] usb 3-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=90.0a [ 523.771175][ T968] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 523.789535][T11345] hsr_slave_1: entered promiscuous mode [ 524.121998][T11345] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 525.824219][T11345] Cannot create hsr debugfs directory [ 525.852652][ T968] usb 3-1: config 0 descriptor?? [ 526.085380][ T6190] usb 3-1: USB disconnect, device number 7 [ 526.233546][ T60] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 527.224816][T11457] IPv6: NLM_F_REPLACE set, but no existing node found! [ 528.160361][T11469] loop6: detected capacity change from 0 to 1024 [ 528.226883][T11468] hfsplus: found bad thread record in catalog [ 528.302946][ T968] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 528.391900][ T60] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 528.501243][ T985] hfsplus: b-tree write err: -5, ino 25 [ 528.534517][ T985] hfsplus: b-tree write err: -5, ino 4 [ 528.543083][ T968] usb 5-1: unable to get BOS descriptor or descriptor too short [ 528.572930][ T985] hfsplus: b-tree write err: -5, ino 2 [ 528.584612][ T968] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 528.592287][ T968] usb 5-1: can't read configurations, error -71 [ 528.696985][ T60] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 529.049700][ T60] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 529.409584][T11480] netlink: zone id is out of range [ 529.435577][T11480] netlink: zone id is out of range [ 529.452850][T11480] netlink: zone id is out of range [ 529.483477][T11480] netlink: zone id is out of range [ 529.509489][T11480] netlink: zone id is out of range [ 529.538882][T11480] netlink: zone id is out of range [ 529.552739][T11480] netlink: zone id is out of range [ 529.575640][T11480] netlink: zone id is out of range [ 529.589707][T11480] netlink: zone id is out of range [ 529.712873][T11480] netlink: zone id is out of range [ 529.718852][T11345] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 529.877598][T11345] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 529.888587][T11345] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 529.913682][T11345] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 531.504533][T11495] loop6: detected capacity change from 0 to 40427 [ 531.916797][T11495] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12 [ 531.924986][T11495] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 532.154908][T11495] F2FS-fs (loop6): invalid crc value [ 532.184888][T11495] F2FS-fs (loop6): Found nat_bits in checkpoint [ 532.472689][T11495] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0 [ 532.479942][T11495] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 532.926081][T10687] F2FS-fs (loop6): invalid namelen(0), ino:0, run fsck to fix. [ 532.958846][T10687] F2FS-fs (loop6): invalid namelen(0), ino:0, run fsck to fix. [ 532.992758][T10687] F2FS-fs (loop6): invalid namelen(0), ino:0, run fsck to fix. [ 533.000405][T10687] F2FS-fs (loop6): invalid namelen(0), ino:0, run fsck to fix. [ 533.099936][T11514] IPv6: NLM_F_REPLACE set, but no existing node found! [ 533.147750][T10687] F2FS-fs (loop6): invalid namelen(0), ino:0, run fsck to fix. [ 533.156260][T10687] F2FS-fs (loop6): invalid namelen(0), ino:0, run fsck to fix. [ 533.167674][T10687] F2FS-fs (loop6): invalid namelen(0), ino:0, run fsck to fix. [ 533.827191][T11518] loop2: detected capacity change from 0 to 764 [ 533.865810][T11345] 8021q: adding VLAN 0 to HW filter on device bond0 [ 533.883854][T11518] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 534.128479][T11518] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 534.813699][T11522] sch_tbf: burst 6281 is lower than device lo mtu (65550) ! [ 534.964934][T11345] 8021q: adding VLAN 0 to HW filter on device team0 [ 535.212009][ T7539] bridge0: port 1(bridge_slave_0) entered blocking state [ 535.219418][ T7539] bridge0: port 1(bridge_slave_0) entered forwarding state [ 536.428807][ T985] bridge0: port 2(bridge_slave_1) entered blocking state [ 536.436203][ T985] bridge0: port 2(bridge_slave_1) entered forwarding state [ 537.591550][T11345] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 537.741274][ C0] vkms_vblank_simulate: vblank timer overrun [ 539.028433][ T60] hsr_slave_0: left promiscuous mode [ 539.069550][ T60] hsr_slave_1: left promiscuous mode [ 539.159878][ T60] bridge0: port 1(team0) entered disabled state [ 539.294454][ T60] veth1_macvtap: left promiscuous mode [ 539.300310][ T60] veth0_macvtap: left promiscuous mode [ 539.321847][ T60] veth1_vlan: left promiscuous mode [ 539.329931][ T60] veth0_vlan: left promiscuous mode [ 539.400835][T11576] loop2: detected capacity change from 0 to 2048 [ 539.469376][T11576] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 539.621546][ T5781] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 539.642113][ T5781] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 539.664188][T11580] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1229: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 539.686627][ T5781] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 539.709563][ T5781] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 539.723422][ T5781] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 539.735932][ T5781] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 540.173485][ C0] vkms_vblank_simulate: vblank timer overrun [ 540.233935][T10965] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 540.259866][ C0] vkms_vblank_simulate: vblank timer overrun [ 540.327467][ C0] vkms_vblank_simulate: vblank timer overrun [ 541.659254][ C0] vkms_vblank_simulate: vblank timer overrun [ 542.977348][ T52] Bluetooth: hci0: command tx timeout [ 544.441772][ T60] bond0 (unregistering): Released all slaves [ 544.612207][T11572] netlink: 'syz.4.1612': attribute type 1 has an invalid length. [ 544.624194][T11572] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR [ 544.702330][T11345] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 545.012802][ T52] Bluetooth: hci0: command tx timeout [ 545.320166][T11619] loop4: detected capacity change from 0 to 512 [ 545.329598][T11619] EXT4-fs: Ignoring removed orlov option [ 545.373196][T11619] EXT4-fs: Ignoring removed mblk_io_submit option [ 545.379806][T11619] ext4: Unknown parameter 'obj_user' [ 545.428657][T11581] chnl_net:caif_netlink_parms(): no params data found [ 546.758194][T11581] bridge0: port 1(bridge_slave_0) entered blocking state [ 546.828592][T11581] bridge0: port 1(bridge_slave_0) entered disabled state [ 546.869503][T11581] bridge_slave_0: entered