last executing test programs: 10m0.696060427s ago: executing program 0 (id=180): socket$inet6(0xa, 0x3, 0x8000000003c) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000002060108000000000000000000000000050005000a000000050001000700000005000400030000000900020073797a310000000016000300686173683a6e6574"], 0x50}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x4c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @empty}}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x14000052}, 0x4000084) 9m57.216747372s ago: executing program 0 (id=184): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000200)=[@in={0x2, 0x4e22, @private=0xa010101}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000004c0)=0x27) getsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000001200)={r5, 0x3, 0x51, 0x401}, &(0x7f0000001240)=0x10) openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYRES8=r3, @ANYRES16=r4], 0x50) r6 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r6, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) 9m53.683396881s ago: executing program 0 (id=193): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="540100001000130700000000000000007f0000010000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb0000000000000000000000000000000032000000ac1914aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000015000d00000000000000000000000000000000000000000000000000000000000000000000000002000400000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ccd700000000001c000400070000000000000000000000000000000000000000000000e7662d7b88fed7249af44effb0603567d6e23ea3c2029caaeaa6bd9d19ef13c97951b17eba9d83573373ae652af51796b8a5f4a516763f46724d6bd30f6617168522052e1426e73091bad271c5f78e474d0dd6eff879f6d14623a389e799c64b34546bb7e7966305a5e737b7f7d68640199fb29e51e9"], 0x154}}, 0x0) r1 = syz_usbip_server_init(0x3) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000040)=@fragment, 0x8) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x20, 0x2, 0x230, [], 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB]}, 0x78) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, 0xfffffffffffffffe, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x2, &(0x7f0000000240)=""/91, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_vs\x00') read$FUSE(r2, &(0x7f0000001c00)={0x2020}, 0x2020) r3 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000000)={0x11, @multicast1, 0x0, 0x0, 'lblcr\x00', 0x9}, 0x2c) read(r2, &(0x7f0000001b00)=""/194, 0xc2) write$usbip_server(r1, &(0x7f0000000080)=@ret_unlink={{0x4, 0x5, 0x0, 0x0, 0x3}, {0x5}}, 0x30) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f0000000700)=""/69, 0x0}) ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000040)=0x1) 9m49.393822572s ago: executing program 0 (id=201): sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x4004890}, 0x2400c0c0) inotify_init1(0x80000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) r4 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x7}, 0x1c) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x2, @in=@broadcast, 0x6, 0x4, 0x3}]}]}, 0xfc}}, 0x0) sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x20, 0x4001c00) 9m46.457412377s ago: executing program 0 (id=207): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP") mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00') r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002180)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) read$FUSE(r3, &(0x7f0000000100)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r3, &(0x7f0000002280)={0x50, 0x0, r4, {0x7, 0x27, 0x0, 0x1424046, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50) open$dir(&(0x7f0000000840)='./file0\x00', 0x4374362a64d36bbe, 0xa) r5 = open(&(0x7f0000000200)='./bus\x00', 0x141a42, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x4, 0x4, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x8c}, [@call={0x85, 0x0, 0x0, 0x5d}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) write$P9_RREADDIR(r5, &(0x7f00000002c0)={0x62, 0x29, 0x1, {0x9, [{{0x2, 0x3, 0x3}, 0x60000, 0x5, 0x5, './bus'}, {{0x4, 0x0, 0x1}, 0x2, 0x0, 0x5, './bus'}, {{0x80, 0x3}, 0xdd, 0x4, 0x5, './bus'}]}}, 0x62) 9m42.516495439s ago: executing program 0 (id=211): r0 = memfd_create(0x0, 0x4) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x200000f, 0x4002012, r0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000640)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) r2 = getpid() socket$inet(0x2, 0x2000000080002, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r6 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000540)="0706675823b8a37f19b37e0f9f120663b78a6a322f28cb301825eddc42c667fc68923d7df9f4c1843c5f11b63d2684fff43955079736fa4c80100487c31c09706b6bf145eb1baf416d2681491bd6a3098fe1a6741d65b085b4075db8419d9e6d17b1eec4dfb860a71d61af753459bcc5ea1f20d6c1c74afda3b0c08bf98886eaac01b08aa753b8727f25773c98cd6a78c06b758992b03b81e2e09cf103dc16a5658a3b58626b457ee4773d41b3548f2258a2e11cc22555da4ef9035cbfe8dc1e", 0xc0, r5) r7 = add_key$user(&(0x7f0000000180), &(0x7f0000000340)={'syz', 0x3}, &(0x7f0000000140)="04", 0x1, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f00000001c0)={r7, r6, r7}, &(0x7f0000000700)=""/259, 0x103, &(0x7f0000000400)={&(0x7f0000000100)={'streebog256-generic\x00'}}) 9m27.238787451s ago: executing program 32 (id=211): r0 = memfd_create(0x0, 0x4) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x200000f, 0x4002012, r0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000640)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) r2 = getpid() socket$inet(0x2, 0x2000000080002, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r6 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000540)="0706675823b8a37f19b37e0f9f120663b78a6a322f28cb301825eddc42c667fc68923d7df9f4c1843c5f11b63d2684fff43955079736fa4c80100487c31c09706b6bf145eb1baf416d2681491bd6a3098fe1a6741d65b085b4075db8419d9e6d17b1eec4dfb860a71d61af753459bcc5ea1f20d6c1c74afda3b0c08bf98886eaac01b08aa753b8727f25773c98cd6a78c06b758992b03b81e2e09cf103dc16a5658a3b58626b457ee4773d41b3548f2258a2e11cc22555da4ef9035cbfe8dc1e", 0xc0, r5) r7 = add_key$user(&(0x7f0000000180), &(0x7f0000000340)={'syz', 0x3}, &(0x7f0000000140)="04", 0x1, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f00000001c0)={r7, r6, r7}, &(0x7f0000000700)=""/259, 0x103, &(0x7f0000000400)={&(0x7f0000000100)={'streebog256-generic\x00'}}) 1m46.246550966s ago: executing program 5 (id=960): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, 0x0, 0x0) bind$inet(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r2}, 0x18) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c0260000410007010000000007000000017c00000400fc80a72601"], 0x26c0}}, 0x4010) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000240)=[@sack_perm, @timestamp, @window={0x3, 0x0, 0xfffc}, @window={0x3, 0x0, 0x3}, @timestamp, @timestamp], 0x6) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) 1m45.09293118s ago: executing program 5 (id=963): syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x400, 0x0, 0x338}, 0x0, 0x0) socket(0x10, 0x3, 0x0) syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udp(0x2, 0x2, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x12, 0x81, 0x8, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) socket$inet6_udp(0xa, 0x2, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x15, &(0x7f0000000300)={@random="6ea88d319b8c", @multicast, @val={@void, {0x8100, 