last executing test programs: 2m47.15344896s ago: executing program 0 (id=81): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socket$netlink(0x10, 0x3, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x2, 'dh\x00', 0x1, 0x5, 0x4a}, 0x2c) ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82187201, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r1, 0x400448ca, 0x0) syz_80211_inject_frame(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="8000000008021100000108021100000008021100"], 0x36) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)) syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000181000010000000000000000000000000a40000000060a010400000000000000000200050000000000000400000000000000796e7365740000180002800900010073797a3000000000080004400000000014000000"], 0x68}}, 0x0) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00', @ANYRES16=r2], 0x44}}, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r3, 0x400452c8, &(0x7f0000000100)) 2m44.894218613s ago: executing program 0 (id=86): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x34, 0x3e, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x909'}]}, @nested={0x10, 0x2, 0x0, 0x1, [@nested={0xc, 0x16, 0x0, 0x1, [@typed={0x8, 0xf, 0x0, 0x0, @u32=0x4788}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r5, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000840)={0x44, 0x0, 0x8, 0x801, 0x0, 0x0, {}, [@CTA_TIMEOUT_L3PROTO={0x6}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}, @CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @gre=[@CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x3}, @CTA_TIMEOUT_GRE_REPLIED={0x8}]}]}, 0x44}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0) 2m43.668244501s ago: executing program 0 (id=91): r0 = socket(0x1e, 0x5, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000880)='ns\x00') r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r2 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8) fsconfig$FSCONFIG_SET_BINARY(r1, 0x6, 0x0, 0x0, 0x0) fsmount(r1, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x6) connect$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) recvmmsg(r0, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000006c0)=""/248, 0xf8}], 0x1, &(0x7f0000000a00)=""/196, 0xc4}, 0x3}], 0x1, 0x0, 0x0) 2m42.739443625s ago: executing program 0 (id=95): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c16, &(0x7f0000000040)={[{@nobh}, {@usrjquota}]}, 0xff, 0x240, &(0x7f00000002c0)="$eJzs3T1oO2UcB/DvXRL/tg1SdRHEFxARLZS6CS51UShIKSKCChURF6UVaotb6+TioLNKJ5ciblZH6VJcFMGpaoe6CFocLA46RJJrpbYRX1Jz4n0+cLm75J77Pcfd97kQOBKgsaaTzCdpJZlJ0klSnN/gzmqaPl3dnthfTnq9x34oBttV65WzdlNJtpI8kGSvLPJCO9nYferop4NH7nl9vXP3u7tPToz1IE8dHx0+evLO4msfLNy/8dkX3y0WmU/3d8d19Yoh77WL5KZ/o9h/RNGuuwf8FUuvvP9lP/c3J7lrkP9OylQn74216/Y6ue/tP2r75vef3zrOvgJXr9fr9O+BWz2gccok3RTlbJJquSxnZ6vv8F+1JssXV9dennl+dX3lubpHKuCqdJPDhz+69uHUhfx/26ryD/xPVT9KHT6+tPN1f+GkVXeHgLG4rZr17/8zz2zeG/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmH5pJ/aC75h+aSf2iu8/kHAJqld63uJ5CButQ9/gAAAAAAAAAAAAAAAAAAAJdtT+wvn03jqvnJW8nxQ0naw+q3Bv9HnFw/eJ38sehv9puiajaSp+8YcQcjeq/mp69v+Kbe+p/eXm/9zZVk69Ukc+325euvOL3+/rkb/+TzzrMjFvibigvrDz4x3voX/bJTb/2Fg+Tj/vgzN2z8KXPLYD58/On2z9+I9V/6ecQdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDa/BgAA//8YZW08") creat(0x0, 0x182) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x8080c61) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) syz_clone(0x100000, &(0x7f00000001c0), 0x0, 0x0, &(0x7f0000000240), 0x0) pwrite64(r0, &(0x7f0000000140)='3', 0x1, 0xfeca) 2m40.912129382s ago: executing program 0 (id=102): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f00000005c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0x14, 0x3, 0x6, 0x0, 0x0, 0x0, {0x3, 0x0, 0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x40) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x1f, 0x10, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000040000000000000000800000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7020000eb7963b9850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000020000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x39}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)={0x2c, r8, 0x1, 0x0, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x4}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48000}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 2m34.764208383s ago: executing program 0 (id=116): socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) fanotify_mark(0xffffffffffffffff, 0x1, 0xe, 0xffffffffffffffff, 0x0) syz_init_net_socket$ax25(0x3, 0x5, 0xcc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x19) r1 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r2, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f6853772b21a140efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb737ae996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be500e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef1d7ee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600"}) ioctl$USBDEVFS_CLEAR_HALT(r2, 0xc0105502, &(0x7f0000000300)={0x1, 0x1}) fsetxattr$security_ima(r1, 0x0, 0x0, 0x0, 0x0) execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 2m34.192030412s ago: executing program 32 (id=116): socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) fanotify_mark(0xffffffffffffffff, 0x1, 0xe, 0xffffffffffffffff, 0x0) syz_init_net_socket$ax25(0x3, 0x5, 0xcc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x19) r1 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r2, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f6853772b21a140efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb737ae996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be500e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef1d7ee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600"}) ioctl$USBDEVFS_CLEAR_HALT(r2, 0xc0105502, &(0x7f0000000300)={0x1, 0x1}) fsetxattr$security_ima(r1, 0x0, 0x0, 0x0, 0x0) execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 7.353516571s ago: executing program 1 (id=455): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SYS_SET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="680000000714010025bd7000ffdbdf25080001000100000008000100000000000900020073797a32000000000900020073797a3000000000050042000100000008000100010000000900020073797a30000000000900020073797a3000000000080001"], 0x68}}, 0xc000) 7.221461743s ago: executing program 1 (id=458): r0 = socket$inet(0xa, 0x801, 0x84) listen(r0, 0x8) socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) ppoll(&(0x7f0000000500)=[{r2}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 6.362294925s ago: executing program 2 (id=461): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f00000005c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0x68, 0x3, 0x6, 0x0, 0x0, 0x0, {0x3, 0x0, 0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x68}, 0x1, 0x0, 0x0, 0x8000}, 0x40) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x1f, 0x10, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000040000000000000000800000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7020000eb7963b9850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000020000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x39}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)={0x2c, r8, 0x1, 0x0, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x4}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48000}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 4.975393576s ago: executing program 1 (id=465): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x32) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000300)={{0x1, 0x3, 0xc}}) r6 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, 0x0) r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_WANTLQI(r7, 0x0, 0x3, 0x0, 0x0) recvmmsg(r7, 0x0, 0x0, 0x10121, 0x0) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, 0x0, 0x0) sendto$inet(r4, 0x0, 0x0, 0x877d, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) 3.949128791s ago: executing program 1 (id=469): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) socketpair(0x1, 0x1, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) mq_unlink(0x0) r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000080)={0x42, 0x80000009, 0x2}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_NL_NET_SET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000fdffffff0f0000003000078008000100050000000800020007"], 0x44}, 0x1, 0x0, 0x0, 0x44}, 0x0) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000300)={0x42, 0x3}, 0x10) setsockopt$TIPC_GROUP_LEAVE(r3, 0x10f, 0x88) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r4 = msgget$private(0x0, 0x123) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x11, 0x3, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r6, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='net_prio.prioidx\x00', 0x26e1, 0x0) close(r7) ioctl$SIOCSIFHWADDR(r7, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0100008dffff"}) msgsnd(r4, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x8, 0x800) 3.949084211s ago: executing program 2 (id=470): r0 = socket$isdn_base(0x22, 0x3, 0x0) ioctl$IMGETVERSION(r0, 0x80044942, &(0x7f0000000080)) 3.948952251s ago: executing program 3 (id=471): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SYS_SET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="680000000714010025bd7000ffdbdf25080001000100000008000100000000000900020073797a32000000000900020073797a3000000000050042000100000008000100010000000900020073797a30000000000900020073797a3000000000080001"], 0x68}}, 0xc000) 3.785274444s ago: executing program 3 (id=472): r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r1, 0x80045017, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65) write$snddsp(r2, &(0x7f0000000200)="a38d", 0x2) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r2, 0xc06c4124, &(0x7f0000000000)={0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r3, 0xffffffffffffffff, 0x0) 3.718488075s ago: executing program 2 (id=473): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) bpf$MAP_CREATE(0x0, 0x0, 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) ioctl$MEDIA_IOC_ENUM_ENTITIES(0xffffffffffffffff, 0xc1007c01, &(0x7f0000000f40)) syz_open_dev$video(&(0x7f0000000000), 0xc000, 0x0) syz_open_dev$I2C(0x0, 0x80, 0x14000) mount(0x0, 0x0, &(0x7f0000000080)='ramfs\x00', 0x2014800, 0x0) io_uring_setup(0x10d7, &(0x7f00000000c0)={0x0, 0xbfff, 0x400, 0x2, 0x1d}) syz_init_net_socket$netrom(0x6, 0x5, 0x0) 3.665525735s ago: executing program 1 (id=474): syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./bus\x00', 0x0, &(0x7f0000000440), 0x1, 0x559d, &(0x7f0000005680)="$eJzs3X1sVWcdB/BzeynlJaFlyjLUhfkPThCpmFiEoEVgAoPRgSbDwCgO2BAGhQRhY9OOOZ0jk4Y5xoovDKQCxq6+rJiYIbqIcU4mi8OGEXnJIuICK4yoJNOZ3nufy73n0vYO5zq3z4e05z73d57nPPfk/HG/lz7nRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBF0cHlC/627gfLv/nQdSenbLz/zAMnap57fNP4u+fsHnX4gVVXtp1uaip99fmzNyy67+GqoSf2zD8URYlUv0Sm/7xPTZ65aNa86X3CgLU3prcVFZ0dMt31WLrRO+/Jjn75P/OjKCqNDZDMbCf1z2kn4geIVhYO2KXtVWNWDdw4cdrmssmDFibrGgtfOh369PQEekrmunrx4rVUnfpdEtsj28659BJ5l2i6f/yCe1NeBADwulTWpDbZt6OZt7jZdn28HmtXx9oNsXZ4h9CQ27gc6XF7dzbPa+L1HppndToqlHU6z1g9c/6z7Zp4/1g7FjVexzzzd81Emj6dzbMuVu+peQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8ldx9/JanSzb96H1L149MHh887BdfbdryvUnt5VO+tm9D2+9bn3tPU1Ppq8+fvWHRfQ9XDT2xZ/6hKKpI9Uukuyfm7mjd8LMVU1b/fM6jzefee8euZGbcsO2Vs3PUFh58vDyKPp9TeTEMe2pAFNXkF1LN6NHCwuLUgymhAAAAwNvJ4NTvkmw7HQdL89qJVJpMpP4F6bC4vWrMqoEbJ07bXDZ50MJkXePlj1fTyXjVlxwv2664+JPICcYh/sbHu1gPu64sGKdr8RHjeX7U0AuHj3x9+Ya1jf1P7u87MDnpV1+uHXzFnNGvXDt2zG1/fWRHQf6v6Dr/hzMn/wMAAPDfkP/j43Stu/w/7Mj9Z+469dN1tZ/ZNvf4+G/UDnhX5Zo/NX/4c+uHTZ3Y69iVWwry/zV5hyzI/2HGIf+XRJeX/wEAAOCt7H+d/6sLxulad/l/2ZoRf592YdbEJ8Zd+OGZO4f88uCRaG/9iC+03P6B/bP7DWj4SUH+rywu//fKnXZ48pkw4SXlUVRZ/EkFAAAA8oT/d7/40ULI6+lPDuJ5fc75g5NuLn3w7EdmXzt029Ehu9rP/2PJ8k0XRjfPGF716acrNhTk/+ri8n/pm/NyAQAAgCI8tfgTN+2Mpk/6UPU9h/cv2P5I/bK1K5c2liWm/ntl2/X/au5dkP9risv/ZT3zcgAAAIBLOPSlbbtfm7msdXhz2fmtf3jtz49fPXz1gabKoyt/O7B0RWvt4oL8X1tc/u+X2WZWPqQ77Q9/hfBQeRT16XhQly78Jmr4ZLYAAAAAvEFCTv/nsbaRO68r+/VT339586zvfHvQ3m/NONj43Qn9b5n44IEZB56sLcj/dV3f/z/c6SCs/8+7/1/B+v+cQvquf2PdGAAAAIB3osL1/OH2+OlvLujs+/eLXf9/4xdbXzp++/yvtL97yE3LXr7tils/Nv7UH6ffmdw57q6SqVNfOl2Q/+uLy//J3O0b+f1/AAAAcBn+377/b3bBOF3r7v7/Mx+752j7X14YN2Jm49pFJ8dv/PG8Lc88trvq6nMLbu77wWeX7i3I/w3F5f+w7Z/78vaF83NveRRd1fEgczfBXWG6S2KFltKcQvrEx3rMCj0yhZaynEJKXazHqPIoen/Hg/pYYWAoNMQK7QMyha2xwrOhkLkesoXmWGFfuNI2DchMN17YEwqZBRYtYQVF/+ySiFiPVzrr0VG4ZI8XsgcHAAB4RwnhOZNlS/ObUTzKtiS626FfdzuUdLdDsrsdesV2iO/Y2fNRbX4hPH9+zRO/q/xoyWcP3XrHhOEjF667t2HsgeTcCdc/uaPvuRWnR68uyP9bi8v/4VT0Tm86W/8fhfX/me81zK7/rw2FilihJRRq4ncMqAnHSIfd9eEYFTWZHu1XZQsAAADwthY+F0j28DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgP+zde5xU1Z0g8NNNP2homhbjK2JsdW1Fh6ZBUT/BB2omGmBNo+zMuPhohEaRVhBhIq5RULObxMEoKlFnRmEVRlZx8AVkNQE1ooloNI5mRh1DMGrcjR/FiH6yxrif7lunqLrVZRcCSjvf7x9dp+p3nrceXefeW+cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Max/9MYj/umiJ0eP2jBvwPJXDv/vH9YfumzRO//rT89ed9ve8763ftWSJZV/en7jSZO/c8PhjRtWTnghhJbOcmVJ8bLTF6/4waoLvvGtB0+76e5395y9tCpTbyYe+nb8Kc/cuTK2+tt+IawsC6EiHRhcmwQqM/drY30Da0PYKWwOZEu09UlKpBsOj9WEsDBsDmSr+lFNCLU5gXG/fGT1vI7E9TUh7B9CqE638e/VSRs16UBjVRLokw5Mq0gCH3ycyAZWlScB2GrxzZB90S9vyc9Q33W5Iq+/ym3Wsc9Xeni9YqK+eL63jt3OncpRlX6gZauetoLq2C4K3h5rvNt6wLutYDtf42nL/SKV+Yby8eZQdSif1DZ5wqz2mfGR8tDU1KtYTdvpeX5x4yUTtyTdY16HsQP12+R1+Pj5A+9c0Dhm15sf3jD59apnF2xtN4tt3u2tOmRecz3meYxG+jzpAW+/gm9JDb50hRBuP37T2799aez//dWDTw9+75tDzxrywitD627+7rR+f332/6m8ZerGgvl//SfP/+PLOd6W5+WOrX5Yl8zN4yO1MfF2XTI3BwAAgB6jJ+w1fWPEQW/Xrmt4eN+vr5h83qJ5r51+7p+rftp3wkEnnjL0+3fcOPW0gvl/Q2nH/+Mh/9rc0a4JYWRn4or+Ieze+XgSWBq7c1b/EPbpTLXkB45NBdaEsEdnYlC2qlSJ3rFEQyrwRl0mMDIVWBsDLanA4hi4JhW4MgaWpwITY2BNKnBcDIQp+eM4qC4zjpIDNTHQmmzE5fEshD/UxdZS2+qlbFUAAADbSGZ2WJl/N+dch63NEKeXy2u6yxDPwC6aoTpVQ3oGm51WFa2horsayrurITvuOZ88/IKay7qrueA0jLL8DO8deN/c1Q/8249vnHDYUwd92HrGy+tXPTp6U6+/e2fMjy8dN3/Y+IL5f/Mnz/+ru+hIWcHx/xDGdv6NucszkfZsvLUlLwMAAACwFSpeW3ryL+Z+VLbkZ+ds3P8vTxt3de8V++47YO3B9/2/hjcHHL9q/4L5/8jSzv+P+0R65WQO6+JuiKn9Q2jODyTVjigMJEe9+2YCAAAA0BNkj8dnj4VPydwmp2in59OF+Vu2MH888D+yy/yDx129rnn17adMGXHomjWbztj15WUbntpl/3deOPDk00+4f2rDPQXz/5bSzv/vk3+bdGJt7MV1/UPonRN4PPayI9CpIQbWH5MfyIx/bdwAV8WqMicmZKu6KpZojYHmVGBhsRLPZEvsnh/IPFnZxq/IjmNKpkROAAAAAD5zcXdAPC4fz/9/+tx+j/7jslsueXDJutD37OW/uOzo4QPnD+791rRnDnnkb989eWrB/L91y87/75wHF5ze3943hCEVIfRK/zBgXZ9kYcAYqC3LJH7cJ6mrV7qqy/uEMKJjYOmqNmTW/69IrzH4XE1SVQzsvu8dGxs7ErfXhDAkN/DC+EXDOxKzUoFs439VE8LeHaNNN76id9J4ZbrxG3uH8JWcQLaqib1D6GisKl3Vo9WZ6xikq1peHcLOOYFsVYdXhzA7ANBTxf+lk3IfvHD2xVMntLe3zdiOibgTvyZMntLe1jRxWvuk6iJ9mpTqc946RnMLx1TqpW9ezqxRdNeopv6lpLM/FGzObSuzI7/gzMHM/fhlqLJznMMq8+4ekh7ygfsVNhFyvkoVG3L5dh5yn9xKNj+JBfXH/FWhb+g968K2GU0XTZg5c8bQ5G+p2Yclf+NxpmRbDU1vqz5d9a2El0fR5bJSPu22asytZMjM86YPuXD2xYOnnDfh7Laz284/bPhhRxwx7NBDhw/pGFRz8rebkTZ2VXNqpB8vKnFY23CkX67IqeSz+NCQkJDoaYlVv9vj5aN3Wfq9FbcsnvHz9qPafv71nXces6Tqmy9suvSy/Z/+Hx8UzP+nf/L8P37qxA/+zPoMxY7/18fD/Mnjmw/zt8bAwlKP/9cXO5qfPTGgIRWYEwNzHOYHAADgiyHujox7M+NO6Ufm7/Yvd467b8z89Qc/ue65svV9Dv77D39fXnnZuP9yzAMNt333bwrm/3NK+/3/Nlr/P7t0/ahiy/wPiiWai63/n17mP7v+/5xi6/+nl/nPrv+/8HNY/39WNpDaJH+w/j8AAPBF8Nmt/9/t8v7pCwQUZOh2ef/0BQIKMnS7jH+pFwjY4vX/H2k4aORPVn/nN43LLpj2zn8bct/oAXs2/O6Rva6cNHXk6NEjBv9Lwfz/mtLm/xbuBwAAgB3HAROPfWrjpL2Pvfp/3rbTHj9p/fauh+3y/WVHts3ftH7i39z27jl/XTD/X1ja/P+zX/8vFDv/v6FYoKXYwoDW/wMAAKCHKrb+39Abv3X5q4uPu/+ey6eNam0dP/uKq/dbfUD1qeGl0fMb/mLGvR8VzP+Xlzb/j6ddlOfljr35sC5Z0y6k17R7uy77kwEAAADoGcpDU1NliXnzFkY99tO3+WJmKdBPSud68sH9nn/gqyNOnL+46urXynYb9vFT1888+Piv/fDVjXtdcse55+1XMP9fU9r8P+93GY+fP/DOBY1jdv3w5oc3TH696tkFm4//AwAAANtPqfslAAAAAAAAAAAAAACAz98JD//k6rcnLvnanIW/3PWnvcY+u3zDrDlNs2uvf/WH1/7qiDsfHlfw+/8wtrNcsd//x+v+xd8XfCkvd2y1+/X/MvfHjb57dueShevqQtgvNzD18qk7hcy1+Q/IDaw+fdBuHYnL0yUeeuW41zoSZ6YDJw4e8H5H4shUoDUukrhHOhCvqvh+v1QgLq/4XDoQt8fydKAqE/hev2QcZelt9WZtsq3K0tvqxdoQ+ucEsttqZW3SRll6gNenAtkBXpAOxAGelAmUp3t1d9+kVzFQG4ve2jfpFQAAO6z4LbAyTJ7S3tYcv8LH2y9X5N9GeUuWzS2stqzE5l/OLE1216im/qWke6W/i26+1nhlqO4YwtCCr6u5Wco6R7ltaulm032pyJC7W+2tvEi5tC3ddFXFR1STjKhp4rT2SZXdDvyQ7rMMq+g2y9CCyU5ulvLOTVpCLSX0pYQRlbhtSuhyvF8empp6pXJ9NQbrQ57uXhGl/l4/d52/Yq+C3DxPvtn+1BP//PzKfR7/89Nnf/BXk7596byzznj3yHOq/+E/lz39XwfuXDD/ry9t/l+dO673MxcDmBOvrDeifwitJY4IAAAAvvjOOf+V+d999No31rc0vjZtyLWr/3X2jRdX1C298i9ffOhvN42/+sytjb/58zv2eXjyhGe+dO4hy054fZ+DL2s88637/mLeuAev6nvLD+ff8YOC+X9DafP/uAcrcyg42duxJl7//4r+IXReWr8+CSyNwz2rfwj7dKZaYonkgvqjYonmJLA07jAZFEu0tuRX1TsGlqcCb9RlAmtSgbUxkNlLcUfI7Mq5ti6E4Z2psfklpscS9anAN2OgIRVoioHmVKBfDIxMBX7fLxNoSQWejIEwJX9b3dcvs60AAAC2RGaeVZl/N6TnecsrustQ1l2GPt1lKO8uQ3V3GYqNIt6/N2aoTJ28UpaTqTJda02qloIM8WL4W9yvggzhmfyc6YIFTcfzD7LnG5TlZ3jg5K/ec9WCyYPKf/XR2qWt790/ccWts49eec5Df/fEpH0X3XX93gXz/+bS5v998m+T1tfG+f/m6/8lgcdj966Lp443xMD6Y/IDmR0Da+Nk96psVS2ZEplJ+1WxxMgYaEgFpsfAyFSgdWwmsHC3/EBmpp1t/Ips41MyJXICAAAA8JmLOwjibpo4///jsmePeqxi0V3/+ur4u+6d89Y99/70nntuvXf07Zu+/twVF7970UcF8/+Rpc3/Y3t9cxu7Mvbmt/1CWFm2uTfZwODaJBD3Y9TGn8cPrA1hp5wdHNkSbX2SElWphsNjNckv1KvSVf2oJlljIN4f98tHVs/rSFxfE8L+OXtfsm38e3XSRk060FiVBPqkA9MqkkDc85MNrCpPArDVsnsF4wsqc6pLVn3X5Yq8/r4o1wRND69gH2gX+br6zdX2Up1+ILNPNWvLnraC6tguCt4ea7zbeuK7rd67LfeLVOYbysebQ9WhfFLb5Amz2mfGR3J/yVpgOz3Pub9SLSW9DV6Hcz59b7tXne5Ac+rjo7nrcl2/DstidY+fP/DOBY1jdr354Q2TX696dkHJ3Sgi/lD4maoB9bmbd3urDpnXXI/7PGnxedIT/w00eNpCCBsuPeG6kVXTr1g5+pAj93rttFOqZ7437+/vf+mBd/f9xxUTh31tQMH8v6W0+X9F6rbTH+PGvLB/CAfmbNx1cfMf3z/5HMwJJJ+SOxcGkkPur9YV/eQEAACAbS27uyO7v2BK5jY5ITw9Ty7M37KF+eP+ipFd5i+13z8adMpe9+9297hrTz3qpn/+zdh+G8e/uOSYFa1HNS49+mf/6cyaeQXz/9ZPnv/3TnXT8X/H/9lOHP/v0o6+K7p3+oE5W7UruqA6tgvH/7u0o7/bHP/vkuP/jv93xfH/bjj+36Ud/Wkr+JY03ZeuEMKwMWcMrr1r8BPvD1z96yeemvJvc1sn3PONq27Z8+Nv1y9eUL9r34L5//TS5v/W/+t60b7s+n+txdb/m15s/b851v8DAAC2qyILzaXneQWr9xVkSK/eV5Ch2wUCu11i0Pp/W7z+32NHHTl++ejFv16z95gDLus7d+6puzx504stM9+vue2D93f7xYGjCub/c0qb/8eXQ9/c1nvK+n8NY4tUdU0MTLcwIAAAADuiYjsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HztfsN1449prj7pN8dfWjP6+w+tO6D6mldOvXTZhFsnfeX28wfNWrFkSeWfnt940uTv3HB444aVE14IYUpnubKkeNnpi1f8YNUF3/jWg6fddPe7e85eWp2ptzJzu2de7tjqh3UhLMx5pDYm3q7ruLM5MG703bMrOhLr6kLYLzcw9fKpO3UkFteFcEBuYPXpg3brSFyeLvHQK8e91pE4Mx04cfCA9zsSR2YCZenu/kO/pLtl6e7O6xdC/5xAtrvn9suvKtvGCZlAebqNf6pN2oiB2lj0xtqkjRhojyWm9A5hSEUIvdJV/aw6qapXuqr/XZ1U1Std1WXVIYwIIVSkq/p1VVJVRXrkz1QlVcXA7vvesbGxI7GoKoQhuYEXxi8a3pGYkQpkGz+lKoS9O14y6cbvq0war0w3fkNlCF8JIVSlS2yqSEpUpUtsqAhh55zA5o1YEcLswBdD/PSZlPvghbMvnjqhvb1txnZMVGXaqgmTp7S3NU2c1j6pOtWnYspy0h/P/fRjf3njJRM7bu8a1dS/lHRFplxlZ5eHVebdPWRH733sV5/cSjY/HwX1x/xVoW/oPevCthlNF02YOXPG0ORvqdmHJX97ZaLJthraU7ZVY24lQ2aeN33IhbMvHjzlvAlnt53ddv5hww874ohhhx46fEjHoJqTv9tipIs++5F+uSKnks/i/S8hIdHTEuV5n27NO/rneMEX/c0drQzVnR/QBdOK3CxlnaPcFoM+9lOO+NN8Tel2REMLJg4FWYZ1n+WQgsnE5iw1SZbOr3UFk8Pcmso7N2m8Xx6amnoV2w71+XdzN+9bW7F5X8xsulLTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD/ZwcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IFjAQAAAABh/tZh9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwKAAD//y85Ijg=") r0 = open(&(0x7f00000000c0)='./bus\x00', 0x68042, 0x62) r1 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) ftruncate(r1, 0x2007ffb) sendfile(r0, r1, 0x0, 0x1000000201005) sendfile(0xffffffffffffffff, r1, 0x0, 0x80000000c) creat(&(0x7f0000000040)='./bus\x00', 0x0) 3.664071485s ago: executing program 4 (id=475): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) wait4(0x0, 0x0, 0x8, 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={0x70, r3, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_FRAME={0x4a, 0x33, @assoc_req={{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x10}, @device_b, @device_a, @initial, {0xc, 0x9}, @value=@ver_80211n={0x0, 0x62, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x1}}, 0x0, 0x2, {}, @void, @val={0x2d, 0x1a, {0x80, 0x2, 0x2, 0x0, {0xf, 0x9, 0x0, 0x9, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x8, 0x3, 0x5}}, [{0xdd, 0x6, "e701471b76b8"}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 3.625173656s ago: executing program 3 (id=476): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f00000005c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0x68, 0x3, 0x6, 0x0, 0x0, 0x0, {0x3, 0x0, 0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x68}, 0x1, 0x0, 0x0, 0x8000}, 0x40) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x1f, 0x10, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000040000000000000000800000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7020000eb7963b9850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000020000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x39}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)={0x2c, r8, 0x1, 0x0, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x4}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48000}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 2.802275118s ago: executing program 4 (id=477): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x20008010) 2.71493161s ago: executing program 2 (id=478): r0 = socket$inet(0xa, 0x801, 0x84) listen(r0, 0x8) socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) ppoll(&(0x7f0000000500)=[{r2}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 2.568124172s ago: executing program 4 (id=479): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x100004c, &(0x7f0000000100), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKROSET(r0, 0x125d, &(0x7f0000000080)=0x3f) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) fallocate(r1, 0x0, 0x0, 0x8000c62) 2.372880555s ago: executing program 4 (id=480): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SYS_SET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="680000000714010025bd7000ffdbdf25080001000100000008000100000000000900020073797a32000000000900020073797a3000000000050042000100000008000100010000000900020073797a30000000000900020073797a3000000000080001"], 0x68}}, 0xc000) 2.324893755s ago: executing program 3 (id=481): r0 = socket$isdn_base(0x22, 0x3, 0x0) ioctl$IMGETVERSION(r0, 0x80044942, &(0x7f0000000080)) 2.105302388s ago: executing program 4 (id=482): openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00') syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/uts\x00') syz_open_dev$vim2m(&(0x7f0000000280), 0x1, 0x2) r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{}, 0x0, &(0x7f0000000200)=r2}, 0x1e) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)}) 2.057806859s ago: executing program 3 (id=483): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x40000000000001, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) mkdir(&(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='ecryptfs\x00', 0x0, 0x0) 1.35130876s ago: executing program 2 (id=484): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@ipv4_newroute={0x30, 0x18, 0x35f32a6dfa748ddd, 0x200, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x37, 0x5}, [@RTA_ENCAP={0x14, 0x16, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0x10, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, @LWTUNNEL_IP_OPT_GENEVE_TYPE={0x5, 0x2, 0x5}}}}]}, 0x30}}, 0x0) 1.236144351s ago: executing program 3 (id=485): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, 0x0, 0x4008040) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) ioctl(0xffffffffffffffff, 0x1, &(0x7f00000001c0)="0feb79dba4d547dbfc1dd208eaa30956048fec8af59ac89db5fa9990264676e2986faafd3ea5dae7bc92a1bc24e351e85f1d5bd5ddeaca8f55b490bd77a9bdc487a1216409507ef4a44e804db9321ed9a0d3b0d49a") r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000140)={{0x6, @rose}, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @bcast, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000100)={'nr0\x00', 0x2}) 1.235564822s ago: executing program 4 (id=486): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETA(r1, 0x5406, 0x0) ioctl$TIOCL_GETMOUSEREPORTING(r1, 0x5412, &(0x7f00000006c0)=0xa) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$EVIOCGEFFECTS(0xffffffffffffffff, 0x80044584, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, 0x0, 0x0, 0xfffffffffffffffe) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r5, &(0x7f00000004c0)={0x1f, 0xffff, 0x3}, 0x6) write(r5, 0x0, 0x0) r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) lseek(r6, 0x851, 0x0) r7 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r7, &(0x7f0000000580)={'syz1\x00', {0x6fc9, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0x3, 0x8, 0x2, 0x805334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x6, 0xf5, 0x9, 0x39, 0x747d5a13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0xbeb, 0x3, 0x4, 0xf252, 0x4, 0x800, 0x300000, 0x7, 0xe, 0x4623b, 0x0, 0x2, 0x1ff, 0x8000, 0x3ff, 0x3, 0xd, 0x4, 0xba55, 0x8da8, 0x2, 0x200, 0x2, 0x8, 0xe, 0x4, 0x2, 0xde, 0x8, 0x9, 0x1, 0x199f, 0x8, 0x2, 0x9, 0x1, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x1], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0xc32, 0x3, 0x9, 0x10000, 0x400, 0x8001, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x100, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0x0, 0x2, 0x1, 0x0, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffff9, 0x101, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x3], [0x401, 0x2, 0xffff, 0xcd4, 0x7, 0x1, 0x7, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x7, 0xfffffffc, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x10, 0x80000001, 0x4, 0x4, 0x5, 0x9, 0x2, 0x5, 0x80, 0x9, 0x9, 0x47, 0x2, 0x3, 0x4, 0x7, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x0, 0x0, 0x3ff, 0x3, 0x6, 0x100fffd, 0x2005, 0x7, 0x4, 0xea, 0x9, 0x5, 0x6, 0xd9, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x88, 0x2, 0x6, 0x4, 0x10, 0x2, 0x763, 0x8, 0x402, 0x800, 0x4, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x1e0, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x3b, 0x2, 0x5, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x8, 0x8a8, 0x2, 0x3d, 0x7, 0x2, 0x4, 0x4, 0x10, 0x340a, 0x0, 0x7fff, 0xffffffff, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0x4edf, 0xfffffffd, 0x7, 0xe, 0x2, 0xe, 0xf, 0x133, 0x6]}, 0x45c) ioctl$UI_DEV_CREATE(r7, 0x5501) ioctl$UI_SET_PROPBIT(r7, 0x4004556e, 0x17) 1.105626813s ago: executing program 2 (id=487): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) bpf$MAP_CREATE(0x0, 0x0, 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) ioctl$MEDIA_IOC_ENUM_ENTITIES(0xffffffffffffffff, 0xc1007c01, &(0x7f0000000f40)) syz_open_dev$video(&(0x7f0000000000), 0xc000, 0x0) syz_open_dev$I2C(0x0, 0x80, 0x14000) mount(0x0, 0x0, &(0x7f0000000080)='ramfs\x00', 0x2014800, 0x0) io_uring_setup(0x10d7, &(0x7f00000000c0)={0x0, 0xbfff, 0x400, 0x2, 0x1d}) syz_init_net_socket$netrom(0x6, 0x5, 0x0) 0s ago: executing program 1 (id=488): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x20008010) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.109' (ED25519) to the list of known hosts. [ 82.585005][ T5777] cgroup: Unknown subsys name 'net' [ 82.723332][ T5777] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.392689][ T5777] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.546951][ T5799] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.555760][ T5799] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.563103][ T5803] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.563721][ T5799] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.571841][ T5803] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.579153][ T5799] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.585969][ T5803] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.593547][ T5799] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.600056][ T5803] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.614311][ T5803] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 86.621758][ T5803] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.625915][ T5799] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.631485][ T50] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.644885][ T50] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.652451][ T50] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.669372][ T5806] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.669842][ T50] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 86.677062][ T5806] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.691620][ T5799] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 86.691664][ T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.702883][ T5806] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.706296][ T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.715809][ T5806] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 86.737573][ T5800] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.286954][ T5791] chnl_net:caif_netlink_parms(): no params data found [ 87.334939][ T5793] chnl_net:caif_netlink_parms(): no params data found [ 87.419563][ T5792] chnl_net:caif_netlink_parms(): no params data found [ 87.514492][ T5791] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.522193][ T5791] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.530826][ T5791] bridge_slave_0: entered allmulticast mode [ 87.539300][ T5791] bridge_slave_0: entered promiscuous mode [ 87.553227][ T5794] chnl_net:caif_netlink_parms(): no params data found [ 87.574201][ T5793] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.581345][ T5793] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.588619][ T5793] bridge_slave_0: entered allmulticast mode [ 87.596246][ T5793] bridge_slave_0: entered promiscuous mode [ 87.604261][ T5791] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.611488][ T5791] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.619113][ T5791] bridge_slave_1: entered allmulticast mode [ 87.626327][ T5791] bridge_slave_1: entered promiscuous mode [ 87.649260][ T5793] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.656651][ T5793] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.663814][ T5793] bridge_slave_1: entered allmulticast mode [ 87.671045][ T5793] bridge_slave_1: entered promiscuous mode [ 87.777083][ T5791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.790721][ T5791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.814721][ T5793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.840492][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.848098][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.855610][ T5792] bridge_slave_0: entered allmulticast mode [ 87.862704][ T5792] bridge_slave_0: entered promiscuous mode [ 87.872813][ T5793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.915734][ T5791] team0: Port device team_slave_0 added [ 87.921986][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.929376][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.938913][ T5792] bridge_slave_1: entered allmulticast mode [ 87.946355][ T5792] bridge_slave_1: entered promiscuous mode [ 87.969291][ T5793] team0: Port device team_slave_0 added [ 88.002861][ T5791] team0: Port device team_slave_1 added [ 88.034684][ T5793] team0: Port device team_slave_1 added [ 88.040802][ T5794] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.048112][ T5794] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.055436][ T5794] bridge_slave_0: entered allmulticast mode [ 88.062742][ T5794] bridge_slave_0: entered promiscuous mode [ 88.098636][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.132281][ T5794] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.140001][ T5794] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.147306][ T5794] bridge_slave_1: entered allmulticast mode [ 88.154370][ T5794] bridge_slave_1: entered promiscuous mode [ 88.161977][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.169066][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.195962][ T5791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.210097][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.217330][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.243344][ T5791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.257624][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.278218][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.285452][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.311789][ T5793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.374850][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.381950][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.408071][ T5793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.422100][ T5794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.436765][ T5794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.463472][ T5792] team0: Port device team_slave_0 added [ 88.491947][ T5792] team0: Port device team_slave_1 added [ 88.541450][ T5794] team0: Port device team_slave_0 added [ 88.550885][ T5794] team0: Port device team_slave_1 added [ 88.585207][ T5791] hsr_slave_0: entered promiscuous mode [ 88.592562][ T5791] hsr_slave_1: entered promiscuous mode [ 88.615467][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.622448][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.648493][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.677409][ T5793] hsr_slave_0: entered promiscuous mode [ 88.683811][ T5793] hsr_slave_1: entered promiscuous mode [ 88.690392][ T5793] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.698472][ T5793] Cannot create hsr debugfs directory [ 88.718813][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.725922][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.752063][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.781934][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.789021][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.815929][ T5798] Bluetooth: hci3: command tx timeout [ 88.815947][ T5806] Bluetooth: hci0: command tx timeout [ 88.821741][ T5794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.827612][ T5806] Bluetooth: hci2: command tx timeout [ 88.827761][ T5806] Bluetooth: hci1: command tx timeout [ 88.846732][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.856329][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.882475][ T5794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.002466][ T5792] hsr_slave_0: entered promiscuous mode [ 89.009766][ T5792] hsr_slave_1: entered promiscuous mode [ 89.018606][ T5792] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.026249][ T5792] Cannot create hsr debugfs directory [ 89.082933][ T5794] hsr_slave_0: entered promiscuous mode [ 89.089486][ T5794] hsr_slave_1: entered promiscuous mode [ 89.096444][ T5794] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.104210][ T5794] Cannot create hsr debugfs directory [ 89.449307][ T5791] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.460989][ T5791] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.481756][ T5791] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.500509][ T5791] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.561015][ T5793] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.575928][ T5793] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.591669][ T5793] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.610774][ T5793] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.700891][ T5792] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.730727][ T5792] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.742150][ T5792] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.766958][ T5792] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.845366][ T5791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.863818][ T5794] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.886435][ T5794] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.929492][ T5794] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.940777][ T5794] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.995667][ T5791] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.038866][ T5793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.056744][ T1145] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.064260][ T1145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.132994][ T163] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.140211][ T163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.178330][ T5793] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.213662][ T5794] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.233664][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.250809][ T2911] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.258028][ T2911] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.297606][ T5791] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 90.308827][ T5791] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 90.328203][ T1145] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.335401][ T1145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.363806][ T5792] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.388660][ T5794] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.423162][ T2911] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.430396][ T2911] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.447945][ T2911] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.455165][ T2911] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.475398][ T2911] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.482689][ T2911] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.530924][ T1145] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.538208][ T1145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.791445][ T5791] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.892584][ T5791] veth0_vlan: entered promiscuous mode [ 90.900868][ T5806] Bluetooth: hci1: command tx timeout [ 90.908400][ T5800] Bluetooth: hci2: command tx timeout [ 90.914225][ T5806] Bluetooth: hci0: command tx timeout [ 90.915398][ T5798] Bluetooth: hci3: command tx timeout [ 90.957072][ T5791] veth1_vlan: entered promiscuous mode [ 91.063263][ T5791] veth0_macvtap: entered promiscuous mode [ 91.100460][ T5791] veth1_macvtap: entered promiscuous mode [ 91.185549][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.202573][ T5793] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.231847][ T5794] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.247326][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.261297][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.278635][ T5791] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.288616][ T5791] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.298822][ T5791] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.308300][ T5791] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.427990][ T5793] veth0_vlan: entered promiscuous mode [ 91.467842][ T5793] veth1_vlan: entered promiscuous mode [ 91.508263][ T5794] veth0_vlan: entered promiscuous mode [ 91.523158][ T5792] veth0_vlan: entered promiscuous mode [ 91.576899][ T2911] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.579198][ T5792] veth1_vlan: entered promiscuous mode [ 91.601764][ T5794] veth1_vlan: entered promiscuous mode [ 91.603362][ T2911] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.672443][ T163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.682494][ T163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.697760][ T5793] veth0_macvtap: entered promiscuous mode [ 91.738401][ T5793] veth1_macvtap: entered promiscuous mode [ 91.771936][ T5792] veth0_macvtap: entered promiscuous mode [ 91.796052][ T5794] veth0_macvtap: entered promiscuous mode [ 91.807122][ T5792] veth1_macvtap: entered promiscuous mode [ 91.831673][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.842611][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.856456][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.872704][ T5794] veth1_macvtap: entered promiscuous mode [ 91.960370][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.973648][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.987398][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.005936][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.018697][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.021593][ T3064] cfg80211: failed to load regulatory.db [ 92.032332][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.047959][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.060683][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.089041][ T5793] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.102255][ T5793] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.120557][ T5793] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.129774][ T5793] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.155707][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.180708][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.191851][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.203090][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.236454][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.247285][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.281398][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.317944][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.341995][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.357669][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.374069][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.392953][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.410943][ T5792] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.437027][ T5792] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.451153][ T5792] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.460033][ T5792] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.492781][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.504516][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 92.520477][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.530702][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.542516][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.552828][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.563693][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.578023][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.633950][ T5794] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.652773][ T5794] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.662453][ T5794] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.672122][ T5794] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.837856][ T2911] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.851082][ T2911] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.974342][ T50] Bluetooth: hci2: command tx timeout [ 92.979853][ T50] Bluetooth: hci3: command tx timeout [ 92.985513][ T5798] Bluetooth: hci0: command tx timeout [ 92.985642][ T5800] Bluetooth: hci1: command tx timeout [ 93.004927][ T163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.012910][ T163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.118161][ T2911] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.139348][ T2911] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.235620][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.243460][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.331879][ T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.352135][ T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.446223][ T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.460360][ T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.732777][ T5893] syz.0.1[5893]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 95.054043][ T5800] Bluetooth: hci1: command tx timeout [ 95.059547][ T5800] Bluetooth: hci3: command tx timeout [ 95.065551][ T5806] Bluetooth: hci0: command tx timeout [ 95.071016][ T5806] Bluetooth: hci2: command tx timeout [ 95.281161][ T5891] loop3: detected capacity change from 0 to 4096 [ 95.355146][ T5891] ======================================================= [ 95.355146][ T5891] WARNING: The mand mount option has been deprecated and [ 95.355146][ T5891] and is ignored by this kernel. Remove the mand [ 95.355146][ T5891] option from the mount to silence this warning. [ 95.355146][ T5891] ======================================================= [ 95.451875][ T5891] ntfs3: loop3: Primary boot: invalid index size -14. [ 95.507192][ T5891] ntfs3: loop3: try to read out of volume at offset 0x1ffe00 [ 95.999345][ T5914] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 96.082115][ T5910] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 96.187657][ T5910] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 96.361203][ T5893] loop0: detected capacity change from 0 to 32768 [ 96.424602][ T5893] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.1 (5893) [ 96.425041][ T5916] loop3: detected capacity change from 0 to 40427 [ 96.494691][ T5893] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 96.512229][ T5916] F2FS-fs (loop3): Found nat_bits in checkpoint [ 96.572084][ T5893] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 96.613282][ T5916] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 96.616048][ T5893] BTRFS info (device loop0): metadata ratio 2 [ 96.696717][ T5893] BTRFS info (device