allmulticast mode [ 546.891190][T11581] bridge_slave_0: entered promiscuous mode [ 546.950910][T11581] bridge0: port 2(bridge_slave_1) entered blocking state [ 546.986674][T11581] bridge0: port 2(bridge_slave_1) entered disabled state [ 547.019541][T11581] bridge_slave_1: entered allmulticast mode [ 547.044348][T11581] bridge_slave_1: entered promiscuous mode [ 547.075998][T11633] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1621'. [ 547.092716][ T52] Bluetooth: hci0: command tx timeout [ 547.903078][T11635] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1621'. [ 547.952809][T11635] veth3: entered promiscuous mode [ 547.957962][T11635] veth3: entered allmulticast mode [ 548.806084][T11581] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 549.001861][T11581] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 549.173312][ T52] Bluetooth: hci0: command tx timeout [ 549.233671][T11345] veth0_vlan: entered promiscuous mode [ 549.447164][T11581] team0: Port device team_slave_0 added [ 549.637707][T11581] team0: Port device team_slave_1 added [ 549.699927][T11345] veth1_vlan: entered promiscuous mode [ 550.119647][T11581] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 550.169421][T11581] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 550.257189][T11581] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 550.325043][T11581] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 550.353630][T11581] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 550.401945][T11581] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 550.556282][ T60] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.193761][ T60] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.251468][T11581] hsr_slave_0: entered promiscuous mode [ 551.273182][T11581] hsr_slave_1: entered promiscuous mode [ 551.279875][T11581] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 551.292156][T11581] Cannot create hsr debugfs directory [ 551.530898][ T60] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.637335][T11345] veth0_macvtap: entered promiscuous mode [ 552.002199][ T60] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 552.477763][T11345] veth1_macvtap: entered promiscuous mode [ 552.600494][T11345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 552.632077][T11345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 552.652436][T11345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 552.694249][T11345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 552.715125][T11345] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 552.726345][T11345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 552.738493][T11345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 552.748776][T11345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 552.761814][T11345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 552.797260][T11345] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 552.894889][T11345] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 552.922616][T11345] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 552.937650][T11345] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 552.956884][T11345] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 553.441306][T11698] loop2: detected capacity change from 0 to 256 [ 553.981460][ T7541] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 554.006554][ T7541] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 554.387786][T11709] loop2: detected capacity change from 0 to 128 [ 554.483278][ T6726] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 554.524069][T11707] 9pnet: p9_errstr2errno: server reported unknown error Àñ'IÓ$íÛ·=¼¼ [ 554.627294][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 554.637638][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 554.674269][T11581] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 554.859522][T11581] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 554.883716][T11581] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 554.895104][T11712] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1634'. [ 555.098015][T11581] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 555.203923][T11718] Bluetooth: MGMT ver 1.22 [ 555.222261][T11712] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1634'. [ 555.233129][T11718] Bluetooth: hci0: invalid length 0, exp 2 for type 10 [ 556.602661][T11728] bad cache= option: no%e [ 556.602661][T11728] [ 556.610192][T11728] CIFS: VFS: bad cache= option: no%e [ 557.849159][T11732] loop2: detected capacity change from 0 to 512 [ 557.862514][ C0] vkms_vblank_simulate: vblank timer overrun [ 557.920418][T11732] Quota error (device loop2): v2_read_file_info: Free block number 1 out of range (1, 6). [ 557.956213][T11732] EXT4-fs warning (device loop2): ext4_enable_quotas:7184: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 557.981183][T11732] EXT4-fs (loop2): mount failed [ 558.905549][ C0] vkms_vblank_simulate: vblank timer overrun [ 560.338274][T11581] 8021q: adding VLAN 0 to HW filter on device bond0 [ 561.352611][ T60] hsr_slave_0: left promiscuous mode [ 561.427738][ T60] hsr_slave_1: left promiscuous mode [ 561.523103][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 561.533429][ T60] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 561.670262][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 561.723862][ T60] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 561.828134][ T60] bridge_slave_1: left allmulticast mode [ 561.843093][ T60] bridge_slave_1: left promiscuous mode [ 561.849008][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 562.260150][ T60] bridge_slave_0: left allmulticast mode [ 562.445574][ T60] bridge_slave_0: left promiscuous mode [ 562.451540][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 562.701364][ T60] veth1_macvtap: left promiscuous mode [ 562.716620][ T60] veth0_macvtap: left promiscuous mode [ 562.728665][ T60] veth1_vlan: left promiscuous mode [ 562.734505][ T60] veth0_vlan: left promiscuous mode [ 563.863335][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.869857][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.257361][T11793] loop7: detected capacity change from 0 to 128 [ 564.576663][T11793] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 564.614284][T11793] ext4 filesystem being mounted at /4/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 565.047909][T11345] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 570.270294][ T60] team0 (unregistering): Port device team_slave_1 removed [ 570.388204][ T60] team0 (unregistering): Port device team_slave_0 removed [ 570.553006][ T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 570.731852][ T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 570.944079][T11834] loop2: detected capacity change from 0 to 1024 [ 570.952267][T11834] EXT4-fs: Ignoring removed orlov option [ 571.002658][T11834] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 572.286467][T10965] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 572.711190][ T60] bond0 (unregistering): Released all slaves [ 573.376920][T11581] 8021q: adding VLAN 0 to HW filter on device team0 [ 573.492436][ T7539] bridge0: port 1(bridge_slave_0) entered blocking state [ 573.499809][ T7539] bridge0: port 1(bridge_slave_0) entered forwarding state [ 574.115671][ T7541] bridge0: port 2(bridge_slave_1) entered blocking state [ 574.122953][ T7541] bridge0: port 2(bridge_slave_1) entered forwarding state [ 574.294852][T11581] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 574.320595][T11581] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 574.478643][T11848] syzkaller0: entered promiscuous mode [ 574.495565][T11848] syzkaller0: entered allmulticast mode [ 574.544254][T11848] tipc: Started in network mode [ 574.549227][T11848] tipc: Node identity 06bbe8079317, cluster identity 4711 [ 574.589579][T11848] tipc: Enabled bearer , priority 0 [ 574.620255][T11847] tipc: Resetting bearer [ 574.756903][T11847] tipc: Disabling bearer [ 574.826458][T11581] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 575.277088][T11581] veth0_vlan: entered promiscuous mode [ 575.306398][T11581] veth1_vlan: entered promiscuous mode [ 575.381666][T11581] veth0_macvtap: entered promiscuous mode [ 575.395836][T11581] veth1_macvtap: entered promiscuous mode [ 575.445507][T11581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 575.464598][T11581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 575.477264][T11581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 575.490460][T11581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 575.503600][T11581] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 575.522309][T11581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 575.533519][T11581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 575.544929][T11581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 575.556133][T11581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 575.568623][T11581] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 575.587002][T11581] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 575.596109][T11581] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 575.605693][T11581] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 575.614553][T11581] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 575.744978][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 575.763582][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 575.821480][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 575.843513][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 576.333403][T11892] netlink: 136 bytes leftover after parsing attributes in process `syz.4.1674'. [ 580.456760][ T23] IPVS: starting estimator thread 0... [ 580.543913][T11940] netlink: 132 bytes leftover after parsing attributes in process `syz.7.1677'. [ 580.553783][T11939] IPVS: using max 20 ests per chain, 48000 per kthread [ 580.646399][T11942] loop2: detected capacity change from 0 to 256 [ 580.729309][T11942] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 580.802906][T11942] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 580.891922][T11942] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 581.431117][T11957] input: syz1 as /devices/virtual/input/input9 [ 585.337418][T11986] loop4: detected capacity change from 0 to 1024 [ 585.364940][T11986] EXT4-fs: Ignoring removed orlov option [ 585.464546][T11986] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 586.690591][ T8637] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 586.742419][T11998] loop2: detected capacity change from 0 to 128 [ 586.761420][T11998] FAT-fs (loop2): Unrecognized mount option "18446744073709551615ÿÿÿ" or missing value [ 588.436249][T12012] netlink: 'syz.4.1693': attribute type 5 has an invalid length. [ 588.762811][ T6191] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 588.958792][ T6191] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 589.000143][ T6191] usb 9-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 589.042621][ T6191] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 589.085225][ T6191] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 589.142608][ T6191] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 589.203008][ T6191] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 589.212331][ T6191] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 589.261558][ T6191] usb 9-1: Product: syz [ 589.283812][ T6191] usb 9-1: Manufacturer: syz [ 589.324406][ T6191] cdc_wdm 9-1:1.0: skipping garbage [ 589.329772][ T6191] cdc_wdm 9-1:1.0: skipping garbage [ 589.438472][ T6191] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device [ 589.483346][ T6191] cdc_wdm 9-1:1.0: Unknown control protocol [ 589.634582][T12041] bond_slave_1: entered promiscuous mode [ 589.713054][T12041] bond_slave_1: left promiscuous mode [ 589.842004][ T5830] usb 9-1: USB disconnect, device number 2 [ 590.833910][T12054] loop2: detected capacity change from 0 to 2048 [ 591.036081][T12061] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 592.025394][T12054] debugfs: Directory 'netdev:nicvf0' with parent 'phy17' already present! [ 594.784438][T12108] loop4: detected capacity change from 0 to 128 [ 594.801776][T12108] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 595.054846][T12108] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 595.101854][T12108] ext2 filesystem being mounted at /217/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 596.408702][ T8637] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 596.641010][ T5781] Bluetooth: hci1: command 0x0406 tx timeout [ 596.899500][T12130] loop4: detected capacity change from 0 to 2048 [ 597.073420][T12141] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 597.242696][T12130] debugfs: Directory 'netdev:nicvf0' with parent 'phy11' already present! [ 604.171801][T12191] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 604.190558][T12191] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 604.232983][T12191] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 605.612258][T12208] netlink: 'syz.7.1728': attribute type 1 has an invalid length. [ 608.394742][T12245] x_tables: duplicate entry at hook 3 [ 608.482436][T12246] netlink: 'syz.4.1735': attribute type 16 has an invalid length. [ 608.830621][T12246] netlink: 'syz.4.1735': attribute type 17 has an invalid length. [ 611.553579][T12246] tipc: Resetting bearer [ 611.559742][T12246] tipc: Resetting bearer [ 611.611085][T12246] net_ratelimit: 23 callbacks suppressed [ 611.611095][T12246] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 611.704113][T12267] netlink: 'syz.7.1742': attribute type 2 has an invalid length. [ 611.774400][T12266] netlink: 'syz.7.1742': attribute type 2 has an invalid length. [ 613.377833][T12288] xt_TCPMSS: Only works on TCP SYN packets [ 614.883814][T12309] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1752'. [ 616.231996][T12329] binder_alloc: 12328: pid 12328 spamming oneway? 