0x0, 0x1, 0x4}}, {@x25={0x805, {0x0, 0x1, 0xb}}}}, 0x0) 1m41.221163061s ago: executing program 5 (id=969): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0xc800) add_key$user(0x0, 0x0, &(0x7f0000000400), 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0), 0x60100, 0x0) ioctl$AUTOFS_IOC_FAIL(r1, 0x4c81, 0x9) r2 = dup(r0) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000200)={0x0, 0x1012000, 0x0, 0xa5c}, 0x20) socket$inet(0xa, 0x801, 0x84) r3 = syz_open_dev$vbi(0x0, 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) r4 = socket$inet6(0xa, 0x1, 0x14) bind$inet6(r4, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c) listen(r4, 0x50) r5 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r5, 0x0, 0x0) listen(r5, 0x50) listen(r5, 0x0) 1m36.417438368s ago: executing program 5 (id=977): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00'}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_open_dev$video4linux(&(0x7f0000001540), 0x6, 0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) socket$inet(0x2, 0x3, 0x8d) r2 = fsopen(&(0x7f0000000240)='vfat\x00', 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r3, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x30}}, 0x10) writev(r3, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x77359400}, {0x77359400}}, 0x0) clock_gettime(0x0, &(0x7f0000000100)) shutdown(r3, 0x1) close_range(r2, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000080)=@loop={'/dev/loop', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='qnx4\x00', 0x20808c, 0x0) 1m30.915689042s ago: executing program 5 (id=987): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100)={0x0}, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000000)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r3, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, r4, 0x0, 0x0, 0x1}) ioctl$IOMMU_IOAS_MAP(r3, 0x3b85, &(0x7f0000000a00)={0x28, 0x7, r4, 0x0, &(0x7f00000a0000)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1000}) syz_emit_ethernet(0x7e, &(0x7f0000000000)={@local, @link_local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "156909", 0x1b, 0x2f, 0x0, @private2, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x88a8, 0x8dff, 0x0, [0x6, 0x0]}, {}, {}, {0xa888, 0x88be, 0x8000000}}}}}}}, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_RW(r3, 0x3ba0, &(0x7f0000000d40)={0x48, 0x8, r5, 0x0, 0x0, 0x1, &(0x7f0000000b40)='L'}) openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0200, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000080)=0x9) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) r6 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000140)='ceph\x00', &(0x7f0000000180), &(0x7f0000000040), 0x1d4, r6) 1m28.108610575s ago: executing program 5 (id=991): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="440000002000010000000000000000000200000000000000120000000c00144080f89e8a28bf0133d1831361824241001e00011400110070696d36726567000000000000000000abd6f0683dfccb2fe40c62f0529e81acdb0e36614ddc37d663eceb36591954b6bc9b3ef4ba052853c643ccec18f248c34608bafd9ef5a11ad3e238fc52d227bd6206c1c7c857db11be0eb67eb13945d384f1e2fbcd7298e352067d879192ea6c95163d"], 0x44}, 0x1, 0x0, 0x0, 0x4008000}, 0xc0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r4) sendmsg$NLBL_CIPSOV4_C_ADD(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000480)={0x34, r5, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8}, @NLBL_CIPSOV4_A_MLSLVLLST={0x4}, @NLBL_CIPSOV4_A_MLSCATLST={0xc, 0xc, 0x0, 0x1, [{0x4}, {0x4}]}]}, 0x34}}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000005c00), 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, 0x0) r7 = dup3(r6, 0xffffffffffffffff, 0x0) getsockname$packet(r7, 0x0, 0x0) 1m12.675921318s ago: executing program 33 (id=991): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="440000002000010000000000000000000200000000000000120000000c00144080f89e8a28bf0133d1831361824241001e00011400110070696d36726567000000000000000000abd6f0683dfccb2fe40c62f0529e81acdb0e36614ddc37d663eceb36591954b6bc9b3ef4ba052853c643ccec18f248c34608bafd9ef5a11ad3e238fc52d227bd6206c1c7c857db11be0eb67eb13945d384f1e2fbcd7298e352067d879192ea6c95163d"], 0x44}, 0x1, 0x0, 0x0, 0x4008000}, 0xc0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r4) sendmsg$NLBL_CIPSOV4_C_ADD(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000480)={0x34, r5, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8}, @NLBL_CIPSOV4_A_MLSLVLLST={0x4}, @NLBL_CIPSOV4_A_MLSCATLST={0xc, 0xc, 0x0, 0x1, [{0x4}, {0x4}]}]}, 0x34}}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000005c00), 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, 0x0) r7 = dup3(r6, 0xffffffffffffffff, 0x0) getsockname$packet(r7, 0x0, 0x0) 16.155874096s ago: executing program 3 (id=1110): ioctl$RTC_IRQP_READ(0xffffffffffffffff, 0x8008700b, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x22, 0x2, 0x1) r4 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001300f5d10300"/20, @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\r'], 0x28}, 0x1, 0x0, 0x0, 0x40010}, 0x0) r7 = openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x141042, 0x0) fstat(r8, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000400)='./file1\x00', 0x1000c1d, &(0x7f000000a580)=ANY=[@ANYRES32=r10, @ANYRESHEX, @ANYBLOB="9cf45332f216e72f1916be622afc444f62ea0b68c42a77b352fe0afddfb1cc8ff9c0f9e899ea9ae7c30f5a192b0b16000080dfa20a2768950b186e295805038569d0c9f57f41da86410da421701f524e99d5bea9716fa0990dd3611859be346c36edb30828401d5122a1bad83ae10d49e288b3950ae045ad2a04ddc191fcc6abf55e98491049b415163b7e3a99c0a4544190c2011be3a25a85ceab73485f64f25ad6d435b24f2f400d9bef712f399339d02bfd26bf20324b098b673189cd82a5cbf5c5a53fbda881d47d43e25919884a8cd525436c46d28d7c4173aabcc00da4ac21514eb67e0eb9849548fe217ab6bb03ac5d203f8427c8402b016b5b9e83d16cb759a42b6a7f7115433776b3eb8091edf8030f522ae488d96280e59d5b0ddc36f441dfff7700000000000000000000000000000000000000000000000000000000000000000000002c14da6155698f83a9e5d32830f3dc68cfff8cf5b7e936b51590ec6fc503b6ca46a5aa1b35163c0081ae2491391194d483d35de250e75d7d6ae7901b6c9663ddcbecd4bc17a043808b280000000000000000000000000000c8f455465cbebc162473fbee10d24b1e5aded77bc959e4d72cb67a00491fd4696da9de540e0d9ecefa00648305f1ea375309bb41460389068a12930587eef76c7e0359b64a2153d2c1e1a07b0125808f1805beb49929003354aab5fe9f966009e4f90fc66cc885c9406c532a40ec0b76a3757cf11d9e907a44cbc32dbb10", @ANYRES16=r7, @ANYRESOCT, @ANYRES32=r9, @ANYRESDEC=0x0, @ANYRES32], 0xff, 0x1fd, &(0x7f000000a380)="$eJzsmb+LE0EUx78zu5c9DxFsLGwsPPBEb39F5ZorThArQThFLYO3d0T3LpKscDkQ7rCxsRQRbP0HLCxS29nZaqGCYGFKwUIYmR/ZnfzYGDFiwPeBTL7z5s178ybJK7IgCOK/5dPHbx8eX1y5dhbAYSzCM/YvTuHDLf/3z+6febJ66fnLdy9e7xx50BmMNw9ACFQmzc+Afaw5yErWF+XwtN92HRynjb4BBl/LH0KhJwkYbhmfO5ZuHDIiTfzbjXRjs54moRwiOcRyqNq5XADdA4aNvDYhmLXeajMVrNlq792tpYWYE708Q0u/K8bdnzrfGseqmcvzyc/r5qOHB3Ju7gYhuL5LABE4IqOrYFg3egUefN8vrsSq/7hbxHf66v+z2qYu2Hf9NZCWo8tTT+HgXxc4q0J4M3GMCQQbtMifcG451u28Gd71+S+ex5tOHIaSjqMaF4Dcctn4vF1I0ysTp8C+DlNYel1+5K6iPzEXOGX1Jxdu3j+CbPte0GrvLde3a1vJVrITx9UL4bkwPB8Hm3UPYaDa0Zj+N6/604IVf67Et8Iq2K1lWTPaBbJmlM9jPVodd/1V46vaw1X/41g6qWPIS1Zle6NzMPPi6l2qJaf08ARBEARBEARBEARBEARBEL/E/jPyBBj0IxD1oEqUEF9V3j8DAAD//2JCZGU=") setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@private2, @in6=@private1, 0x4e21, 0x200, 0x4e24, 0x8, 0x2, 0xa0, 0xa0, 0x84, r6, r9}, {0x5, 0x0, 0x7, 0x400, 0x5, 0x800, 0x8, 0x3}, {0x2, 