loop0): allowing degraded mounts [ 96.738148][ T5893] BTRFS info (device loop0): force zlib compression, level 3 [ 96.786325][ T5893] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 96.850029][ T5893] BTRFS info (device loop0): use zstd compression, level 3 [ 97.035314][ T5928] syz.3.8: attempt to access beyond end of device [ 97.035314][ T5928] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 97.248159][ T5893] BTRFS info (device loop0): force clearing of disk cache [ 97.286686][ T5893] BTRFS info (device loop0): max_inline at 0 [ 97.345496][ T5893] BTRFS info (device loop0): using free space tree [ 97.404978][ T5893] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR [ 97.421418][ T5893] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 97.514583][ T5893] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 97.577460][ T5893] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 97.577488][ T5793] syz-executor: attempt to access beyond end of device [ 97.577488][ T5793] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 97.643618][ T5893] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 97.652411][ T5793] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 97.684866][ T5893] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 97.685426][ T5893] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 97.716001][ T5893] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 97.838469][ T5893] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 97.947390][ T5893] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 98.300393][ T5893] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 98.594767][ T5893] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 98.721329][ T5893] BTRFS error (device loop0): open_ctree failed: -12 [ 98.819819][ T5808] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by udevd (5808) [ 99.093263][ T5950] loop2: detected capacity change from 0 to 4096 [ 99.152118][ T5950] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 99.244471][ T5950] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 99.584720][ T5950] ntfs3: loop2: Failed to initialize $Extend/$ObjId. [ 100.008701][ T5950] ntfs3: loop2: ino=5, "/" directory corrupted [ 101.415613][ T5977] Zero length message leads to an empty skb [ 102.350624][ T5978] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 102.363512][ T5977] netlink: 4 bytes leftover after parsing attributes in process `syz.3.20'. [ 102.421359][ T5987] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 102.493005][ T5976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 102.558279][ T5997] loop2: detected capacity change from 0 to 1024 [ 102.572341][ T5997] EXT4-fs (loop2): Cannot use DAX on a filesystem that may contain inline data [ 102.800026][ T5999] process 'syz.3.25' launched './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 102.812958][ T5999] syz.3.25 uses obsolete (PF_INET,SOCK_PACKET) [ 105.535480][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 105.893236][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 105.902040][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 105.995493][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 106.004180][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 106.095676][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 106.105426][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 106.302445][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 106.474862][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 106.475083][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 107.005774][ T5905] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 107.036857][ T6013] loop1: detected capacity change from 0 to 32768 [ 107.123636][ T6013] [ 107.123636][ T6013] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 107.123636][ T6013] [ 107.214850][ T5905] usb 1-1: Using ep0 maxpacket: 8 [ 107.215069][ T6013] ERROR: (device loop1): diWrite: ixpxd invalid [ 107.215069][ T6013] [ 107.239688][ T5905] usb 1-1: config 0 has no interfaces? [ 107.258998][ T6013] ERROR: (device loop1): remounting filesystem as read-only [ 107.269865][ T5905] usb 1-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 107.284916][ T6013] ERROR: (device loop1): txCommit: [ 107.284916][ T6013] [ 107.287387][ T5905] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.333998][ T5905] usb 1-1: Product: syz [ 107.338323][ T5905] usb 1-1: Manufacturer: syz [ 107.372607][ T5905] usb 1-1: SerialNumber: syz [ 107.410677][ T5905] usb 1-1: config 0 descriptor?? [ 108.349854][ T2199] usb 1-1: USB disconnect, device number 2 [ 108.651133][ T6042] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 108.702915][ T2199] wlan1: authenticate with 08:02:11:00:00:00 [ 108.713381][ T2199] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 108.727072][ T6043] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 108.755636][ T5988] wlan1: authenticated [ 108.766571][ T2199] mac80211_hwsim hwsim9 wlan1: disabling HT/VHT/HE as WMM/QoS is not supported by the AP [ 108.807569][ T34] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 108.829825][ T6042] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 108.845629][ T34] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1) [ 108.856367][ T34] wlan1: associated [ 108.872961][ T6034] loop2: detected capacity change from 0 to 32768 [ 108.902260][ T6034] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.35 (6034) [ 109.936091][ T6034] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 110.753662][ T6034] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 110.812753][ T6055] bridge_slave_0: default FDB implementation only supports local addresses [ 110.951703][ T6034] BTRFS info (device loop2): enabling auto defrag [ 111.036632][ T6034] BTRFS info (device loop2): doing ref verification [ 111.134873][ T6034] BTRFS info (device loop2): use no compression [ 111.212648][ T6034] BTRFS info (device loop2): force clearing of disk cache [ 111.340570][ T6034] BTRFS info (device loop2): max_inline at 4096 [ 111.369116][ T6034] BTRFS info (device loop2): disabling free space tree [ 111.378912][ T6034] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR [ 111.379614][ T6034] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 111.394848][ T6034] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 111.425027][ T6034] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 111.533823][ T6034] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 111.599199][ T6034] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 111.631507][ T6034] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 111.653685][ T6034] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 111.698307][ T6034] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 111.752684][ T6034] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 111.808423][ T6034] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 111.887067][ T6034] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 111.973084][ T6034] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 111.994265][ T6073] loop3: detected capacity change from 0 to 4096 [ 112.061639][ T6073] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 112.089967][ T6034] BTRFS error (device loop2): open_ctree failed: -12 [ 112.182307][ T6073] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 112.255971][ T6073] ntfs3: loop3: failed to convert "c46c" to iso8859-7 [ 112.648912][ T6088] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 112.738075][ T6088] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 112.831370][ T6088] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 114.022641][ T6102] loop3: detected capacity change from 0 to 1024 [ 114.035365][ T6102] EXT4-fs: Ignoring removed nobh option [ 114.041282][ T6102] EXT4-fs: Ignoring removed bh option [ 114.332159][ T6102] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 114.745700][ T6102] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 114.781447][ T6107] netlink: 64 bytes leftover after parsing attributes in process `syz.1.54'. [ 115.106642][ T5793] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.763890][ C1] sched: RT throttling activated [ 117.789970][ T6134] loop3: detected capacity change from 0 to 512 [ 117.797581][ T6134] EXT4-fs: Ignoring removed mblk_io_submit option [ 117.914559][ T6134] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 118.301334][ T6134] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 118.342300][ T6134] ext4 filesystem being mounted at /15/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 118.359877][ T6141] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 118.486825][ T6126] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 118.618089][ T5793] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.619872][ T6126] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 122.165966][ T6187] loop2: detected capacity change from 0 to 1024 [ 122.675418][ T6192] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 122.744221][ T6192] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 122.838453][ T6196] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 123.890187][ T5801] IPVS: starting estimator thread 0... [ 124.004423][ T6208] IPVS: using max 18 ests per chain, 43200 per kthread [ 124.837109][ T6205] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 125.072837][ T6217] loop3: detected capacity change from 0 to 512 [ 125.105683][ T6217] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 125.180915][ T6217] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 125.209780][ T6217] ext4 filesystem being mounted at /23/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 126.112978][ T6228] binder: 6227:6228 unknown command 1074553619 [ 126.123992][ T6228] binder: 6227:6228 ioctl c0306201 200000000540 returned -22 [ 126.336142][ T6225] netlink: set zone limit has 8 unknown bytes [ 126.416583][ T5793] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 126.746001][ T6233] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 126.818528][ T6233] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 126.901577][ T6233] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 128.150481][ T6249] loop0: detected capacity change from 0 to 128 [ 128.233437][ T6249] EXT4-fs: Ignoring removed nobh option [ 128.253702][ T6253] loop2: detected capacity change from 0 to 256 [ 128.314331][ T6253] exfat: Deprecated parameter 'utf8' [ 128.398597][ T6253] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xdd33351c, utbl_chksum : 0xe619d30d) [ 128.422420][ T6249] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 128.478084][ T6258] loop1: detected capacity change from 0 to 1024 [ 128.847405][ T6249] ext4 filesystem being mounted at /18/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 129.375645][ T6253] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 129.509410][ T48] hfsplus: b-tree write err: -5, ino 4 [ 129.889057][ T5792] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:406: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 130.033760][ T5792] EXT4-fs error (device loop0): ext4_readdir:223: inode #11: comm syz-executor: path /18/mnt/lost+found: directory fails checksum at offset 0 [ 130.068457][ T5792] EXT4-fs error (device loop0): ext4_readdir:223: inode #11: comm syz-executor: path /18/mnt/lost+found: directory fails checksum at offset 1024 [ 130.144130][ T5792] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:406: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 130.447989][ T5792] EXT4-fs error (device loop0): ext4_empty_dir:3139: inode #11: comm syz-executor: Directory block failed checksum [ 130.561714][ T6273] loop3: detected capacity change from 0 to 1024 [ 130.570482][ T6273] EXT4-fs: Ignoring removed mblk_io_submit option [ 130.577603][ T6273] EXT4-fs: Ignoring removed bh option [ 130.595075][ T6273] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 130.822406][ T6273] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 131.045803][ T5792] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:406: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 131.070374][ T5792] EXT4-fs error (device loop0): ext4_readdir:223: inode #11: comm syz-executor: path /18/mnt/lost+found: directory fails checksum at offset 0 [ 131.091857][ T5792] EXT4-fs error (device loop0): ext4_readdir:223: inode #11: comm syz-executor: path /18/mnt/lost+found: directory fails checksum at offset 1024 [ 131.161526][ T6273] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4036: comm syz.3.104: Allocating blocks 497-513 which overlap fs metadata [ 131.181897][ T6273] EXT4-fs (loop3): pa ffff8880792780e8: logic 256, phys. 385, len 8 [ 131.190939][ T6273] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5377: group 0, free 0, pa_free 1 [ 131.250769][ T5792] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:406: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 131.305262][ T6281] loop2: detected capacity change from 0 to 256 [ 131.354312][ T6281] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [ 131.400482][ T5792] EXT4-fs error (device loop0): ext4_empty_dir:3139: inode #11: comm syz-executor: Directory block failed checksum [ 131.435965][ T5792] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:406: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 131.475125][ T5792] EXT4-fs error (device loop0): ext4_readdir:223: inode #11: comm syz-executor: path /18/mnt/lost+found: directory fails checksum at offset 0 [ 131.487103][ T5793] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.512038][ T6281] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000008) [ 131.534829][ T5792] EXT4-fs error (device loop0): ext4_readdir:223: inode #11: comm syz-executor: path /18/mnt/lost+found: directory fails checksum at offset 1024 [ 131.538908][ T6281] exFAT-fs (loop2): error, failed to bmap (inode : ffff88805fde8e60 iblock : 8, err : -5) [ 131.576729][ T5792] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:406: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 131.578615][ T6281] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000008) [ 131.607658][ T6281] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000008) [ 131.609469][ T5792] EXT4-fs error (device loop0): ext4_empty_dir:3139: inode #11: comm syz-executor: Directory block failed checksum [ 131.766162][ T5792] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:406: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 131.819395][ T5792] EXT4-fs error (device loop0): ext4_readdir:223: inode #11: comm syz-executor: path /18/mnt/lost+found: directory fails checksum at offset 0 [ 131.890274][ T5792] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:406: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 132.577549][ T5792] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:406: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 132.663584][ T5792] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:406: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 