2 buffers allocated for a total size of 5120 [ 616.774087][T12338] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1759'. [ 618.281688][T12354] netlink: 'syz.4.1763': attribute type 1 has an invalid length. [ 618.510318][T12354] 8021q: adding VLAN 0 to HW filter on device bond6 [ 618.715590][T12361] bond6: (slave geneve2): making interface the new active one [ 618.898264][T12361] bond6: (slave geneve2): Enslaving as an active interface with an up link [ 619.025961][T12368] tipc: Enabling of bearer rejected, failed to enable media [ 621.410834][T12399] loop8: detected capacity change from 0 to 32768 [ 621.503231][T12399] XFS (loop8): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 621.772381][T12399] XFS (loop8): Ending clean mount [ 621.798264][T12399] XFS (loop8): Quotacheck needed: Please wait. [ 621.997865][T12399] XFS (loop8): Quotacheck: Done. [ 622.801487][T11581] XFS (loop8): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 623.003753][T12416] syzkaller0: entered promiscuous mode [ 623.009357][T12416] syzkaller0: entered allmulticast mode [ 623.038847][T12418] netlink: 'syz.7.1774': attribute type 10 has an invalid length. [ 623.051942][T12418] netlink: 40 bytes leftover after parsing attributes in process `syz.7.1774'. [ 623.178185][T12418] team0: Port device geneve0 added [ 623.635663][T12430] syzkaller0: entered promiscuous mode [ 623.641241][T12430] syzkaller0: entered allmulticast mode [ 623.776256][T12430] tipc: Started in network mode [ 623.781247][T12430] tipc: Node identity 8af6644f4079, cluster identity 4711 [ 623.792792][T12430] tipc: Enabled bearer , priority 0 [ 623.803791][T12429] tipc: Resetting bearer [ 624.474943][T12429] tipc: Disabling bearer [ 625.265315][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 625.271917][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.990427][T12451] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(6) [ 625.997702][T12451] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 626.010365][T12451] vhci_hcd vhci_hcd.0: Device attached [ 626.382811][ T6191] usb 49-1: new low-speed USB device number 2 using vhci_hcd [ 626.931083][T12452] vhci_hcd: connection reset by peer [ 627.231320][ T985] vhci_hcd: stop threads [ 627.375577][ T985] vhci_hcd: release socket [ 627.417215][ T985] vhci_hcd: disconnect device [ 627.471821][T12457] netlink: 'syz.4.1782': attribute type 2 has an invalid length. [ 627.561154][T12457] netlink: 'syz.4.1782': attribute type 2 has an invalid length. [ 627.949303][T12467] loop2: detected capacity change from 0 to 32768 [ 628.077665][T12467] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 628.228797][T12467] XFS (loop2): Ending clean mount [ 628.272773][T12467] XFS (loop2): Quotacheck needed: Please wait. [ 630.366309][T12467] XFS (loop2): Quotacheck: Done. [ 631.698189][T10965] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 632.002667][ T6191] vhci_hcd: vhci_device speed not set [ 632.166684][T12518] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1796'. [ 632.199240][T12520] vlan2: entered allmulticast mode [ 632.204818][T12520] bridge1: entered allmulticast mode [ 632.222006][T12521] netlink: 52 bytes leftover after parsing attributes in process `syz.8.1795'. [ 632.783341][T12518] bridge1: port 1(erspan0) entered blocking state [ 632.816121][T12518] bridge1: port 1(erspan0) entered disabled state [ 632.843880][T12518] erspan0: entered allmulticast mode [ 632.893996][T12518] erspan0: entered promiscuous mode [ 632.922386][T12518] bridge1: port 1(erspan0) entered blocking state [ 632.929241][T12518] bridge1: port 1(erspan0) entered forwarding state [ 633.385478][T12528] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 634.469599][T12542] team0: Failed to send options change via netlink (err -105) [ 634.648291][T12542] team0: Port device bridge0 added [ 634.679353][T12546] tipc: Resetting bearer [ 635.677264][T12546] vlan0: left promiscuous mode [ 635.816382][T12546] vlan2: left promiscuous mode [ 635.852954][T12546] bridge0: left promiscuous mode [ 635.859519][T12546] bond2: left promiscuous mode [ 635.924262][T12546] dummy0: left promiscuous mode [ 635.986382][T12546] veth3: left promiscuous mode [ 636.080613][ T7539] tipc: Resetting bearer [ 636.551303][T12575] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1809'. [ 637.737815][ T52] Bluetooth: hci3: command 0x0406 tx timeout [ 638.070258][T12600] netlink: 'syz.7.1815': attribute type 1 has an invalid length. [ 638.139588][T12600] 8021q: adding VLAN 0 to HW filter on device bond1 [ 638.590963][T12600] bond1: (slave geneve2): making interface the new active one [ 639.148058][T12600] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 640.591574][T12631] ax25_connect(): syz.2.1821 uses autobind, please contact jreuter@yaina.de [ 645.150605][T12675] bridge0: port 2(bridge_slave_1) entered disabled state [ 645.159292][T12675] bridge0: port 1(bridge_slave_0) entered disabled state [ 645.248352][T12675] bridge0: port 2(bridge_slave_1) entered blocking state [ 645.256717][T12675] bridge0: port 2(bridge_slave_1) entered forwarding state [ 645.268452][T12675] bridge0: port 1(bridge_slave_0) entered blocking state [ 645.276054][T12675] bridge0: port 1(bridge_slave_0) entered forwarding state [ 645.449246][T12675] team0: Port device bridge0 added [ 646.097185][T12677] team0: Failed to send port change of device bridge0 via netlink (err -105) [ 646.165682][T12677] bridge0: port 1(bridge_slave_0) entered disabled state [ 646.267233][T12677] bridge0: port 2(bridge_slave_1) entered disabled state [ 651.279236][T12724] ref_ctr going negative. vaddr: 0x200000ffd002, curr val: -30507, delta: 1 [ 651.293114][T12724] ref_ctr increment failed for inode: 0x1ea offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff88803119b900 [ 651.386500][T12705] ref_ctr going negative. vaddr: 0x200000ffd002, curr val: -30507, delta: -1 [ 651.439257][T12705] ref_ctr decrement failed for inode: 0x1ea offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff88803119b900 [ 653.075963][T12749] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1848'. [ 653.102572][T12749] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1848'. [ 653.184420][ T11] Bluetooth: (null): Invalid header checksum [ 653.195426][ T11] Bluetooth: (null): Invalid header checksum [ 653.253871][T12754] netlink: 'syz.4.1848': attribute type 4 has an invalid length. [ 653.262200][T12754] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1848'. [ 653.302072][T12754] .