0xbaf, 0xffff, 0x7}, 0x9, 0x6e6bb0, 0x0, 0x0, 0x0, 0x3}, {{@in6=@local, 0x4d5, 0xff}, 0xa, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x3501, 0x2, 0x0, 0x0, 0x537, 0xd1, 0x80000001}}, 0xe8) recvmsg$kcm(r3, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x0) 13.88396889s ago: executing program 3 (id=1113): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 13.085514478s ago: executing program 1 (id=1117): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000500)=ANY=[], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000000)=0x38, 0x4) r0 = socket(0x10, 0x3, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) add_key(&(0x7f0000000140)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) gettid() timer_create(0x7, 0x0, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) kexec_load(0x0, 0x1, &(0x7f00000002c0)=[{0x0, 0x0, 0xff600000, 0x1000000}], 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x9200000000000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40004) sendmsg$NL80211_CMD_RELOAD_REGDB(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x14, r3, 0x101, 0x70bd2c, 0x25dfdbfe, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) getrlimit(0x9, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 11.673046692s ago: executing program 4 (id=1118): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x20000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e00000004000000040000000300"], 0x48) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) personality(0x500006) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000080)='./file1\x00', 0x80, &(0x7f0000000440)={[{@type={'type', 0x3d, "699a1c87"}}, {@gid}, {}, {@uid}, {@force}, {@umask={'umask', 0x3d, 0x8}}, {@nls={'nls', 0x3d, 'cp932'}}, {@part={'part', 0x3d, 0xa}}, {@creator={'creator', 0x3d, "995d95f7"}}, {@nodecompose}]}, 0x47, 0x6f7, &(0x7f00000010c0)="$eJzs3U1sHGcZAOB31uu1N5XcbZu0BSHFakQEDSS2l5IgIREqhHyoUCQuvS6J01heu5HtIidCxAUKRzihHDgUIXPoCfWABOKAKGckJK4o90jcIw4smtmZ9f7Y693GP0n6PNJ4vpn5ft55O/Pt7myjDeAza/HtmNyOJBYvvLWVbj/YqTcf7NRXi3JETEVEKaLcXkWyFpF8EnE12kt8Lt2Zd5fsN84bD//0m/P3P6q3t8r5ktUvDWu3qzVkhO18idmImMjXYyrv19/1eHOgv3tjdZ104k4Tdq5IHJy01oDtcZqPcN8CT7p7EROTe+yvRZyKiOn8fUDks0PpmMM7dGPNcgAAAPBkmjiowvOP4lFsxczxhAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPhqT9m4FJvpSK8mwkxe//V/J9qUrlhOMd7isHHP/g5jEFAgAAAAAAAABH4uP8i/uzj+JRbMVMsb+VZN/5v5ZtnM7+PhfvxUYsxXpcjK1oxGZsxnrMR0zOdHVY2Wpsbq7PD7b8daQtW63WvbzlQkTUBlouHMNJAwAAAAAAAMCz6yexGDMnHQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHRLIibaq2w5XZRrUSpHxHREVNJ62xF/KcpPuuqQY389xjgAAADghBQfjWeS/7ULrST7zP9y9rl/Ot6LtdiM5diMZizFjexZQPtTf+mf2/Xmg536aroMdvzt/4wVR9ZjREzE+/uMPJfVONNpsRjfje/HhZiNa7Eey/HDaMRmLMVsVNOTiEYkUau2n17Uijj3jvdqz9a1/tjO9m2/mkVSjZuxnMV2Ma5Xov3YJDuHdMxXu0b7YyWib8T30+wk38qNmKMbXf+9fpU/l8m1nh+xj6NRy858spORuTT3eTZeGJ77Ma+T/pHmo9R5BnV6d5R0s3+kIuc/GCfnp/J1muuf9+b8sI35KK0/EwtRyq++iJd7c377i/df7G385X/97dqt0trKrZsbF47wlB7H7EEVJotCfybqXZl4ZfjVl2eimWZie/RMTPbvmB615dGq5NnIpqIRZ8vvZKVGvNZ1Cb4bN2IpLsdczMeVmItvxELUO1dYupzpyWu5vtqbk+xeKw3Ob8OexJ77UlelXxxQ+XileXmhK6/dM10tO5bvufrLmOu6+l4cfvWN/SqQjv/5vJyO8dPOK86ToCcT+dxcRPfS8Ez8tpX+3Wiurazfatwecbzz+Tq9bT/onZt/N3rU/a/uhyG9XtIZt5xtZTmpFtdLeuylTrS9+ark37i025UGjp3pHKvFTCzH9/a9Uyv5e7jBntrHXuk+9u/dmbOSv78pjvW8y4l3o5m9C+lz4FQNwDE79fqpSvVh9R/VD6s/q96qvjX95tSVqS9UYvLv5T9P/KH0+9I3k9fjw/hxzJx0pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CzYuHN3pdFsLq13CjHdv+dxC5V9xxpeiNKBdXaeG63DqEUMHyvJC5XDPfensVCNvj3FLyw9bs8fR8SQOpXHDj4Z+xobu5Dm4VA6LH44LdvTmhijeblotXedcmxMx0ojKe9xx03t3gVRW2k0/9vqaV6NrlsGeMZd2ly9fWnjzt2vLq823ll6Z2lt4crlK5frX5//2qWby82lufbfk44SOAobd+5OnHQMAAAAAAAAAAAAwHjy//t/81P/Y4byAXUq6xt7j3z2uE8VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeEotvh2T25HE/NzFuXT7wU69mS5FebdmOSJKEZH8KCL5JOJqtJeodXWX7DfOGw+jdP7+R/XdvspF/dKwdqPZzpeYjYiJfH2wqT26Gezveld/258qvKRzhmnCzhWJg5P2/wAAAP//vnbzsA==") r4 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40500000000000061106c00000000001f110000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) sendmsg$NFNL_MSG_CTHELPER_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1400188e0109010400000000000008000a000006"], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x20008010) 11.616555262s ago: executing program 3 (id=1119): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000140), 0x1, 0x4fa, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000340), 0x4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0x541b, &(0x7f0000000040)) r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r4, &(0x7f0000000380)={{0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x2}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) syz_emit_ethernet(0x82, 0x0, 0x0) connect$netrom(r5, &(0x7f0000000300)={{0x6, @rose, 0xffffffff}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48) listen(r4, 0x1ad72f7) accept4$netrom(r4, 0x0, 0x0, 0x80000) r6 = accept4(r4, 0x0, 0x0, 0x80800) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x41071, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) fallocate(r1, 0x0, 0xffff, 0x8009) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) write$cgroup_int(r7, &(0x7f0000000380)=0x3c, 0xfcb5) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f00000000c0)={0x0, r7, 0x18, 0x0, 0x0, 0xffffffffffff8001}) 11.250355616s ago: executing program 1 (id=1120): syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000240)='./bus\x00', 0x8008, &(0x7f0000000100)=ANY=[@ANYRES64=0x0], 0xf, 0xab, &(0x7f0000010140)="$eJzs1zGKwkAYBeB/s7CbdptFsLBO4x08ilhqI1aK4A3Ei3gVj5DewiKtiCOYiIidRQT5vmLgzWPgtbM7brubIiKtIlLRme7T3Wy+GA8n9Rl8pCwifiMij4jeX50Pg7r7avqyWo7K6vv58c+69b0AAMDrsug/5nNqLk7NL/Aa/m993vI+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHe7BAAA//+dfyiL") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='rdma.current\x00', 0x275a, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x40, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file7\x00', 0x105042, 0x1ff) linkat(0xffffffffffffff9c, &(0x7f0000000000)='./file4\x00', 0xffffffffffffff9c, &(0x7f00000006c0)='./file5\x00', 0x0) syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x1000000, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00'], 0x2, 0x58a, &(0x7f0000000740)="$eJzs3c1rXWkZAPDnPc1NbzrtzJ22ttaOckHBMmJJ006qpjjWyQSE4oRp04UrY5N2wtwkJclIOgzahejG/8HVbBRkQN0ILnTrQnciA67ErVEGBhRHOSfnfiUZk5mbm4/m94PknnvOcz7eAwk872cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFff/nm8JW0308BAAAA9NM3b786PCL/BwAAgCfaHe3/AAAAAAAAAHDYpcjih5Fi9dRaOll8X1e9NbfwxurU+MTWpw2l4sxjRXz+U70ycvXaC6PXv9T8/P/n77YL8crtOzfrLy3OP1yaXV6enalPLczdW5yZ3fEVej1/o+eLF1Cff/2Nmfv3l+sjl692HV6t/e34U+dqY19++eytZuzU+MTE7Y6YgcrHvvsmengAAAAcbYORxbVIcefiz9OpiMii91x4m7qDfhuKWp5/F4WYGp8oCtKYm15YyQ9ONhPhWndOPNjMkfcgF+9JLeJ0/qyDMnoAAAB2rhJZfCZSXPhgLT0dEceaefAXiokBt79AbQ8ecgsDEXEmIi7FIcjZAQAAYJ8djyxejRS/adTimTKvLvL/r0WM7ffDAQAAALtiILK4HineG1tLtaI/QEQ8PzU+Ub91t/6NhfuLHbGTqWxRP+zjA/aSvgkAAAAcANXI4lTR4r+Wnv2QmIE9fiYAAABgdw1FFv+KFJ9/8bvFvHJRzEv/zNhXTt6Y6Jxh7vw218ljL0fExR2Oya+Ucw1OpsmUsk1Xe7wrhQMAAAAK1ZTFXyPF+3+uFt8vlbl50ugPAAAAT46UxQ8ixVcn11LasC79sY71/VsO+9j//j7/UPWlxYePluYevLay5fET1ZvfWV5Zmr639eH1tQu7ukNst44hAAAA7EAlZfHPSPH7xjutvLNcA6DsAdBONN++0c5Nq2nD0aLe4Omi3qA1huCpkZHO7S1T1o8wP16tvO+x3osNAAAAR0pKWQxGis/97pPl2v8nYlMbdBn3h0hxY/G5Mi4bzOOawwRqxe/q/bnG7HAeOx4pftloxkYRe7yMPdOOvZLH/ja/7nR3bLWMPduOHcljP4gUry1tHfuJduzVPHYpUvzsJ/Vm7Ik89mQZe64de/neYmOmby8YAAAADoBKyuJXkeLH/663hvx3t/+3W9vffqvd3r9pgr4PafPvtf2/1rHvcVkPcbysrxjYpr7ilUhx4dnnmuUp6gqa3QrW1zpo11f8I1Isfas7drCMPd2OvbLjFwsAAAAHSLP//x/v/rrV5b7MgcuvW+f/n9o4P2Cf8v/ONQnzey4/evP16UZjdmk/Nyof8azvR0TXnnQQSmHjv6WD8jx7ulH+UT0+KM/T60Zv/wcBAOAoyPP/u5Fi9b13W+3dZf5fdpVv5//vf6+d/49tvFCf8v/THfvGyvkGKgMR1ZX5h5XzEdXlR29+cW5++sHsg9mFq6MvjA6Pjl6/NlIZbDbut7d6flcAAABwWOX5/3Ck+PuPftoan7+T9v8TGy/Up/z/TMe+/J7tRr98z196LT4AAAAcCXn+/4tI8aeL77Tm0evO/zvm/3+rPc7+0mfXewu0agf6lP+f7dhXK+4bMbRLZQcAAAAAAAAAAAAAAAAAAICDopKy+E+keLc6kMoJ/3c0/9/Mxgv1afz/uY59M7E36//1/FIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgkMoii7lI8enza+nFfMe3I052fgIAAACH3v8CAAD//16XHzs=") write$binfmt_script(r0, &(0x7f00000008c0), 