132.981417][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.999023][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.891073][ T5792] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 135.963132][ T992] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.109856][ T992] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.192914][ C0] vxcan1: j1939_tp_rxtimer: 0xffff888021476400: rx timeout, send abort [ 136.250640][ T992] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.379993][ T992] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.694114][ C0] vxcan1: j1939_tp_rxtimer: 0xffff888021475400: rx timeout, send abort [ 137.202479][ C0] vxcan1: j1939_tp_rxtimer: 0xffff888021475400: abort rx timeout. Force session deactivation [ 139.710361][ T6335] netlink: 4 bytes leftover after parsing attributes in process `syz.1.122'. [ 139.921358][ T5800] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 139.940049][ T5800] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 139.948719][ T5800] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 139.958838][ T5800] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 139.969839][ T5800] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 139.977468][ T5800] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 140.903472][ T6348] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 140.918089][ T6354] netlink: 12 bytes leftover after parsing attributes in process `syz.3.126'. [ 140.987683][ T6350] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 141.044171][ T28] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 141.072095][ T6350] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 141.704805][ T28] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 141.715736][ T28] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 141.727074][ T28] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 141.736921][ T28] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 141.745032][ T28] usb 3-1: SerialNumber: syz [ 141.775513][ T6338] chnl_net:caif_netlink_parms(): no params data found [ 142.012137][ T28] usb 3-1: 0:2 : does not exist [ 142.094173][ T50] Bluetooth: hci3: command tx timeout [ 142.226838][ T992] hsr_slave_0: left promiscuous mode [ 142.234760][ T28] usb 3-1: USB disconnect, device number 2 [ 142.485555][ T992] hsr_slave_1: left promiscuous mode [ 142.820691][ T992] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 142.963796][ T992] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 143.170922][ T5808] udevd[5808]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 143.202624][ T992] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 143.263795][ T992] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 143.354979][ T992] bridge_slave_1: left allmulticast mode [ 143.360681][ T992] bridge_slave_1: left promiscuous mode [ 143.399596][ T992] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.441460][ T992] bridge_slave_0: left allmulticast mode [ 143.454076][ T992] bridge_slave_0: left promiscuous mode [ 143.464633][ T992] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.568045][ T992] veth1_macvtap: left promiscuous mode [ 143.574666][ T992] veth0_macvtap: left promiscuous mode [ 143.585569][ T992] veth1_vlan: left promiscuous mode [ 143.591316][ T992] veth0_vlan: left promiscuous mode [ 144.195046][ T50] Bluetooth: hci3: command tx timeout [ 145.603832][ T6397] ALSA: mixer_oss: invalid index 40000 [ 146.264128][ T50] Bluetooth: hci3: command tx timeout [ 146.343117][ T992] team0 (unregistering): Port device team_slave_1 removed [ 146.411358][ T992] team0 (unregistering): Port device team_slave_0 removed [ 146.508820][ T992] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 146.587020][ T992] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 147.256699][ T992] bond0 (unregistering): Released all slaves [ 147.424961][ T6409] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 147.450550][ T6338] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.458049][ T6338] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.467165][ T6338] bridge_slave_0: entered allmulticast mode [ 147.477377][ T6338] bridge_slave_0: entered promiscuous mode [ 147.500640][ T6407] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 147.545812][ T6338] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.553022][ T6338] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.619184][ T6338] bridge_slave_1: entered allmulticast mode [ 147.641417][ T6338] bridge_slave_1: entered promiscuous mode [ 147.928649][ T6338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 148.072127][ T6338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 148.228831][ T6338] team0: Port device team_slave_0 added [ 148.258701][ T6338] team0: Port device team_slave_1 added [ 148.335127][ T50] Bluetooth: hci3: command tx timeout [ 148.338904][ T6338] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 148.368496][ T6338] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.424607][ T28] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 148.432271][ T6338] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 148.486381][ T6338] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 148.499709][ T6338] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.578615][ T6430] loop1: detected capacity change from 0 to 512 [ 148.582051][ T6338] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 148.612909][ T6430] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 148.642887][ T28] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 148.664104][ T28] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.673483][ T992] IPVS: stop unused estimator thread 0... [ 148.788038][ T6338] hsr_slave_0: entered promiscuous mode [ 148.820703][ T6338] hsr_slave_1: entered promiscuous mode [ 148.839708][ T6338] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 148.868474][ T6338] Cannot create hsr debugfs directory [ 148.907894][ T28] usb 3-1: config 0 descriptor?? [ 148.923361][ T6430] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #17: comm syz.1.142: iget: bad i_size value: -6917529027641081756 [ 148.943693][ T6430] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.142: couldn't read orphan inode 17 (err -117) [ 148.950842][ T28] cp210x 3-1:0.0: cp210x converter detected [ 149.279963][ T6430] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 149.556556][ T6431] ALSA: mixer_oss: invalid index 40000 [ 149.724470][ T6430] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.142: bg 0: block 65: padding at end of block bitmap is not set [ 149.804467][ T6430] Quota error (device loop1): write_blk: dquota write failed [ 149.812485][ T6430] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 149.832924][ T6443] Quota error (device loop1): do_check_range: Getting block 16777216 out of range 0-7 [ 149.843677][ T6430] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.142: Failed to acquire dquot type 0 [ 149.852262][ T28] cp210x 3-1:0.0: failed to get vendor val 0x370c size 73: -71 [ 149.883293][ T28] cp210x 3-1:0.0: GPIO initialisation failed: -71 [ 149.934879][ T28] usb 3-1: cp210x converter now attached to ttyUSB0 [ 150.003346][ T28] usb 3-1: USB disconnect, device number 3 [ 150.015842][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.050221][ T28] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 150.098728][ T28] cp210x 3-1:0.0: device disconnected [ 151.140535][ T6338] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.181277][ T6466] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input5 [ 151.243417][ T6338] 8021q: adding VLAN 0 to HW filter on device team0 [ 151.356944][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.364198][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.422019][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.429300][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 151.446636][ T6474] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 151.530526][ T6474] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 151.645116][ T6469] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 152.709100][ T6338] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 153.603273][ T6496] ALSA: mixer_oss: invalid index 40000 [ 154.161914][ T6510] loop2: detected capacity change from 0 to 4096 [ 154.177660][ T6515] loop1: detected capacity change from 0 to 256 [ 154.207649][ T5905] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 154.401578][ T6338] veth0_vlan: entered promiscuous mode [ 154.469246][ T5905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 154.710739][ T5905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 154.798459][ T6338] veth1_vlan: entered promiscuous mode [ 154.844150][ T5905] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 155.008942][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.032994][ T6338] veth0_macvtap: entered promiscuous mode [ 155.047535][ T5905] usb 4-1: config 0 descriptor?? [ 155.091743][ T6338] veth1_macvtap: entered promiscuous mode [ 155.321244][ T6338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.341812][ T6338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.352470][ T6338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.371398][ T6338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.381985][ T6338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.408681][ T6338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.466313][ T6338] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 155.545533][ T6338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.569409][ T6338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.579561][ T6338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.597404][ T6338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.618049][ T6338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.628809][ T6338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.690958][ T6338] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 156.306594][ T5905] usb 4-1: string descriptor 0 read error: -71 [ 156.334143][ T5905] uclogic 0003:256C:006D.0001: failed retrieving string descriptor #200: -71 [ 156.345876][ T5905] uclogic 0003:256C:006D.0001: failed retrieving pen parameters: -71 [ 156.364211][ T5905] uclogic 0003:256C:006D.0001: failed probing pen v2 parameters: -71 [ 156.378337][ T5905] uclogic 0003:256C:006D.0001: failed probing parameters: -71 [ 156.394975][ T5905] uclogic: probe of 0003:256C:006D.0001 failed with error -71 [ 156.435805][ T5905] usb 4-1: USB disconnect, device number 2 [ 156.638620][ T6533] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 156.661807][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.679993][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.734688][ T6533] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 156.749096][ T992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.757784][ T992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.832652][ T6542] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 157.629946][ T6559] ALSA: mixer_oss: invalid index 40000 [ 159.344769][ T6573] Illegal XDP return value 4294967274 on prog (id 40) dev syz_tun, expect packet loss! [ 159.638735][ T6581] block device autoloading is deprecated and will be removed. [ 160.352300][ T6586] loop3: detected capacity change from 0 to 4096 [ 160.525409][ T6586] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 160.563825][ T6586] EXT4-fs: Ignoring removed orlov option [ 160.595478][ T6586] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 160.647433][ T6586] EXT4-fs (loop3): can't enable nombcache during remount [ 160.728570][ T5793] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.812897][ T6595] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 160.834992][ T5905] wlan1: authenticate with 08:02:11:00:00:00 [ 160.857022][ T5905] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 160.898590][ T6564] loop1: detected capacity change from 0 to 32768 [ 160.925007][ T6597] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 160.936949][ T1125] wlan1: authenticated [ 160.944335][ T5905] mac80211_hwsim hwsim11 wlan1: disabling HT/VHT/HE as WMM/QoS is not supported by the AP [ 160.997211][ T1125] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 161.073945][ T11] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1) [ 161.075875][ T6597] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 161.093714][ T11] wlan1: associated [ 161.143543][ T6564] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 161.221513][ T27] audit: type=1800 audit(1752257890.122:2): pid=6564 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.166" name="file1" dev="loop1" ino=17058 res=0 errno=0 [ 161.454572][ T28] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 161.839119][ T6564] syz.1.166 (6564) used greatest stack depth: 17544 bytes left [ 161.852070][ T28] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 162.015744][ T28] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 162.027775][ T28] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 162.037950][ T28] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 162.049997][ T28] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 162.063650][ T28] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 162.073344][ T28] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 162.081683][ T28] usb 4-1: Product: syz [ 162.086256][ T28] usb 4-1: Manufacturer: syz [ 162.155654][ T6616] ALSA: mixer_oss: invalid index 40000 [ 162.277626][ T28] cdc_wdm 4-1:1.0: skipping garbage [ 162.380952][ T28] cdc_wdm 4-1:1.0: skipping garbage [ 162.747226][ T28] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 162.785451][ T28] cdc_wdm 4-1:1.0: Unknown control protocol [ 162.837938][ T5794] ocfs2: Unmounting device (7,1) on (node local) [ 162.990714][ T6620] loop2: detected capacity change from 0 to 256 [ 163.037872][ T6620] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 163.097703][ T6620] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 163.140224][ T6620] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 164.575657][ T28] usb 5-1: new low-speed USB device number 2 using dummy_hcd [ 164.741913][ T23] usb 4-1: USB disconnect, device number 3 [ 164.911246][ T28] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 164.931851][ T28] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 164.958547][ T28] usb 5-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 165.407947][ T28] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 165.465073][ T28] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 165.527791][ T28] usb 5-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 165.794467][ T28] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 165.824335][ T28] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 165.837136][ T28] usb 5-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 165.861321][ T28] usb 5-1: string descriptor 0 read