`: renamed from bond0 [ 653.677598][T12764] loop8: detected capacity change from 0 to 2048 [ 653.692164][T12764] UDF-fs: bad mount option "nmæ¨äõÄÆÙ" or missing value [ 661.321020][T12873] loop8: detected capacity change from 0 to 512 [ 661.363647][T12873] EXT4-fs: Ignoring removed i_version option [ 661.442937][T12873] EXT4-fs (loop8): 1 truncate cleaned up [ 661.481239][T12873] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 662.209006][T11581] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 662.620942][T12890] netlink: 'syz.8.1871': attribute type 1 has an invalid length. [ 663.179361][ T52] Bluetooth: hci0: command 0x0406 tx timeout [ 663.523378][T12913] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1875'. [ 663.650821][T12913] vlan2: entered allmulticast mode [ 663.702346][T12913] bridge1: entered allmulticast mode [ 663.774979][T12913] bridge1: port 1(erspan0) entered blocking state [ 663.783978][T12913] bridge1: port 1(erspan0) entered disabled state [ 663.824126][T12913] erspan0: entered allmulticast mode [ 663.847294][T12913] erspan0: entered promiscuous mode [ 666.163435][ T28] audit: type=1326 audit(2000001314.474:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12953 comm="syz.2.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f308dd9c799 code=0x7ffc0000 [ 666.757994][ T28] audit: type=1326 audit(2000001314.484:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12953 comm="syz.2.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f308dd9c799 code=0x7ffc0000 [ 667.460761][ T28] audit: type=1326 audit(2000001314.484:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12953 comm="syz.2.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=255 compat=0 ip=0x7f308dd9c799 code=0x7ffc0000 [ 667.559222][ T28] audit: type=1326 audit(2000001314.494:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12953 comm="syz.2.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f308dd9c799 code=0x7ffc0000 [ 667.582611][ T28] audit: type=1326 audit(2000001314.494:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12953 comm="syz.2.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f308dd9c799 code=0x7ffc0000 [ 668.528779][T12946] loop8: detected capacity change from 0 to 164 [ 674.346187][T13009] netlink: 'syz.4.1903': attribute type 1 has an invalid length. [ 675.220068][T13009] 8021q: adding VLAN 0 to HW filter on device bond0 [ 675.309669][T13018] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1903'. [ 675.385812][T13018] bond0: entered promiscuous mode [ 675.610857][T13009] bond2: (slave dummy0): Releasing active interface [ 675.661957][T13009] dummy0: left allmulticast mode [ 675.699296][T13009] bond0: (slave dummy0): making interface the new active one [ 675.742909][T13009] dummy0: entered promiscuous mode [ 675.813835][ T52] Bluetooth: hci3: command 0x0406 tx timeout [ 675.835157][T13009] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 678.053158][ T28] audit: type=1326 audit(2000001325.464:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13035 comm="syz.8.1900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe94d19c799 code=0x7ffc0000 [ 678.219476][ T28] audit: type=1326 audit(2000001325.464:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13035 comm="syz.8.1900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe94d19c799 code=0x7ffc0000 [ 678.408336][ T28] audit: type=1326 audit(2000001325.604:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13035 comm="syz.8.1900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fe94d19c799 code=0x7ffc0000 [ 679.455795][ T28] audit: type=1326 audit(2000001325.604:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13035 comm="syz.8.1900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe94d19c799 code=0x7ffc0000 [ 679.581018][ T28] audit: type=1326 audit(2000001325.604:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13035 comm="syz.8.1900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe94d19c799 code=0x7ffc0000 [ 679.722735][ T28] audit: type=1326 audit(2000001325.634:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13035 comm="syz.8.1900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7fe94d19c799 code=0x7ffc0000 [ 679.788741][ T28] audit: type=1326 audit(2000001325.634:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13035 comm="syz.8.1900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe94d19c799 code=0x7ffc0000 [ 679.819626][ T28] audit: type=1326 audit(2000001325.634:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13035 comm="syz.8.1900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe94d19c799 code=0x7ffc0000 [ 679.889917][ T28] audit: type=1326 audit(2000001325.734:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13035 comm="syz.8.1900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7fe94d19c799 code=0x7ffc0000 [ 680.462868][ T28] audit: type=1326 audit(2000001325.734:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13035 comm="syz.8.1900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe94d19c799 code=0x7ffc0000 [ 680.987323][T13070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 681.010889][T13070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 681.030757][T13070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 681.053925][T13070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 681.384580][T13070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 681.460990][T13070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 681.496375][T13070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 681.600517][T13070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 684.770219][T13110] loop8: detected capacity change from 0 to 32768 [ 684.801622][T13110] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop8 scanned by syz.8.1913 (13110) [ 684.840149][T13110] BTRFS info (device loop8): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 684.850594][T13110] BTRFS info (device loop8): using crc32c (crc32c-intel) checksum algorithm [ 684.859707][T13110] BTRFS info (device