0xfecc) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0) openat$incfs(0xffffffffffffff9c, &(0x7f0000000640)='.log\x00', 0xa5d, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x161442, 0xb6) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='pids.current\x00', 0x275a, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpu.stat\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='freezer.state\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) syz_open_dev$loop(&(0x7f0000000400), 0x0, 0x41) 10.509970127s ago: executing program 2 (id=1121): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0xffffffffffffffff, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_create_resource$binfmt(0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20000045, 0x0, 0x0) shutdown(r3, 0x1) ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x4b4a, 0xffffffffffffff15) close(0xffffffffffffffff) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='proc\x00', 0x0, 0x0) openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000700), 0x1c1140, 0x0) 9.841096328s ago: executing program 4 (id=1122): socket$l2tp6(0xa, 0x2, 0x73) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) socket(0x200000100000011, 0x3, 0x3) write$evdev(0xffffffffffffffff, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r4, &(0x7f0000000040)={0x1f, @any, 0x2}, 0xa) r5 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r5, &(0x7f00000001c0)={0x1f, @none, 0x1}, 0xa) syz_open_procfs$namespace(0x0, 0x0) shutdown(r4, 0x1) syz_open_dev$vim2m(0x0, 0x7, 0x2) 9.205636024s ago: executing program 3 (id=1123): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x5, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x28031, 0xffffffffffffffff, 0x8000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYRES32, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) ioctl$FS_IOC_SETFSLABEL(r2, 0x41009432, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = syz_open_dev$vim2m(0x0, 0x40000000000000fb, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) unshare(0x2040400) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00') read$eventfd(r5, &(0x7f0000000340), 0x8) 9.144956662s ago: executing program 1 (id=1124): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) socket$qrtr(0x2a, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000010000003f0000004000000042000000", @ANYRES32, @ANYBLOB="0000f2ff00003b00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)="7123069bf516a810795ef87b649c0472f8f6d2148dcf195768fc1bd21634595a15634c6644a2a1b31a93af205a1e4d65b950ad49070000000000000000005f3f6c196be3025c91a9eeafe9854fd2135010a088136dd6cdd83ff246d33ebcc112f3979230321f42a7bcb55906d43b6508869b937fbc55c6b6840d07a3d739", &(0x7f0000000080), 0x101, r3}, 0x38) bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000001d40)={r3, &(0x7f0000000240), 0x0}, 0x20) prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil) ptrace(0x10, 0x1) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) 9.114122289s ago: executing program 2 (id=1125): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() msgget$private(0x0, 0xc) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000640)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = epoll_create1(0x0) r4 = socket(0x10, 0x80802, 0x0) r5 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r5, &(0x7f0000000100)={0xa000000d}) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f00000000c0)={0x10000001}) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = openat$sequencer(0xffffffffffffff9c, 0x0, 0x16b601, 0x0) write$sequencer(r6, &(0x7f0000000080)=ANY=[], 0x9) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 6.808339524s ago: executing program 3 (id=1126): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a0000001900", 0x6) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) times(&(0x7f00000001c0)) socket$kcm(0x2, 0x200000000000001, 0x106) r4 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0) r5 = socket$qrtr(0x2a, 0x2, 0x0) arch_prctl$ARCH_SHSTK_DISABLE(0x5002, 0x0) sendmsg$qrtr(r5, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000000280), 0x0, 0x0, 0x0, 0x20000005}, 0x38) ioctl$CEC_DQEVENT(r4, 0xc0506107, 0x0) ioctl$IOC_PR_PREEMPT(r4, 0x40046109, 0x0) 5.593546953s ago: executing program 2 (id=1127): syz_emit_ethernet(0x74, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x73, 0x0, @private=0x300, @multicast1=0xac1414aa}, {0x0, 0x0, 0xfffffe9a, 0x0, @gue={{0x2}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) write$qrtrtun(r2, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r6 = socket$unix(0x1, 0x5, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) r7 = dup2(r6, r5) close_range(r7, 0xffffffffffffffff, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f00000000c0)={0x2, &(0x7f0000000600)=[{@none}, {}]}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x6, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 5.444616871s ago: executing program 1 (id=1128): mkdir(0x0, 0x21) mkdirat(0xffffffffffffff9c, 0x0, 0x0) open(&(0x7f0000000100)='./file1\x00', 0x147842, 0x88) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r0, 0x25, &(0x7f00000000c0)) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cpuset.effective_cpus\x00', 0x275a, 0x0) eventfd2(0x5, 0x80001) fcntl$lock(r3, 0x26, &(0x7f0000000000)={0x1}) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed00000001090224000100"], 0x0) bpf$BPF_PROG_DETACH(0x1c, 0x0, 0x0) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, 0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mount(0x0, 0x0, &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 4.866683528s ago: executing program 2 (id=1129): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000140), 0x1, 0x4fa, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000340), 0x4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r2, 0x541b, &(0x7f0000000040)={0xffffffffffffffff}) r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r4, &(0x7f0000000380)={{0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x2}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) syz_emit_ethernet(0x82, 0x0, 0x0) connect$netrom(r5, &(0x7f0000000300)={{0x6, @rose, 0xffffffff}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48) listen(r4, 0x1ad72f7) accept4$netrom(r4, 0x0, 0x0, 0x80000) r6 = accept4(r4, 0x0, 0x0, 0x80800) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x41071, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) write$cgroup_int(r7, &(0x7f0000000380)=0x3c, 0xfcb5) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f00000000c0)={0x0, r7, 0x18, 0x0, 0x0, 0xffffffffffff8001}) 4.441045195s ago: executing program 1 (id=1130): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$int_in(r2, 