error: -22 [ 165.868978][ T28] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 165.880117][ T28] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.044124][ T28] adutux 5-1:168.0: interrupt endpoints not found [ 166.379865][ T8] usb 5-1: USB disconnect, device number 2 [ 166.458122][ T6666] ALSA: mixer_oss: invalid index 40000 [ 167.312786][ T6668] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 167.406364][ T6668] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 167.496414][ T6668] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 167.575748][ T6684] loop2: detected capacity change from 0 to 256 [ 167.612021][ T6684] FAT-fs (loop2): Unrecognized mount option "shortnme" or missing value [ 168.948558][ T6707] loop2: detected capacity change from 0 to 256 [ 168.976236][ T5800] Bluetooth: hci3: command 0x0406 tx timeout [ 169.348204][ T6710] ALSA: mixer_oss: invalid index 40000 [ 169.968360][ T6717] loop3: detected capacity change from 0 to 256 [ 170.049816][ T6717] FAT-fs (loop3): Directory bread(block 64) failed [ 170.056565][ T6717] FAT-fs (loop3): Directory bread(block 65) failed [ 170.063440][ T6717] FAT-fs (loop3): Directory bread(block 66) failed [ 170.070126][ T6717] FAT-fs (loop3): Directory bread(block 67) failed [ 170.076888][ T6717] FAT-fs (loop3): Directory bread(block 68) failed [ 170.083451][ T6717] FAT-fs (loop3): Directory bread(block 69) failed [ 170.090194][ T6717] FAT-fs (loop3): Directory bread(block 70) failed [ 170.098606][ T6717] FAT-fs (loop3): Directory bread(block 71) failed [ 170.105322][ T6717] FAT-fs (loop3): Directory bread(block 72) failed [ 170.111882][ T6717] FAT-fs (loop3): Directory bread(block 73) failed [ 171.242859][ T6726] loop2: detected capacity change from 0 to 64 [ 171.387568][ T50] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 171.396689][ T50] Bluetooth: hci1: Injecting HCI hardware error event [ 171.406221][ T50] Bluetooth: hci1: hardware error 0x00 [ 171.634064][ T6728] xt_CT: No such helper "syz0" [ 171.852925][ T6737] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 172.016649][ T6741] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 172.082084][ T6737] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 172.856521][ T6721] loop1: detected capacity change from 0 to 32768 [ 172.914787][ T6721] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.202 (6721) [ 173.004025][ T6721] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 173.044196][ T6721] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 173.063404][ T6721] BTRFS info (device loop1): enabling auto defrag [ 173.084191][ T6721] BTRFS info (device loop1): doing ref verification [ 173.100570][ T6721] BTRFS info (device loop1): use no compression [ 173.150228][ T6757] capability: warning: `syz.2.212' uses deprecated v2 capabilities in a way that may be insecure [ 173.234143][ T6721] BTRFS info (device loop1): force clearing of disk cache [ 173.367424][ T6721] BTRFS info (device loop1): setting nodatacow, compression disabled [ 173.485538][ T6761] ALSA: mixer_oss: invalid index 40000 [ 174.284452][ T50] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 174.293158][ T6721] BTRFS info (device loop1): disabling free space tree [ 174.331128][ T6721] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR [ 174.331924][ T6721] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 174.408264][ T6721] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 174.465428][ T6721] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 174.534583][ T6721] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 174.665951][ T6721] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 174.675816][ T6721] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 174.685565][ T6721] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 174.697651][ T6721] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 174.714008][ T6721] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 174.724434][ T6721] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 174.735131][ T6721] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 174.745911][ T6721] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 174.759903][ T6721] BTRFS error (device loop1): open_ctree failed: -12 [ 175.152517][ T6768] cgroup: fork rejected by pids controller in /syz2 [ 176.439510][ T6830] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 176.519078][ T6830] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 176.571816][ T6844] loop4: detected capacity change from 0 to 512 [ 176.579376][ T6844] EXT4-fs: Ignoring removed nomblk_io_submit option [ 176.581655][ T6830] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 176.635587][ T6844] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 176.729873][ T6844] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 176.742959][ T6844] ext4 filesystem being mounted at /13/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 176.797054][ T27] audit: type=1800 audit(1752257905.702:3): pid=6844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.220" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 176.933583][ T6338] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.224435][ T6855] ALSA: mixer_oss: invalid index 40000 [ 178.552563][ T6863] loop3: detected capacity change from 0 to 256 [ 179.108389][ T6863] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 180.789482][ T6880] loop2: detected capacity change from 0 to 2048 [ 180.883217][ T6880] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 182.059289][ T6885] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 182.442380][ T11] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 182.574247][ T11] EXT4-fs (loop2): This should not happen!! Data will be lost [ 182.574247][ T11] [ 182.827086][ T11] EXT4-fs (loop2): Total free blocks count 0 [ 182.944026][ T11] EXT4-fs (loop2): Free/Dirty block details [ 182.994101][ T11] EXT4-fs (loop2): free_blocks=2415919104 [ 183.014122][ T11] EXT4-fs (loop2): dirty_blocks=16 [ 183.023643][ T6903] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 183.033969][ T11] EXT4-fs (loop2): Block reservation details [ 183.064585][ T11] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 183.117657][ T5791] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.207506][ T6903] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 183.473368][ T6914] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 186.548378][ T6939] loop3: detected capacity change from 0 to 256 [ 186.624931][ T6939] FAT-fs (loop3): unable to read block(603979776) for building NFS inode [ 187.585667][ T6950] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 187.709836][ T5905] IPVS: starting estimator thread 0... [ 187.849682][ T6950] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 187.894029][ T6956] IPVS: using max 16 ests per chain, 38400 per kthread [ 187.965523][ T6950] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 188.012548][ T6954] loop3: detected capacity change from 0 to 4096 [ 188.203997][ T2199] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 188.429057][ T2199] usb 2-1: config 0 has an invalid interface number: 41 but max is 0 [ 188.444014][ T2199] usb 2-1: config 0 has no interface number 0 [ 188.455942][ T2199] usb 2-1: config 0 interface 41 has no altsetting 0 [ 188.510698][ T2199] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 188.524064][ T2199] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.562925][ T2199] usb 2-1: Product: syz [ 188.577501][ T2199] usb 2-1: Manufacturer: syz [ 188.582170][ T2199] usb 2-1: SerialNumber: syz [ 189.451014][ T2199] usb 2-1: config 0 descriptor?? [ 189.940727][ T6978] loop3: detected capacity change from 0 to 512 [ 190.176665][ T6978] EXT4-fs (loop3): 1 truncate cleaned up [ 190.255223][ T6978] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 190.415068][ T5793] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.512595][ T2199] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0 [ 190.627609][ T7001] loop3: detected capacity change from 0 to 256 [ 190.691113][ T7001] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 190.721507][ T27] audit: type=1800 audit(1752257919.622:4): pid=7001 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.251" name="file1" dev="loop3" ino=1048606 res=0 errno=0 [ 190.967622][ T6965] loop4: detected capacity change from 0 to 40427 [ 191.005200][ T6965] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 191.021361][ T6965] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 191.035802][ T2199] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9 [ 191.082855][ T2199] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): Failed to reset PHY: -71 [ 191.127300][ T6965] F2FS-fs (loop4): invalid crc value [ 191.140256][ T2199] CoreChips: probe of 2-1:0.41 failed with error -71 [ 191.157753][ T6965] F2FS-fs (loop4): Found nat_bits in checkpoint [ 191.198910][ T2199] usb 2-1: USB disconnect, device number 2 [ 191.288759][ T7013] ALSA: mixer_oss: invalid index 40000 [ 192.757518][ T7026] loop1: detected capacity change from 0 to 128 [ 192.888897][ T7026] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 193.006430][ T7026] ext4 filesystem being mounted at /64/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 194.473330][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.486650][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.513616][ T5794] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 194.652680][ T7040] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 195.329235][ T7040] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 195.575579][ T7040] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 195.614344][ T50] Bluetooth: hci2: unexpected cc 0x2039 length: 9 > 1 [ 197.044001][ T7057] ALSA: mixer_oss: invalid index 40000 [ 197.799702][ T7059] comedi comedi0: dac02: I/O port conflict (0x1c,8) [ 201.449178][ T7096] Bluetooth: MGMT ver 1.22 [ 203.581578][ T7107] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 203.684603][ T7105] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 203.774259][ T7107] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 204.127756][ T7121] ALSA: mixer_oss: invalid index 40000 [ 204.218373][ T7123] loop4: detected capacity change from 0 to 4096 [ 204.390819][ T7127] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 208.141071][ T7158] loop1: detected capacity change from 0 to 512 [ 208.234221][ T7158] EXT4-fs: Ignoring removed nobh option [ 208.247684][ T7158] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 208.283097][ T7158] EXT4-fs (loop1): Test dummy encryption mode enabled [ 208.599168][ T7158] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #15: comm syz.1.284: iget: bad i_size value: 38620345925642 [ 208.934582][ T7158] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.284: couldn't read orphan inode 15 (err -117) [ 209.005456][ T7158] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 209.318980][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.475801][ T7171] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 209.577375][ T7151] loop4: detected capacity change from 0 to 32768 [ 209.578004][ T7171] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 209.775808][ T7171] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 209.990881][ T7151] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 210.535395][ T7151] XFS (loop4): Ending clean mount [ 210.766762][ T6338] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 210.808729][ T7195] vlan2: entered promiscuous mode [ 210.822832][ T7195] macvlan1: entered promiscuous mode [ 211.177305][ T7177] loop1: detected capacity change from 0 to 32768 [ 211.254175][ T7177] (syz.1.287,7177,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 211.316228][ T7177] (syz.1.287,7177,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 211.591771][ T7177] JBD2: Ignoring recovery information on journal [ 211.931672][ T5800] Bluetooth: hci2: command 0x0406 tx timeout [ 212.391494][ T7177] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 212.893000][ T7227] ALSA: mixer_oss: invalid index 40000 [ 212.948683][ T7200] loop3: detected capacity change from 0 to 32768 [ 214.064834][ T5794] ocfs2: Unmounting device (7,1) on (node local) [ 214.724265][ T7234] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 215.101725][ T5808] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 scanned by udevd (5808) [ 215.169523][ T7234] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 215.354354][ T7234] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 215.494997][ T7243] program syz.1.298 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 217.143264][ T7258] loop3: detected capacity change from 0 to 32768 [ 217.158988][ T7259] loop1: detected capacity change from 0 to 128 [ 217.258916][ T7258] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop3 scanned by syz.3.302 (7258) [ 217.283705][ T7259] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 217.401410][ T7259] UDF-fs: error (device loop1): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 217.848938][ T7258] BTRFS info (device loop3): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 217.859282][ T7258] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 217.868246][ T7258] BTRFS info (device loop3): setting nodatacow, compression disabled [ 217.876415][ T7258] BTRFS info (device loop3): turning on flush-on-commit [ 217.883454][ T7258] BTRFS info (device loop3): using free space tree [ 218.186184][ T7258] BTRFS info (device loop3): enabling ssd optimizations [ 218.193249][ T7258] BTRFS info (device loop3): auto enabling async discard [ 219.128121][ T5793] BTRFS info (device loop3): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 220.204504][ T7303] ALSA: mixer_oss: invalid index 40000 [ 221.614103][ T5801] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 221.928788][ T5801] usb 3-1: not running at top speed; connect to a high speed hub [ 222.044877][ T5801] usb 3-1: config 1 interface 0 has no altsetting 0 [ 222.110555][ T5801] usb 3-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.40 [ 222.133977][ T5801] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.152422][ T5801] usb 3-1: Product: syz [ 222.172327][ T5801] usb 3-1: Manufacturer: syz [ 222.178841][ T5801] usb 3-1: SerialNumber: syz [ 222.449250][ T5801] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input6 [ 222.518746][ T5143] bcm5974 3-1:1.0: could not read from device [ 222.541729][ T5801] usb 3-1: USB disconnect, device number 4 [ 222.807481][ T7330] loop4: detected capacity change from 0 to 128 [ 222.847432][ T7330] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 222.962026][ T7330] UDF-fs: error (device loop4): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 223.141428][ T7331] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 223.774538][ T7328] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 223.855826][ T7328] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 