loop8): enabling disk space caching [ 684.866905][T13110] BTRFS info (device loop8): force clearing of disk cache [ 684.874171][T13110] BTRFS info (device loop8): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 684.884374][T13110] BTRFS info (device loop8): use zstd compression, level 3 [ 684.892320][T13110] BTRFS info (device loop8): disk space caching is enabled [ 685.018610][T13110] BTRFS info (device loop8): enabling ssd optimizations [ 685.025848][T13110] BTRFS info (device loop8): auto enabling async discard [ 685.039518][T13110] BTRFS info (device loop8): rebuilding free space tree [ 685.123015][T13110] BTRFS info (device loop8): disabling free space tree [ 685.131011][T13110] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 685.141931][T13110] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 685.187984][T13134] loop2: detected capacity change from 0 to 1024 [ 685.228100][T13134] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 686.738535][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.762619][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 688.389538][T13147] xt_cluster: node mask cannot exceed total number of nodes [ 688.571668][T11581] BTRFS info (device loop8): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 688.831561][T13153] batman_adv: batadv0: Adding interface: dummy0 [ 688.838152][T13153] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 688.864286][T13153] batman_adv: batadv0: Interface activated: dummy0 [ 689.944185][T13158] batadv0: mtu less than device minimum [ 689.954240][T13158] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 689.968819][T13158] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 689.981727][T13158] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 689.994373][T13158] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 690.007578][T13158] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 690.021190][T13158] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 690.033942][T13158] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 690.047161][T13158] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 690.060236][T13158] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 691.305133][T13174] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1919'. [ 691.763296][ T5863] usb 3-1: new full-speed USB device number 8 using dummy_hcd [ 691.789549][T13171] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 691.952410][T13191] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1926'. [ 692.102115][T13186] netlink: 'syz.4.1926': attribute type 1 has an invalid length. [ 692.261064][ T5863] usb 3-1: config 0 has no interfaces? [ 692.278174][ T5863] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 692.325407][ T5863] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 692.369104][ T5863] usb 3-1: Product: syz [ 692.383841][ T5863] usb 3-1: Manufacturer: syz [ 692.393038][ T5863] usb 3-1: SerialNumber: syz [ 692.420899][ T5863] usb 3-1: config 0 descriptor?? [ 692.500193][T13187] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 692.537893][T13187] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 692.598184][T13187] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 692.643869][T13187] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 692.688809][T13187] bond7: (slave geneve3): making interface the new active one [ 692.724689][T13187] bond7: (slave geneve3): Enslaving as an active interface with an up link [ 692.757627][ T6190] usb 3-1: USB disconnect, device number 8 [ 692.966063][T13171] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.260335][T13171] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 699.183829][T13171] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 699.423454][T13255] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1940'. [ 699.618792][T13248] bridge1: port 1(erspan0) entered disabled state [ 700.234590][T13248] bridge0: port 2(bridge_slave_1) entered disabled state [ 700.242496][T13248] bridge0: port 1(bridge_slave_0) entered disabled state [ 700.399466][T13248] batman_adv: batadv0: Interface deactivated: dummy0 [ 700.995753][T13248] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 701.074242][T13248] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 704.166016][T13248] netdevsim netdevsim7 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 704.181380][T13248] netdevsim netdevsim7 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 704.203239][T13248] netdevsim netdevsim7 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 704.218328][T13248] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 704.720995][T13171] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 704.748301][T13171] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 704.778017][T13171] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 705.477097][T13171] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 709.228816][T13351] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1960'. [ 709.480708][ T5781] Bluetooth: hci3: unexpected event for opcode 0x0c1c [ 709.552148][T13354] bond1: (slave syz_tun): Enslaving as an active interface with an up link [ 710.015388][T13360] ipt_REJECT: ECHOREPLY no longer supported. [ 710.187463][T13351] bond1 (unregistering): (slave syz_tun): Releasing backup interface [ 710.232012][T13351] bond1 (unregistering): Released all slaves [ 710.347698][T13370] netlink: 'syz.7.1963': attribute type 16 has an invalid length. [ 710.387477][T13370] netlink: 28 bytes leftover after parsing attributes in process `syz.7.1963'. [ 710.689677][T13379] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1965'. [ 710.724937][T13380] tipc: Enabled bearer , priority 10 [ 710.789400][T13380] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1966'. [ 710.866491][T13380] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 710.969796][T13380] tipc: Enabled bearer , priority 10 [ 711.055735][T13385] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1967'. [ 711.992755][ T7636] tipc: Node number set to 3398394959 [ 712.276071][T13397] tmpfs: Bad value for 'nr_blocks' [ 713.493630][ T5781] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 713.507191][ T5781] Bluetooth: hci3: Injecting HCI hardware error event [ 713.524966][ T52] Bluetooth: hci3: hardware error 0x00 [ 715.608693][T13438] tipc: Started in network mode [ 715.614145][ T52] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 715.662681][T13438] tipc: Node identity 7f000001, cluster identity 4711 [ 715.738481][T13438] tipc: Enabled bearer , priority 10 [ 715.801937][T13438] netlink: 104 bytes leftover after parsing attributes