0x5421, &(0x7f0000000240)=0x2) connect$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) shutdown(r2, 0x0) 4.440626658s ago: executing program 4 (id=1131): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000001300040095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000180)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x989, 0x0, 0x10}, 0x9c) sendmmsg$inet6(r5, &(0x7f0000003f00)=[{{0x0, 0xf, &(0x7f0000000300)=[{&(0x7f0000000140)="a2", 0x1a058}], 0x1}}], 0x1, 0x0) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000000)="2e000400010002", 0x7) r6 = signalfd4(r0, &(0x7f0000000040)={[0x400]}, 0x8, 0x0) getsockopt$X25_QBITINCL(r6, 0x106, 0x1, 0x0, &(0x7f0000000100)) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) 4.408150638s ago: executing program 3 (id=1132): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000140), 0x1, 0x4fa, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000340), 0x4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0x541b, &(0x7f0000000040)) r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r4, &(0x7f0000000380)={{0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x2}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) syz_emit_ethernet(0x82, 0x0, 0x0) connect$netrom(r5, &(0x7f0000000300)={{0x6, @rose, 0xffffffff}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48) listen(r4, 0x1ad72f7) accept4$netrom(r4, 0x0, 0x0, 0x80000) r6 = accept4(r4, 0x0, 0x0, 0x80800) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x41071, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) fallocate(r1, 0x0, 0xffff, 0x8009) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) write$cgroup_int(r7, &(0x7f0000000380)=0x3c, 0xfcb5) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f00000000c0)={0x0, r7, 0x18, 0x0, 0x0, 0xffffffffffff8001}) 4.336551915s ago: executing program 2 (id=1133): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000006c0)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="34000000100001f8ffffff000000000000000000", @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB], 0x34}}, 0x4004010) r5 = socket(0x2, 0x3, 0x6) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000240)=0x45d8, 0x4) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x2, 0x0, @remote}, 0x10) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x8) recvmsg$unix(r5, &(0x7f0000000140)={&(0x7f00000000c0)=@abs, 0x6e, 0x0, 0x0, &(0x7f0000000380)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb8}, 0x40) rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00') 3.986714591s ago: executing program 1 (id=1134): r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x800452d2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000200), 0x2, 0x101182) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$SIOCAX25CTLCON(0xffffffffffffffff, 0x890b, &(0x7f0000000080)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x0, 0x0, 0x0, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @default]}) syz_init_net_socket$ax25(0x3, 0x5, 0xcb) syz_open_dev$vim2m(&(0x7f0000000180), 0x10000000000201, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0}) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0x7, 0x0, &(0x7f00000002c0)="ae24a21f9a8246", 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000140)={0x0, 0x1, 0x7fffffff, 0x101, 0x534, 0x2}, &(0x7f0000000180)=0x14) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f00000000c0)='efs\x00', 0x208000, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000006c0)=@mangle={'mangle\x00', 0x64, 0x6, 0x668, 0x0, 0xd0, 0x1c0, 0x1c0, 0x320, 0x598, 0x598, 0x598, 0x598, 0x598, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x3a010000}}, @HL={0x28}}, {{@ipv6={@private1, @loopback, [], [], 'tunl0\x00', 'bridge_slave_1\x00'}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, 'wg1\x00', {0x5}}}}, {{@ipv6={@private0, @remote, [], [], 'veth0_to_team\x00', 'tunl0\x00', {}, {}, 0x11, 0x0, 0x3}, 0x0, 0x138, 0x160, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @dev, @private1, @mcast2, [], [], [], 0x4000}}]}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@loopback, @private2, [0x0, 0xff], [], 'syzkaller1\x00', 'veth0_to_batadv\x00'}, 0x0, 0x160, 0x1a8, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @dev, @private0, @local, [], [0x0, 0x0, 0xffffff00]}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, 'vlan0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6c8) syz_mount_image$erofs(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x810410, &(0x7f0000001a00)=ANY=[], 0x1, 0x1dc, &(0x7f0000000900)="$eJzsmb/L00AYx793ydu+vojg4uDiYMWKNk1SlS4dKrgL9edmsbFU01baCG3Bobi4ODoIrv4DDg6dHNzcXHVQQXCwo5twctdrciRGrFVBfD7Qp9889+u5C/kWGhAE8d/y4f2Xdw/P1S+eArAfJRR1/pOV9OFG/7eP75581Dj/5Nmbpy8HB+4t0vMVN1xf9n/RtBBhn84IYbaXVGS2rKKkc5fAcULrK2A4pvV1cFzWOgDDNa1vGXq4XiYMnBvDsHOzFwauDJ4Mvgw1c30bwHLO0AGwq6oTghnt4+nsdjsMg1Fa7Ij1OpmmTcWPzk/V1+RoxKcnhLxfVx/cn8trR+dd4/w8cHha18DQ0rqOIhzHSY7E2P9hO5nf+pn9/zZh/frwg5U/WRiJf1SwdEY+0HHm0HLxKjvq4/ars7/2yKSEMi4AmabXe9vNXNA7+m6fxJ+kex83/MmGHftHNerfqY6ns0qv3+4G3WDg+7Wz7mnXPeNXlRGtYsb3vsb+t6v8ac+YfyfHKwusgEk7ikbeBIhGXnztr6LhuK3nw89qDFf+x1E+uppD3kS17ZwfOqY/XH1LVbZyyiEIgiAIgiAIgiAIgiAIgtiQI2DqX1D9okrk4F9Qvb8FAAD//0crYjA=") r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8000, 0x64}, [@IFLA_GROUP={0x8}, @IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f00000000c0)='./bus\x00', 0x182) 3.078371255s ago: executing program 4 (id=1135): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ed50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10) r1 = socket$kcm(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bf"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000210081044e81", 0xa}], 0x1}, 0x0) r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r7 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r7, &(0x7f0000000300)={{0x6, @rose}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48) sendto$netrom(r7, 0x0, 0xfffffffffffffead, 0x0, &(0x7f0000000240)={{0x6, @rose}, [@bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) recvfrom$x25(r6, 0x0, 0x0, 0x101, 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x33fe0) 1.781171418s ago: executing program 4 (id=1136): syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6_udp(0xa, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="120000000400000008000000080000000000", @ANYRES32, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0700000000000000000000000000000000004817"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = socket(0x1, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r4, &(0x7f0000000100), &(0x7f00000001c0)=@tcp=r5}, 0x20) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r6) sendmsg$ETHTOOL_MSG_COALESCE_SET(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, r7, 0x1, 0x70bd2e, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_PKT_RATE_LOW={0x8, 0xd, 0x1}]}, 0x34}}, 0x0) 1.036289938s ago: executing program 2 (id=1137): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) syz_emit_vhci(0x0, 0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={0x0, 0xffffffffffffffff, 0x0, 0x3}}, 0x20) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000) r1 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0) ioctl$CEC_S_MODE(r1, 0x40046109, 0x0) semctl$GETALL(0x0, 0x0, 0xd, 0x0) r2 = userfaultfd(0x80001) ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, &(0x7f0000000340)={0x4, 