225.286419][ T7346] loop2: detected capacity change from 0 to 32768 [ 225.300758][ T7346] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop2 scanned by syz.2.318 (7346) [ 225.321173][ T7346] BTRFS info (device loop2): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 225.331462][ T7346] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 225.340273][ T7346] BTRFS info (device loop2): setting nodatacow, compression disabled [ 225.348458][ T7346] BTRFS info (device loop2): turning on flush-on-commit [ 225.355518][ T7346] BTRFS info (device loop2): using free space tree [ 225.591019][ T7346] BTRFS info (device loop2): enabling ssd optimizations [ 225.598299][ T7346] BTRFS info (device loop2): auto enabling async discard [ 226.467074][ T7360] ALSA: mixer_oss: invalid index 40000 [ 226.521487][ T5791] BTRFS info (device loop2): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 226.748638][ T7375] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 226.811347][ T7375] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 226.932795][ T7381] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 227.714101][ T8] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 227.817746][ T7404] loop3: detected capacity change from 0 to 128 [ 227.869978][ T7404] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 227.934655][ T8] usb 2-1: Using ep0 maxpacket: 32 [ 228.033747][ T7404] UDF-fs: error (device loop3): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 228.201756][ T8] usb 2-1: New USB device found, idVendor=0b95, idProduct=2791, bcdDevice= d.2d [ 228.406658][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.797224][ T8] usb 2-1: Product: syz [ 228.801862][ T8] usb 2-1: Manufacturer: syz [ 228.818689][ T8] usb 2-1: SerialNumber: syz [ 229.222717][ T8] aqc111: probe of 2-1:1.0 failed with error -22 [ 229.417463][ T8] usb 2-1: USB disconnect, device number 3 [ 230.989839][ T7430] ALSA: mixer_oss: invalid index 40000 [ 234.434756][ T7445] ALSA: mixer_oss: invalid index 40000 [ 234.614133][ T7450] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 234.713456][ T7452] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 235.765869][ T7450] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 235.931472][ T7454] loop4: detected capacity change from 0 to 32768 [ 235.970204][ T7461] loop2: detected capacity change from 0 to 128 [ 236.020197][ T7454] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop4 scanned by syz.4.335 (7454) [ 236.050593][ T7461] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 236.166371][ T7461] UDF-fs: error (device loop2): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 237.127727][ T7468] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 239.724144][ T7490] ALSA: mixer_oss: invalid index 40000 [ 240.156357][ T7492] loop3: detected capacity change from 0 to 256 [ 240.213325][ T7492] exfat: Deprecated parameter 'utf8' [ 240.259893][ T7492] exfat: Deprecated parameter 'utf8' [ 240.282338][ T7492] exfat: Deprecated parameter 'utf8' [ 240.317344][ T7492] exfat: Deprecated parameter 'utf8' [ 240.420823][ T7492] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xac5c0b1f, utbl_chksum : 0xe619d30d) [ 241.415149][ T7502] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.504249][ T7502] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 242.398989][ T7502] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 242.469631][ T7504] loop4: detected capacity change from 0 to 32768 [ 242.497853][ T7504] BTRFS info (device loop4): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 242.508193][ T7504] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 242.517150][ T7504] BTRFS info (device loop4): setting nodatacow, compression disabled [ 242.525378][ T7504] BTRFS info (device loop4): turning on flush-on-commit [ 242.532381][ T7504] BTRFS info (device loop4): using free space tree [ 242.596167][ T7510] loop3: detected capacity change from 0 to 128 [ 242.613791][ T7510] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 242.704869][ T7510] UDF-fs: error (device loop3): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 243.224337][ T7504] BTRFS info (device loop4): enabling ssd optimizations [ 243.231351][ T7504] BTRFS info (device loop4): auto enabling async discard [ 244.436964][ T6338] BTRFS info (device loop4): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 245.245659][ T7543] ALSA: mixer_oss: invalid index 40000 [ 245.894403][ T7542] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 245.997260][ T7542] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 246.077680][ T7548] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 246.351272][ T7555] loop1: detected capacity change from 0 to 256 [ 246.372299][ T7555] exfat: Deprecated parameter 'utf8' [ 246.378489][ T7555] exfat: Deprecated parameter 'utf8' [ 246.388089][ T7555] exfat: Deprecated parameter 'utf8' [ 246.398471][ T7555] exfat: Deprecated parameter 'utf8' [ 246.433575][ T7555] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xac5c0b1f, utbl_chksum : 0xe619d30d) [ 246.605460][ T7559] ALSA: mixer_oss: invalid index 40000 [ 248.189214][ T7562] IPVS: Scheduler module ip_vs_sip not found [ 248.219115][ T7564] IPVS: length: 8 != 446622349272 [ 250.621803][ T7593] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 250.706347][ T7593] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 250.787204][ T7593] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 251.531433][ T7610] loop4: detected capacity change from 0 to 256 [ 251.549261][ T7610] exfat: Deprecated parameter 'utf8' [ 251.578975][ T7610] exfat: Deprecated parameter 'utf8' [ 251.616524][ T7610] exfat: Deprecated parameter 'utf8' [ 251.657284][ T7610] exfat: Deprecated parameter 'utf8' [ 251.733484][ T7610] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xac5c0b1f, utbl_chksum : 0xe619d30d) [ 251.752835][ T7605] loop1: detected capacity change from 0 to 32768 [ 251.760487][ T7605] XFS: ikeep mount option is deprecated. [ 251.825534][ T7605] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 251.857891][ T5905] IPVS: starting estimator thread 0... [ 251.988217][ T7623] IPVS: using max 17 ests per chain, 40800 per kthread [ 253.249525][ T7605] XFS (loop1): Ending clean mount [ 253.280938][ T7605] XFS (loop1): Quotacheck needed: Please wait. [ 253.714346][ T7605] XFS (loop1): Quotacheck: Done. [ 253.847152][ T7637] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 254.951437][ T5794] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 255.866649][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.873121][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.933347][ T7654] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 256.002945][ T7654] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 256.072021][ T7654] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 256.185425][ T5863] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 256.635707][ T5863] usb 5-1: config 17 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 256.749873][ T5863] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 256.777274][ T5863] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.803800][ T7656] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 257.677452][ T5863] aiptek 5-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 258.020585][ T7677] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 258.894751][ T7686] loop1: detected capacity change from 0 to 256 [ 258.935663][ T7686] exfat: Deprecated parameter 'utf8' [ 258.941066][ T7686] exfat: Deprecated parameter 'utf8' [ 258.986555][ T7686] exfat: Deprecated parameter 'utf8' [ 258.991938][ T7686] exfat: Deprecated parameter 'utf8' [ 259.012570][ T5801] usb 5-1: USB disconnect, device number 3 [ 259.055373][ T7686] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xac5c0b1f, utbl_chksum : 0xe619d30d) [ 261.317108][ T7697] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 261.429179][ T7697] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 261.529365][ T7697] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 263.342681][ T7717] loop1: detected capacity change from 0 to 2048 [ 263.988639][ T7718] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 264.001985][ T27] audit: type=1326 audit(1752257992.452:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7709 comm="syz.2.410" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd3fd18e929 code=0x0 [ 264.759340][ T7717] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 264.800569][ T7729] loop2: detected capacity change from 0 to 256 [ 264.824972][ T7729] exfat: Deprecated parameter 'utf8' [ 264.844151][ T7729] exfat: Deprecated parameter 'utf8' [ 264.872468][ T7729] exfat: Deprecated parameter 'utf8' [ 264.891014][ T7729] exfat: Deprecated parameter 'utf8' [ 264.929173][ T7729] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xac5c0b1f, utbl_chksum : 0xe619d30d) [ 265.140130][ T7727] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 266.199917][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 267.071173][ T7746] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 267.667152][ T7746] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 267.862422][ T7746] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 268.698217][ T50] Bluetooth: hci3: unexpected event for opcode 0x2006 [ 268.919009][ T7763] netlink: 'syz.2.423': attribute type 1 has an invalid length. [ 268.944313][ T7763] netlink: 224 bytes leftover after parsing attributes in process `syz.2.423'. [ 268.965664][ T7762] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 269.287753][ T7762] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 271.004348][ T27] audit: type=1326 audit(1752257998.942:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7764 comm="syz.3.422" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2bd738e929 code=0x0 [ 271.270349][ T7762] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 271.328136][ T7777] loop2: detected capacity change from 0 to 65 [ 271.351201][ T7777] BFS-fs: bfs_fill_super(): NOTE: filesystem loop2 was created with 512 inodes, the real maximum is 511, mounting anyway [ 272.928663][ T7779] loop3: detected capacity change from 0 to 32768 [ 272.966279][ T7779] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 scanned by syz.3.428 (7779) [ 273.004467][ T7779] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 273.816845][ T7779] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 273.827401][ T7779] BTRFS info (device loop3): using free space tree [ 275.251321][ T7779] BTRFS error (device loop3): open_ctree failed: -4 [ 275.522714][ T7818] Unknown status report in ack skb [ 275.831484][ T7827] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 276.004872][ T27] audit: type=1326 audit(1752258004.872:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7819 comm="syz.4.439" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffa8dd8e929 code=0x0 [ 277.225651][ T7827] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 277.391480][ T7827] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 279.710915][ T7853] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 279.820502][ T7859] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 279.959971][ T7853] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 282.242899][ T7868] loop4: detected capacity change from 0 to 32768 [ 282.254317][ T7868] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 scanned by syz.4.448 (7868) [ 282.350522][ T7868] BTRFS info (device loop4): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 282.396473][ T7868] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 282.421623][ T7868] BTRFS info (device loop4): using free space tree [ 282.722386][ T7868] BTRFS info (device loop4): enabling ssd optimizations [ 282.819493][ T7868] BTRFS info (device loop4): auto enabling async discard [ 283.523228][ T7900] Unknown status report in ack skb [ 285.660662][ T7916] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 285.729222][ T7916] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 285.794134][ T7916] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 285.801198][ T6338] BTRFS info (device loop4): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 286.801655][ T7924] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 286.953957][ T7931] netlink: 28 bytes leftover after parsing attributes in process `syz.1.469'. [ 286.963674][ T7931] tipc: Started in network mode [ 286.973300][ T7931] tipc: Node identity 7, cluster identity 5 [ 286.981430][ T7931] tipc: Node number set to 7 [ 287.231450][ T7938] Unknown status report in ack skb [ 287.326982][ T7942] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 287.585509][ T7942] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 287.747801][ T7945] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 288.256257][ T7951] loop4: detected capacity change from 0 to 1024 [ 288.289514][ T7951] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 288.310358][ T27] audit: type=1800 audit(1752258017.212:8): pid=7951 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.479" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 288.341843][ T7951] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4036: comm syz.4.479: Allocating blocks 385-513 which overlap fs metadata [ 288.358472][ T7950] EXT4-fs (loop4): pa ffff8880792783a0: logic 16, phys. 129, len 24 [ 288.367046][ T7950] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5377: group 0, free 0, pa_free 8 [ 288.469458][ T1125] Trying to write to read-only block-device loop4 [ 288.512411][ T6338] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 288.517057][ T7940] loop1: detected capacity change from 0 to 32768 [ 288.569857][ T7940] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 scanned by syz.1.474 (7940) [ 288.613391][ T7940] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 288.640813][ T7940] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 288.667969][ T7940] BTRFS info (device loop1): using free space tree [ 288.812599][ T7940] BTRFS info (device loop1): enabling ssd optimizations [ 288.834125][ T7940] BTRFS info (device loop1): auto enabling async discard [ 289.188622][ T7979] Device name cannot be null; rc = [-22] [ 290.648282][ T7994] input: syz1 as /devices/virtual/input/input8 [ 291.144843][ C1] ------------[ cut here ]------------ [ 291.150780][ C1] WARNING: CPU: 1 PID: 7987 at net/mac80211/tx.c:5021 __ieee80211_beacon_get+0x1233/0x1600 [ 291.160859][ C1] Modules linked in: [ 291.164837][ C1] CPU: 1 PID: 7987 Comm: syz.4.486 Not tainted 6.6.97-syzkaller #0 [ 291.172779][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 291.182908][ C1] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600 [ 291.189307][ C1] Code: 24 4c 89 e7 e8 4e 64 d5 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 29 d7 96 f7 0f 0b e9 f6 f7 ff ff e8 1d d7 96 f7 <0f> 0b e9 48 fb ff ff e8 11 d7 96 f7 48 c7 c7 40 0c 24 8e 4c 89 e6 [ 291.209015][ C1] RSP: 