in process `syz.8.1977'. [ 715.862618][T13438] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 716.025637][T13438] tipc: Enabled bearer , priority 10 [ 716.339065][T13453] vlan2: entered promiscuous mode [ 716.403335][T13453] vlan2: entered allmulticast mode [ 716.408576][T13453] hsr_slave_1: entered allmulticast mode [ 717.452862][ T5863] tipc: Node number set to 2130706433 [ 718.107455][T13470] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 720.549354][T13470] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 721.158159][T13470] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 721.353299][T13505] netlink: 64 bytes leftover after parsing attributes in process `syz.7.1990'. [ 721.510401][T13470] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 721.602556][T13504] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1989'. [ 721.627757][T13515] loop2: detected capacity change from 0 to 128 [ 721.730427][T13515] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 721.766443][T13515] ext4 filesystem being mounted at /117/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 722.114258][T13470] netdevsim netdevsim8 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 722.133940][T13470] netdevsim netdevsim8 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 722.156708][T13470] netdevsim netdevsim8 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 722.181296][T13470] netdevsim netdevsim8 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 722.384102][T13530] netlink: 'syz.7.1995': attribute type 1 has an invalid length. [ 722.587221][T13530] 8021q: adding VLAN 0 to HW filter on device bond2 [ 722.729157][T13535] vlan3: entered promiscuous mode [ 723.019742][T13535] bond2: entered promiscuous mode [ 723.055076][T13535] vlan3: entered allmulticast mode [ 723.078950][T13535] bond2: entered allmulticast mode [ 723.642963][T13537] bond2: (slave bridge2): making interface the new active one [ 723.682756][T13537] bridge2: entered promiscuous mode [ 723.688346][T13537] bridge2: entered allmulticast mode [ 723.743086][T13537] bond2: (slave bridge2): Enslaving as an active interface with an up link [ 725.295937][T13564] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 725.303375][T13564] IPv6: NLM_F_CREATE should be set when creating new route [ 725.310976][T13564] IPv6: NLM_F_CREATE should be set when creating new route [ 725.318498][T13564] IPv6: NLM_F_CREATE should be set when creating new route [ 727.148199][ T28] kauditd_printk_skb: 1 callbacks suppressed [ 727.148219][ T28] audit: type=1326 audit(2000001375.484:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13593 comm="syz.4.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f382079c799 code=0x7ffc0000 [ 727.258923][ T28] audit: type=1326 audit(2000001375.484:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13593 comm="syz.4.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f382079c799 code=0x7ffc0000 [ 727.346678][ T28] audit: type=1326 audit(2000001375.544:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13593 comm="syz.4.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f382079c799 code=0x7ffc0000 [ 727.376135][ T28] audit: type=1326 audit(2000001375.544:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13593 comm="syz.4.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f382079c799 code=0x7ffc0000 [ 727.407433][ T28] audit: type=1326 audit(2000001375.544:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13593 comm="syz.4.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f382079c799 code=0x7ffc0000 [ 727.476369][T10965] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 727.505217][ T28] audit: type=1326 audit(2000001375.544:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13593 comm="syz.4.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f382079c799 code=0x7ffc0000 [ 727.623410][ T28] audit: type=1326 audit(2000001375.544:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13593 comm="syz.4.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f382079c799 code=0x7ffc0000 [ 727.673549][ T28] audit: type=1326 audit(2000001375.544:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13593 comm="syz.4.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f382079c799 code=0x7ffc0000 [ 727.722173][ T28] audit: type=1326 audit(2000001375.554:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13593 comm="syz.4.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=201 compat=0 ip=0x7f382079c799 code=0x7ffc0000 [ 727.857014][ T28] audit: type=1326 audit(2000001375.554:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13593 comm="syz.4.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f382079c799 code=0x7ffc0000 [ 730.587952][T13617] gtp0: entered promiscuous mode [ 730.620795][T13617] gtp0: entered allmulticast mode [ 730.644586][T13626] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2013'. [ 732.122348][T13646] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2018'. [ 732.171945][ C0] vcan0: j1939_session_tx_dat: 0xffff88802d2b4000: queue data error: -100 [ 732.806138][T13653] loop2: detected capacity change from 0 to 128 [ 732.825704][ T52] Bluetooth: hci1: unexpected event for opcode 0x080d [ 733.028124][T13653] loop2: detected capacity change from 0 to 2048 [ 733.062347][ T28] kauditd_printk_skb: 58 callbacks suppressed [ 733.062370][ T28] audit: type=1326 audit(2000001381.394:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13656 comm="syz.7.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f701c39c799 code=0x7ffc0000 [ 733.117770][ T28] audit: type=1326 audit(2000001381.394:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13656 comm="syz.7.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f701c39c799 code=0x7ffc0000 [ 733.142268][ T28] audit: type=1326 audit(2000001381.434:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13656 comm="syz.7.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7f701c39c799 code=0x7ffc0000 [ 733.197318][ T28] audit: type=1326 audit(2000001381.434:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13656 comm="syz.7.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f701c39c799 code=0x7ffc0000 [ 733.274695][ T28] audit: type=1326 audit(2000001381.434:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13656 comm="syz.7.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f701c39c799 code=0x7ffc0000 [ 733.369758][ T28] audit: type=1326 audit(2000001381.444:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13656 comm="syz.7.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f701c39c799 code=0x7ffc0000 [ 734.022795][ T28] audit: type=1326 audit(2000001381.444:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13656 comm="syz.7.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f701c39c799 code=0x7ffc0000 [ 734.183387][ T28] audit: type=1326 audit(2000001381.444:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13656 comm="syz.7.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f701c39c799 code=0x7ffc0000 [ 734.425230][ T28] audit: type=1326 audit(2000001381.444:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13656 comm="syz.7.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f701c39c799 code=0x7ffc0000 [ 734.448249][ T28] audit: type=1326 audit(2000001381.444:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13656 comm="syz.7.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f701c39c799 code=0x7ffc0000 [ 736.852711][ T52] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 736.862152][ T52] Bluetooth: hci1: Injecting HCI hardware error event [ 736.876119][ T52] Bluetooth: hci1: hardware error 0x00 [ 739.013190][ T52] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 742.088443][ T28] kauditd_printk_skb: 13 callbacks suppressed [ 742.088462][ T28] audit: type=1326 audit(2000001390.424:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13760 comm="syz.8.2042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe94d19c799 code=0x7ffc0000 [ 742.597710][ T28] audit: type=1326 audit(2000001390.464:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13760 comm="syz.8.2042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe94d19c799 code=0x7ffc0000 [ 742.990734][ T7551] ------------[ cut here ]------------ [ 742.997791][ T7551] WARNING: CPU: 1 PID: 7551 at io_uring/io_uring.c:3214 io_ring_exit_work+0x3a7/0x820 [ 743.007632][ T7551] Modules linked in: [ 743.011635][ T7551] CPU: 1 PID: 7551 Comm: kworker/u4:16 Not tainted syzkaller #0 [ 743.026594][ T7551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 743.037450][ T7551] Workqueue: iou_exit io_ring_exit_work [ 743.043175][ T7551] RIP: 0010:io_ring_exit_work+0x3a7/0x820 [ 743.049067][ T7551] Code: 78 23 e8 fc 91 0a f7 48 8b 7c 24 30 48 8b 74 24 08 e8 ad f4 10 00 48 85 c0 75 1d e8 e3 91 0a f7 e9 b9 fd ff ff e8 d9 91 0a f7 <0f> 0b b8 70 17 00 00 48 89 44 24 08 eb cf c7 84 24 90 00 00 00 00 [ 743.069291][ T7551] RSP: 0018:ffffc90004ef7a40 EFLAGS: 00010293 [ 743.075622][ T7551] RAX: ffffffff8a7c8a87 RBX: ffff88807f484000 RCX: ffff88802b8f8000 [ 743.083870][ T7551] RDX: 0000000000000000 RSI: ffffffffffffffe2 RDI: 0000000000000000 [ 743.092003][ T7551] RBP: ffffc90004ef7bb0 R08: ffffc90004ef79c7 R09: 1ffff920009def38 [ 743.100650][ T7551] R10: dffffc0000000000 R11: fffff520009def39 R12: dffffc0000000000 [ 743.108814][ T7551] R13: ffff88807f484288 R14: 000000010000abdf R15: 000000010000abfd [ 743.116927][ T7551] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 743.126119][ T7551] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 743.132925][ T7551] CR2: 0000001b2f717ff8 CR3: 000000004400f000 CR4: 00000000003506e0 [ 743.140971][ T7551] Call Trace: [ 743.144406][ T7551] [ 743.147390][ T7551] ? io_ring_ctx_wait_and_kill+0x2b0/0x2b0 [ 743.153362][ T7551] ? _raw_spin_unlock_irq+0x23/0x50 [ 743.158621][ T7551] ? process_scheduled_works+0x96f/0x15d0 [ 743.164710][ T7551] ? process_scheduled_works+0x96f/0x15d0 [ 743.170496][ T7551] process_scheduled_works+0xa5d/0x15d0 [ 743.176334][ T7551] ? worker_attach_to_pool+0x380/0x380 [ 743.181870][ T7551] ? assign_work+0x3d2/0x5d0 [ 743.186732][ T7551] worker_thread+0xa55/0xfc0 [ 743.191502][ T7551] kthread+0x2fa/0x390 [ 743.195685][ T7551] ? pr_cont_work+0x560/0x560 [ 743.200420][ T7551] ? kthread_blkcg+0xd0/0xd0 [ 743.205664][ T7551] ret_from_fork+0x48/0x80 [ 743.210235][ T7551] ? kthread_blkcg+0xd0/0xd0 [ 743.214986][ T7551] ret_from_fork_asm+0x11/0x20 [ 743.219837][ T7551] [ 743.223043][ T7551] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 743.231179][ T7551] CPU: 1 PID: 7551 Comm: kworker/u4:16 Not tainted syzkaller #0 [ 743.239304][ T7551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 743.250204][ T7551] Workqueue: iou_exit io_ring_exit_work [ 743.255924][ T7551] Call Trace: [ 743.259350][ T7551] [ 743.262342][ T7551] dump_stack_lvl+0x18c/0x250 [ 743.267195][ T7551] ? show_regs_print_info+0x20/0x20 [ 743.272573][ T7551] ? load_image+0x400/0x400 [ 743.277601][ T7551] panic+0x2dc/0x730 [ 743.281641][ T7551] ? bpf_jit_dump+0xd0/0xd0 [ 743.287253][ T7551] ? ret_from_fork_asm+0x11/0x20 [ 743.292640][ T7551] __warn+0x2e0/0x470 [ 743.297131][ T7551] ? io_ring_exit_work+0x3a7/0x820 [ 743.302425][ T7551] ? io_ring_exit_work+0x3a7/0x820 [ 743.307905][ T7551] report_bug+0x2be/0x4f0 [ 743.312382][ T7551] ? io_ring_exit_work+0x3a7/0x820 [ 743.317560][ T7551] ? io_ring_exit_work+0x3a7/0x820 [ 743.322743][ T7551] ? io_ring_exit_work+0x3a9/0x820 [ 743.328171][ T7551] handle_bug+0xcf/0x120 [ 743.332578][ T7551] exc_invalid_op+0x1a/0x50 [ 743.337316][ T7551] asm_exc_invalid_op+0x1a/0x20 [ 743.342576][ T7551] RIP: 0010:io_ring_exit_work+0x3a7/0x820 [ 743.348574][ T7551] Code: 78 23 e8 fc 91 0a f7 48 8b 7c 24 30 48 8b 74 24 08 e8 ad f4 10 00 48 85 c0 75 1d e8 e3 91 0a f7 e9 b9 fd ff ff e8 d9 91 0a f7 <0f> 0b b8 70 17 00 00 48 89 44 24 08 eb cf c7 84 24 90 00 00 00 00 [ 743.368790][ T7551] RSP: 0018:ffffc90004ef7a40 EFLAGS: 00010293 [ 743.375111][ T7551] RAX: ffffffff8a7c8a87 RBX: ffff88807f484000 RCX: ffff88802b8f8000 [ 743.383294][ T7551] RDX: 0000000000000000 RSI: ffffffffffffffe2 RDI: 0000000000000000 [ 743.391445][ T7551] RBP: ffffc90004ef7bb0 R08: ffffc90004ef79c7 R09: 1ffff920009def38 [ 743.399658][ T7551] R10: dffffc0000000000 R11: fffff520009def39 R12: dffffc0000000000 [ 743.407676][ T7551] R13: ffff88807f484288 R14: 000000010000abdf R15: 000000010000abfd [ 743.416134][ T7551] ? io_ring_exit_work+0x3a7/0x820 [ 743.421310][ T7551] ? io_ring_ctx_wait_and_kill+0x2b0/0x2b0 [ 743.427583][ T7551] ? _raw_spin_unlock_irq+0x23/0x50 [ 743.433101][ T7551] ? process_scheduled_works+0x96f/0x15d0 [ 743.439154][ T7551] ? process_scheduled_works+0x96f/0x15d0 [ 743.445010][ T7551] process_scheduled_works+0xa5d/0x15d0 [ 743.450695][ T7551] ? worker_attach_to_pool+0x380/0x380 [ 743.456228][ T7551] ? assign_work+0x3d2/0x5d0 [ 743.461079][ T7551] worker_thread+0xa55/0xfc0 [ 743.465811][ T7551] kthread+0x2fa/0x390 [ 743.470079][ T7551] ? pr_cont_work+0x560/0x560 [ 743.474794][ T7551] ? kthread_blkcg+0xd0/0xd0 [ 743.479419][ T7551] ret_from_fork+0x48/0x80 [ 743.483955][ T7551] ? kthread_blkcg+0xd0/0xd0 [ 743.488601][ T7551] ret_from_fork_asm+0x11/0x20 [ 743.493418][ T7551] [ 743.497039][ T7551] Kernel Offset: disabled [ 743.501560][ T7551] Rebooting in 86400 seconds..