0000:ffffc900001f0a18 EFLAGS: 00010246 [ 291.215290][ C1] RAX: ffffffff89eebf53 RBX: ffffffff89eead56 RCX: ffff88805bd5bc00 [ 291.223319][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 291.231361][ C1] RBP: 0000000000000000 R08: ffff88805bd5bc00 R09: 0000000000000003 [ 291.239413][ C1] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88805f1ae3c0 [ 291.247459][ C1] R13: dffffc0000000000 R14: ffff88805f1ae8b0 R15: ffff88805f453c24 [ 291.255499][ C1] FS: 00007ffa8eb2c6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 291.264494][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 291.271103][ C1] CR2: 0000001b2eb09ff8 CR3: 000000002d297000 CR4: 00000000003506e0 [ 291.279154][ C1] Call Trace: [ 291.282460][ C1] [ 291.285378][ C1] ? __ieee80211_beacon_get+0x36/0x1600 [ 291.291081][ C1] ieee80211_beacon_get_tim+0xb8/0x560 [ 291.296651][ C1] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 291.303501][ C1] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 291.309164][ C1] __iterate_interfaces+0x243/0x500 [ 291.314446][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 291.320741][ C1] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 291.328071][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 291.334420][ C1] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 291.341527][ C1] mac80211_hwsim_beacon+0xbb/0x1b0 [ 291.346817][ C1] __hrtimer_run_queues+0x51e/0xc40 [ 291.352071][ C1] ? hw_scan_work+0x1060/0x1060 [ 291.357014][ C1] ? hrtimer_interrupt+0x9c0/0x9c0 [ 291.362177][ C1] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 291.368359][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 291.373526][ C1] handle_softirqs+0x280/0x820 [ 291.378384][ C1] ? __irq_exit_rcu+0xc7/0x190 [ 291.383203][ C1] ? do_softirq+0x180/0x180 [ 291.387800][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 291.393058][ C1] __irq_exit_rcu+0xc7/0x190 [ 291.397785][ C1] ? irq_exit_rcu+0x20/0x20 [ 291.402363][ C1] irq_exit_rcu+0x9/0x20 [ 291.406740][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 291.412435][ C1] [ 291.415468][ C1] [ 291.418447][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 291.424530][ C1] RIP: 0010:finish_task_switch+0x26a/0x920 [ 291.430385][ C1] Code: 0f 84 37 01 00 00 48 85 db 0f 85 56 01 00 00 0f 1f 44 00 00 4c 8b 75 d0 4c 89 e7 e8 c0 eb 1b 09 e8 cb b4 2f 00 fb 4c 8b 65 c0 <49> 8d bc 24 f8 15 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0 [ 291.434896][ T11] ------------[ cut here ]------------ [ 291.450073][ C1] RSP: 0000:ffffc900051672b8 EFLAGS: 00000286 [ 291.450114][ C1] RAX: 45e1ad33d0a01a00 RBX: 0000000000000000 RCX: 45e1ad33d0a01a00 [ 291.450133][ C1] RDX: dffffc0000000000 RSI: ffffffff8aaab940 RDI: ffffffff8afc7880 [ 291.450148][ C1] RBP: ffffc90005167310 R08: ffffffff8e4a92ef R09: 1ffffffff1c9525d [ 291.450161][ C1] R10: dffffc0000000000 R11: fffffbfff1c9525e R12: ffff88805bd5bc00 [ 291.456010][ T11] WARNING: CPU: 0 PID: 11 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 291.462028][ C1] R13: dffffc0000000000 R14: ffff88805bd59e00 R15: 0000000000000000 [ 291.462069][ C1] ? finish_task_switch+0x265/0x920 [ 291.470115][ T11] Modules linked in: [ 291.478092][ C1] __schedule+0x14ea/0x4580 [ 291.486160][ T11] [ 291.494130][ C1] ? verify_lock_unused+0x140/0x140 [ 291.494168][ C1] ? asan.module_dtor+0x20/0x20 [ 291.505056][ T11] CPU: 0 PID: 11 Comm: kworker/u4:0 Not tainted 6.6.97-syzkaller #0 [ 291.512919][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 291.512963][ C1] schedule+0xbd/0x170 [ 291.518207][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 291.522052][ C1] schedule_timeout+0x9b/0x280 [ 291.526674][ T11] Workqueue: phy3 ieee80211_csa_finalize_work [ 291.528904][ C1] ? console_conditional_schedule+0x40/0x40 [ 291.534215][ T11] [ 291.538978][ C1] ? __lock_acquire+0x7c80/0x7c80 [ 291.547041][ T11] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 291.552958][ C1] ? do_raw_spin_unlock+0x121/0x230 [ 291.557061][ T11] Code: 48 89 df e8 1a e1 ea f7 e9 dc fc ff ff e8 50 32 92 f7 eb 24 e8 49 32 92 f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 38 32 92 f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 2a 32 92 f7 48 8b 7c 24 08 4c 8b 7c [ 291.567212][ C1] unix_wait_for_peer+0x1e9/0x2e0 [ 291.571976][ T11] RSP: 0018:ffffc900001079c0 EFLAGS: 00010293 [ 291.578070][ C1] ? unix_find_other+0x8f0/0x8f0 [ 291.584003][ T11] [ 291.586332][ C1] ? do_raw_spin_lock+0x121/0x2c0 [ 291.591378][ T11] RAX: ffffffff89f3603e RBX: 0000000000000001 RCX: ffff88801ba53c00 [ 291.598662][ C1] ? wake_bit_function+0x200/0x200 [ 291.598697][ C1] ? __rwlock_init+0x150/0x150 [ 291.603944][ T11] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 291.623531][ C0] vkms_vblank_simulate: vblank timer overrun [ 291.623556][ C1] ? bpf_lsm_unix_may_send+0x9/0x10 [ 291.623595][ C1] unix_dgram_sendmsg+0xf04/0x1720 [ 291.623653][ C1] ? unix_dgram_poll+0x670/0x670 [ 291.628709][ T11] RBP: dffffc0000000000 R08: ffff88805f1ad5af R09: 1ffff1100be35ab5 [ 291.634816][ C1] ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0 [ 291.639784][ T11] R10: dffffc0000000000 R11: ffffed100be35ab6 R12: 0000000000000001 [ 291.642094][ C1] ? aa_sock_msg_perm+0x94/0x150 [ 291.647139][ T11] R13: ffff88805f1ae5d9 R14: ffff88801a74ac70 R15: ffff88801a74ace8 [ 291.655138][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 291.660293][ T11] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 291.665054][ C1] ? security_socket_sendmsg+0x80/0xa0 [ 291.673031][ T11] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 291.679037][ C1] ? unix_dgram_poll+0x670/0x670 [ 291.684290][ T11] CR2: 00007fb7d7e27e9c CR3: 000000002bfed000 CR4: 00000000003506f0 [ 291.689370][ C1] ____sys_sendmsg+0x5bf/0x950 [ 291.697552][ T11] Call Trace: [ 291.702331][ C1] ? __asan_memset+0x22/0x40 [ 291.709470][ T11] [ 291.716814][ C1] ? __sys_sendmsg_sock+0x30/0x30 [ 291.721778][ T11] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 291.729761][ C1] ? __import_iovec+0x3fa/0x860 [ 291.729797][ C1] ? import_iovec+0x73/0xa0 [ 291.729821][ C1] ___sys_sendmsg+0x220/0x290 [ 291.735169][ T11] ieee80211_csa_finalize+0x59a/0xf00 [ 291.744090][ C1] ? __sys_sendmsg+0x270/0x270 [ 291.744167][ C1] ? __might_fault+0xc6/0x120 [ 291.749568][ T11] ? mutex_lock_nested+0x20/0x20 [ 291.756200][ C1] ? __might_fault+0xaa/0x120 [ 291.756231][ C1] __sys_sendmmsg+0x275/0x4a0 [ 291.761193][ T11] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 291.769168][ C1] ? __ia32_sys_sendmsg+0x90/0x90 [ 291.769202][ C1] ? __ia32_sys_get_robust_list+0x90/0x90 [ 291.774014][ T11] ? ieee80211_csa_finalize_work+0x140/0x140 [ 291.777355][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 291.781931][ T11] ? read_lock_is_recursive+0x20/0x20 [ 291.785013][ C1] ? lock_chain_count+0x20/0x20 [ 291.785054][ C1] __x64_sys_sendmmsg+0xa0/0xb0 [ 291.790137][ T11] ieee80211_csa_finalize_work+0xf6/0x140 [ 291.796631][ C1] do_syscall_64+0x55/0xb0 [ 291.801484][ T11] ? process_scheduled_works+0x957/0x15b0 [ 291.801515][ T11] process_scheduled_works+0xa45/0x15b0 [ 291.806034][ C1] ? clear_bhb_loop+0x40/0x90 [ 291.810788][ T11] ? assign_work+0x400/0x400 [ 291.816110][ C1] ? clear_bhb_loop+0x40/0x90 [ 291.820911][ T11] ? assign_work+0x39e/0x400 [ 291.825603][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 291.825631][ C1] RIP: 0033:0x7ffa8dd8e929 [ 291.825664][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.830594][ T11] worker_thread+0xa55/0xfc0 [ 291.835284][ C1] RSP: 002b:00007ffa8eb2c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 291.835310][ C1] RAX: ffffffffffffffda RBX: 00007ffa8dfb5fa0 RCX: 00007ffa8dd8e929 [ 291.835326][ C1] RDX: 0000000000000651 RSI: 0000200000000000 RDI: 0000000000000006 [ 291.840069][ T11] kthread+0x2fa/0x390 [ 291.846012][ C1] RBP: 00007ffa8de10b39 R08: 0000000000000000 R09: 0000000000000000 [ 291.846030][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 291.851044][ T11] ? pr_cont_work+0x560/0x560 [ 291.856783][ C1] R13: 0000000000000000 R14: 00007ffa8dfb5fa0 R15: 00007fff3a9dbff8 [ 291.856818][ C1] [ 291.856828][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 291.856839][ C1] CPU: 1 PID: 7987 Comm: syz.4.486 Not tainted 6.6.97-syzkaller #0 [ 291.856857][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 291.856886][ C1] Call Trace: [ 291.856896][ C1] [ 291.856906][ C1] dump_stack_lvl+0x16c/0x230 [ 291.856945][ C1] ? show_regs_print_info+0x20/0x20 [ 291.856992][ C1] ? load_image+0x3b0/0x3b0 [ 291.857035][ C1] panic+0x2c0/0x710 [ 291.857066][ C1] ? bpf_jit_dump+0xd0/0xd0 [ 291.857107][ C1] __warn+0x2e0/0x470 [ 291.857127][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 291.857156][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 291.857182][ C1] report_bug+0x2be/0x4f0 [ 291.857215][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 291.857242][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 291.857266][ C1] ? __ieee80211_beacon_get+0x1235/0x1600 [ 291.857291][ C1] handle_bug+0xcf/0x120 [ 291.857324][ C1] exc_invalid_op+0x1a/0x50 [ 291.857354][ C1] asm_exc_invalid_op+0x1a/0x20 [ 291.857380][ C1] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600 [ 291.857407][ C1] Code: 24 4c 89 e7 e8 4e 64 d5 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 29 d7 96 f7 0f 0b e9 f6 f7 ff ff e8 1d d7 96 f7 <0f> 0b e9 48 fb ff ff e8 11 d7 96 f7 48 c7 c7 40 0c 24 8e 4c 89 e6 [ 291.857424][ C1] RSP: 0000:ffffc900001f0a18 EFLAGS: 00010246 [ 291.857446][ C1] RAX: ffffffff89eebf53 RBX: ffffffff89eead56 RCX: ffff88805bd5bc00 [ 291.857463][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 291.857476][ C1] RBP: 0000000000000000 R08: ffff88805bd5bc00 R09: 0000000000000003 [ 291.857491][ C1] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88805f1ae3c0 [ 291.857504][ C1] R13: dffffc0000000000 R14: ffff88805f1ae8b0 R15: ffff88805f453c24 [ 291.857527][ C1] ? __ieee80211_beacon_get+0x36/0x1600 [ 291.857554][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 291.857587][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 291.857615][ C1] ? __ieee80211_beacon_get+0x36/0x1600 [ 291.857651][ C1] ieee80211_beacon_get_tim+0xb8/0x560 [ 291.857690][ C1] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 291.857730][ C1] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 291.857773][ C1] __iterate_interfaces+0x243/0x500 [ 291.857805][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 291.857837][ C1] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 291.857872][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 291.857905][ C1] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 291.857943][ C1] mac80211_hwsim_beacon+0xbb/0x1b0 [ 291.857977][ C1] __hrtimer_run_queues+0x51e/0xc40 [ 291.858011][ C1] ? hw_scan_work+0x1060/0x1060 [ 291.858050][ C1] ? hrtimer_interrupt+0x9c0/0x9c0 [ 291.858073][ C1] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 291.858124][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 291.858153][ C1] handle_softirqs+0x280/0x820 [ 291.858179][ C1] ? __irq_exit_rcu+0xc7/0x190 [ 291.858206][ C1] ? do_softirq+0x180/0x180 [ 291.858232][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 291.858265][ C1] __irq_exit_rcu+0xc7/0x190 [ 291.858285][ C1] ? irq_exit_rcu+0x20/0x20 [ 291.858317][ C1] irq_exit_rcu+0x9/0x20 [ 291.858335][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 291.858358][ C1] [ 291.858365][ C1] [ 291.858374][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 291.858402][ C1] RIP: 0010:finish_task_switch+0x26a/0x920 [ 291.858423][ C1] Code: 0f 84 37 01 00 00 48 85 db 0f 85 56 01 00 00 0f 1f 44 00 00 4c 8b 75 d0 4c 89 e7 e8 c0 eb 1b 09 e8 cb b4 2f 00 fb 4c 8b 65 c0 <49> 8d bc 24 f8 15 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0 [ 291.858440][ C1] RSP: 0000:ffffc900051672b8 EFLAGS: 00000286 [ 291.858458][ C1] RAX: 45e1ad33d0a01a00 RBX: 0000000000000000 RCX: 45e1ad33d0a01a00 [ 291.858474][ C1] RDX: dffffc0000000000 RSI: ffffffff8aaab940 RDI: ffffffff8afc7880 [ 291.858490][ C1] RBP: ffffc90005167310 R08: ffffffff8e4a92ef R09: 1ffffffff1c9525d [ 291.858506][ C1] R10: dffffc0000000000 R11: fffffbfff1c9525e R12: ffff88805bd5bc00 [ 291.858522][ C1] R13: dffffc0000000000 R14: ffff88805bd59e00 R15: 0000000000000000 [ 291.858555][ C1] ? finish_task_switch+0x265/0x920 [ 291.858585][ C1] __schedule+0x14ea/0x4580 [ 291.858634][ C1] ? verify_lock_unused+0x140/0x140 [ 291.858667][ C1] ? asan.module_dtor+0x20/0x20 [ 291.858712][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 291.858753][ C1] schedule+0xbd/0x170 [ 291.858783][ C1] schedule_timeout+0x9b/0x280 [ 291.858807][ C1] ? console_conditional_schedule+0x40/0x40 [ 291.858831][ C1] ? __lock_acquire+0x7c80/0x7c80 [ 291.858867][ C1] ? do_raw_spin_unlock+0x121/0x230 [ 291.858901][ C1] unix_wait_for_peer+0x1e9/0x2e0 [ 291.858938][ C1] ? unix_find_other+0x8f0/0x8f0 [ 291.858969][ C1] ? do_raw_spin_lock+0x121/0x2c0 [ 291.858997][ C1] ? wake_bit_function+0x200/0x200 [ 291.859020][ C1] ? __rwlock_init+0x150/0x150 [ 291.859054][ C1] ? bpf_lsm_unix_may_send+0x9/0x10 [ 291.859089][ C1] unix_dgram_sendmsg+0xf04/0x1720 [ 291.859148][ C1] ? unix_dgram_poll+0x670/0x670 [ 291.859178][ C1] ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0 [ 291.859211][ C1] ? aa_sock_msg_perm+0x94/0x150 [ 291.859241][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 291.859272][ C1] ? security_socket_sendmsg+0x80/0xa0 [ 291.859299][ C1] ? unix_dgram_poll+0x670/0x670 [ 291.859330][ C1] ____sys_sendmsg+0x5bf/0x950 [ 291.859362][ C1] ? __asan_memset+0x22/0x40 [ 291.859395][ C1] ? __sys_sendmsg_sock+0x30/0x30 [ 291.859413][ C1] ? __import_iovec+0x3fa/0x860 [ 291.859445][ C1] ? import_iovec+0x73/0xa0 [ 291.859471][ C1] ___sys_sendmsg+0x220/0x290 [ 291.859496][ C1] ? __sys_sendmsg+0x270/0x270 [ 291.859566][ C1] ? __might_fault+0xc6/0x120 [ 291.859591][ C1] ? __might_fault+0xaa/0x120 [ 291.859618][ C1] __sys_sendmmsg+0x275/0x4a0 [ 291.859646][ C1] ? __ia32_sys_sendmsg+0x90/0x90 [ 291.859684][ C1] ? __ia32_sys_get_robust_list+0x90/0x90 [ 291.859723][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 291.859753][ C1] ? lock_chain_count+0x20/0x20 [ 291.859789][ C1] __x64_sys_sendmmsg+0xa0/0xb0 [ 291.859813][ C1] do_syscall_64+0x55/0xb0 [ 291.859842][ C1] ? clear_bhb_loop+0x40/0x90 [ 291.859865][ C1] ? clear_bhb_loop+0x40/0x90 [ 291.859893][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 291.859916][ C1] RIP: 0033:0x7ffa8dd8e929 [ 291.859935][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.859952][ C1] RSP: 002b:00007ffa8eb2c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 291.859974][ C1] RAX: ffffffffffffffda RBX: 00007ffa8dfb5fa0 RCX: 00007ffa8dd8e929 [ 291.859989][ C1] RDX: 0000000000000651 RSI: 0000200000000000 RDI: 0000000000000006 [ 291.860002][ C1] RBP: 00007ffa8de10b39 R08: 0000000000000000 R09: 0000000000000000 [ 291.860015][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 291.860028][ C1] R13: 0000000000000000 R14: 00007ffa8dfb5fa0 R15: 00007fff3a9dbff8 [ 291.860059][ C1] [ 291.863162][ C1] Kernel Offset: disabled