0xfe}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ff2000/0xe000)=nil, 0xe000}, 0x3}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800"/16], 0x0, 0x96, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x29, &(0x7f0000000300)=0x20, 0x4) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000300), 0x6) r3 = syz_open_dev$video(&(0x7f0000000000), 0x3, 0x1340) ioctl$VIDIOC_TRY_FMT(r3, 0xc0d05640, &(0x7f00000004c0)={0x1, @sliced={0x6, [0x101, 0x7, 0x6, 0x8, 0x7, 0xb, 0xfffb, 0xd89, 0x4d26, 0x5, 0x6, 0x0, 0xfffe, 0x3, 0x180, 0xfe00, 0x1000, 0x2, 0x401, 0x8, 0x5, 0x4, 0x8, 0x3d2, 0x3, 0xfff, 0x9273, 0x2, 0xd5f, 0xffdf, 0x3, 0xa, 0x86a, 0x0, 0xcc92, 0x667, 0x3, 0xff36, 0x0, 0x1, 0x1, 0xffff, 0xfffc, 0x1, 0x38, 0x5, 0x80, 0x2], 0x9}}) clock_settime(0x0, &(0x7f0000000040)={0x77359400}) 0s ago: executing program 4 (id=1138): syz_emit_ethernet(0x74, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x73, 0x0, @private=0x300, @multicast1=0xac1414aa}, {0x0, 0x0, 0xfffffe9a, 0x0, @gue={{0x2}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, 0x0, &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) write$qrtrtun(r2, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r6 = socket$unix(0x1, 0x5, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) r7 = dup2(r6, r5) close_range(r7, 0xffffffffffffffff, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f00000000c0)={0x2, &(0x7f0000000600)=[{@none}, {}]}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x6, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) kernel console output (not intermixed with test programs): entered blocking state [ 98.639574][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.646838][ T5854] bridge_slave_0: entered allmulticast mode [ 98.654461][ T5854] bridge_slave_0: entered promiscuous mode [ 98.665337][ T5851] team0: Port device team_slave_0 added [ 98.672786][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.680323][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.682915][ T5155] Bluetooth: hci3: command tx timeout [ 98.687713][ T5854] bridge_slave_1: entered allmulticast mode [ 98.700503][ T5854] bridge_slave_1: entered promiscuous mode [ 98.708307][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.715374][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.741926][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.753858][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.760909][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.767792][ T5155] Bluetooth: hci4: command tx timeout [ 98.786862][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.820012][ T5851] team0: Port device team_slave_1 added [ 98.854821][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.861915][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.888421][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.929426][ T5841] hsr_slave_0: entered promiscuous mode [ 98.936165][ T5841] hsr_slave_1: entered promiscuous mode [ 98.967063][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.011058][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.018245][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.044680][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.062203][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.110085][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.117066][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.143959][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.185934][ T5847] hsr_slave_0: entered promiscuous mode [ 99.193532][ T5847] hsr_slave_1: entered promiscuous mode [ 99.200202][ T5847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.208441][ T5847] Cannot create hsr debugfs directory [ 99.265395][ T5849] hsr_slave_0: entered promiscuous mode [ 99.272177][ T5849] hsr_slave_1: entered promiscuous mode [ 99.278913][ T5849] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.286507][ T5849] Cannot create hsr debugfs directory [ 99.310051][ T5854] team0: Port device team_slave_0 added [ 99.354545][ T5854] team0: Port device team_slave_1 added [ 99.394916][ T5851] hsr_slave_0: entered promiscuous mode [ 99.402220][ T5851] hsr_slave_1: entered promiscuous mode [ 99.408722][ T5851] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.416313][ T5851] Cannot create hsr debugfs directory [ 99.524601][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.532458][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.558883][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.605344][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.612608][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.638904][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.887037][ T5854] hsr_slave_0: entered promiscuous mode [ 99.894208][ T5854] hsr_slave_1: entered promiscuous mode [ 99.901160][ T5854] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.909185][ T5854] Cannot create hsr debugfs directory [ 100.153475][ T5841] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 100.169070][ T5841] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 100.195998][ T5841] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 100.239409][ T5841] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 100.277482][ T5155] Bluetooth: hci0: command tx timeout [ 100.332080][ T5849] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 100.348633][ T5849] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 100.358219][ T5155] Bluetooth: hci1: command tx timeout [ 100.369844][ T5849] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 100.389134][ T5849] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 100.501932][ T5847] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 100.551325][ T5847] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 100.585154][ T5847] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 100.597722][ T5155] Bluetooth: hci2: command tx timeout [ 100.613897][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.624753][ T5847] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 100.705316][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.712528][ T5851] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 100.724504][ T5851] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 100.736007][ T5851] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 100.758382][ T5155] Bluetooth: hci3: command tx timeout [ 100.765036][ T5851] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 100.782565][ T1109] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.789943][ T1109] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.838018][ T5155] Bluetooth: hci4: command tx timeout [ 100.839325][ T1109] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.850739][ T1109] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.951696][ T5854] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 100.969459][ T5854] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 100.991084][ T5854] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 101.007251][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.029729][ T5854] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 101.196274][ T5849] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.219770][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.278209][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.285439][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.335861][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.354588][ T1152] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.361848][ T1152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.402544][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.409769][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.480796][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.488044][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.512470][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.563183][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.601267][ T5854] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.643206][ T5851] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.656998][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.664309][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.696955][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.704210][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.715893][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.723081][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.742643][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.793372][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.800572][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.004998][ T5841] veth0_vlan: entered promiscuous mode [ 102.056854][ T5841] veth1_vlan: entered promiscuous mode [ 102.238022][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.301840][ T5841] veth0_macvtap: entered promiscuous mode [ 102.332827][ T5841] veth1_macvtap: entered promiscuous mode [ 102.365396][ T5155] Bluetooth: hci0: command tx timeout [ 102.441333][ T5155] Bluetooth: hci1: command tx timeout [ 102.459099][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.500405][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.554887][ T5841] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.565521][ T5841] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.576713][ T5841] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.585884][ T5841] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.634362][ T5849] veth0_vlan: entered promiscuous mode [ 102.650868][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.662602][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.678038][ T5155] Bluetooth: hci2: command tx timeout [ 102.695371][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.744355][ T5849] veth1_vlan: entered promiscuous mode [ 102.837642][ T5155] Bluetooth: hci3: command tx timeout [ 102.916511][ T5854] veth0_vlan: entered promiscuous mode [ 102.927795][ T5155] Bluetooth: hci4: command tx timeout [ 102.945026][ T1163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.963399][ T5854] veth1_vlan: entered promiscuous mode [ 102.969733][ T1163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.053711][ T5849] veth0_macvtap: entered promiscuous mode [ 103.103634][ T5851] veth0_vlan: entered promiscuous mode [ 103.116064][ T5849] veth1_macvtap: entered promiscuous mode [ 103.133841][ T1163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.140267][ T5851] veth1_vlan: entered promiscuous mode [ 103.142233][ T1163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.175959][ T5854] veth0_macvtap: entered promiscuous mode [ 103.211832][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.228409][ T5854] veth1_macvtap: entered promiscuous mode [ 103.256106][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.271187][ T5841] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 103.323476][ T5849] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.341841][ T5849] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.351113][ T5849] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.364636][ T5849] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.425260][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.472108][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.494715][ T5851] veth0_macvtap: entered promiscuous mode [ 103.545644][ T5847] veth0_vlan: entered promiscuous mode [ 103.566248][ T5854] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.584216][ T5854] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.593532][ T5854] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.616437][ T5854] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.644405][ T5851] veth1_macvtap: entered promiscuous mode [ 103.671276][ T5847] veth1_vlan: entered promiscuous mode [ 103.821308][ T5920] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 104.183754][ T5847] veth0_macvtap: entered promiscuous mode [ 104.395901][ T5847] veth1_macvtap: entered promiscuous mode [ 104.425025][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.437951][ T5155] Bluetooth: hci0: command tx timeout [ 104.452234][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.466302][ T5847] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.479954][ T5847] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.495892][ T5847] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.508002][ T5847] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.525574][ T5155] Bluetooth: hci1: command tx timeout [ 104.606738][ T1163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.638602][ T1163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.696982][ T1163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.705772][ T1163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.758118][ T5155] Bluetooth: hci2: command tx timeout [ 104.834708][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.849911][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.918073][ T5155] Bluetooth: hci3: command tx timeout [ 105.068292][ T5155] Bluetooth: hci4: command tx timeout [ 105.708353][ T5851] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.719907][ T5851] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.733443][ T5851] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.780664][ T5851] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.868786][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.876706][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.188700][ T5931] loop1: detected capacity change from 0 to 1024 [ 106.250996][ T5931] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 106.261348][ T5931] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 106.284508][ T5931] JBD2: no valid journal superblock found [ 106.290650][ T5931] EXT4-fs (loop1): Could not load journal inode [ 106.926025][ T1109] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.963267][ T1109] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.240164][ T5941] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.691556][ T5953] loop1: detected capacity change from 0 to 2048 [ 110.815368][ T5941] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.880949][ T5955] sctp: [Deprecated]: syz.1.11 (pid 5955) Use of struct sctp_assoc_value in delayed_ack socket option. [ 110.880949][ T5955] Use struct sctp_sack_info instead [ 110.899721][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.921294][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.005409][ T5846] Alternate GPT is invalid, using primary GPT. [ 111.042806][ T5846] loop1: p2 p3 p7 [ 111.207626][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.216519][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.598780][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.753542][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.924972][ T5960] udevd[5960]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 113.932520][ T5846] udevd[5846]: inotify_add_watch(7, /dev/loop1p7, 10) failed: No such file or directory [ 113.965080][ T5962] udevd[5962]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 114.689897][ T5987] netlink: 2 bytes leftover after parsing attributes in process `syz.1.16'. [ 114.708181][ T5987] warning: `syz.1.16' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 115.503230][ T5992] loop0: detected capacity change from 0 to 512 [ 116.461419][ T5992] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 116.593647][ T5992] ext4 filesystem being mounted at /2/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 116.630524][ T5999] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 116.705433][ T30] audit: type=1326 audit(1748947238.657:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f136938e969 code=0x7ffc0000 [ 116.728331][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 116.742961][ T5999] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3'. [ 116.806320][ T30] audit: type=1326 audit(1748947238.697:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f136938e969 code=0x7ffc0000 [ 116.862594][ T30] audit: type=1326 audit(1748947238.697:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f136938e969 code=0x7ffc0000 [ 116.908098][ T5981] delete_channel: no stack [ 117.459432][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 117.498961][ T5895] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 117.561157][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 118.043191][ T1152] wlan0: Trigger new scan to find an IBSS to join [ 118.377593][ T30] audit: type=1326 audit(1748947238.697:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f136938e969 code=0x7ffc0000 [ 118.400759][ T30] audit: type=1326 audit(1748947238.697:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f136938e969 code=0x7ffc0000 [ 118.422769][ T30] audit: type=1326 audit(1748947238.697:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f136938e969 code=0x7ffc0000 [ 118.446275][ T30] audit: type=1326 audit(1748947238.697:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f136938e969 code=0x7ffc0000 [ 118.539869][ T5895] usb 1-1: Using ep0 maxpacket: 8 [ 118.561298][ T30] audit: type=1326 audit(1748947238.697:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=81 compat=0 ip=0x7f136938e969 code=0x7ffc0000 [ 118.897952][ T30] audit: type=1326 audit(1748947238.697:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f136938e969 code=0x7ffc0000 [ 119.132890][ T30] audit: type=1326 audit(1748947238.697:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f136938e969 code=0x7ffc0000 [ 119.237806][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 119.247933][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 119.257828][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 119.275039][ T5895] usb 1-1: device descriptor read/all, error -71 [ 119.444498][ T5854] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.814046][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 119.977828][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 120.018638][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 120.048701][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 122.257178][ T5974] wlan0: Trigger new scan to find an IBSS to join [ 122.311130][ T6029] 9pnet_virtio: no channels available for device syz [ 123.730442][ T6038] loop2: detected capacity change from 0 to 512 [ 123.849547][ T6041] netlink: 224 bytes leftover after parsing attributes in process `syz.0.28'. [ 124.444174][ T36] wlan0: Creating new IBSS network, BSSID c2:bc:08:71:e6:41 [ 125.158523][ T6050] loop4: detected capacity change from 0 to 1024 [ 125.240420][ T6050] ======================================================= [ 125.240420][ T6050] WARNING: The mand mount option has been deprecated and [ 125.240420][ T6050] and is ignored by this kernel. Remove the mand [ 125.240420][ T6050] option from the mount to silence this warning. [ 125.240420][ T6050] ======================================================= [ 125.272316][ T6038] EXT4-fs (loop2): Test dummy encryption mode enabled [ 125.951991][ T6038] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 126.129467][ T6050] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 126.187591][ T6038] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 126.260524][ T6038] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00cc018, mo2=0002] [ 126.273190][ T6038] System zones: 1-12 [ 126.596153][ T6038] EXT4-fs (loop2): 1 truncate cleaned up [ 127.660172][ T6038] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.754604][ T5847] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.360128][ T5851] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.385947][ T6096] loop1: detected capacity change from 0 to 256 [ 130.393984][ T6096] exfat: Bad value for 'uid' [ 130.398724][ T6096] exfat: Bad value for 'uid' [ 130.454265][ T6099] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 130.872167][ T6093] loop0: detected capacity change from 0 to 1024 [ 132.277366][ T6109] loop4: detected capacity change from 0 to 256 [ 132.483709][ T6109] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d) [ 133.031002][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.037592][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.120369][ T6111] netlink: 260 bytes leftover after parsing attributes in process `syz.3.42'. [ 133.549727][ T6093] netlink: 'syz.0.40': attribute type 1 has an invalid length. [ 133.594452][ T6113] loop1: detected capacity change from 0 to 256 [ 133.602307][ T6113] exfat: Unknown parameter '18446744073709551615ÿÿ18446744073709551615ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ' [ 135.033839][ T6125] process 'syz.1.44' launched '/dev/fd/5' with NULL argv: empty string added [ 136.538242][ T1170] Bluetooth: hci5: Frame reassembly failed (-84) [ 136.722133][ T6137] loop2: detected capacity change from 0 to 128 [ 136.863943][ T6137] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 137.013372][ T6137] ext4 filesystem being mounted at /6/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 138.197608][ T5155] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 138.389093][ T5851] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 138.731611][ T6150] netlink: 256 bytes leftover after parsing attributes in process `syz.4.55'. [ 145.295636][ T6196] uprobe: syz.1.68:6196 failed to unregister, leaking uprobe [ 148.497825][ T6217] CIFS: VFS: Malformed UNC in devname [ 150.186875][ T6234] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 152.911274][ T6245] Bluetooth: MGMT ver 1.23 [ 152.916862][ T6245] Bluetooth: hci0: expected 2 bytes, got 7 bytes [ 154.439845][ T1109] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 158.898078][ T6284] Zero length message leads to an empty skb [ 159.199540][ T6299] netlink: zone id is out of range [ 159.204774][ T6299] netlink: del zone limit has 4 unknown bytes [ 160.867381][ T5888] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 161.669901][ T5888] usb 5-1: config 0 has no interfaces? [ 161.701109][ T5888] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 161.743854][ T5888] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.786553][ T5888] usb 5-1: Product: syz [ 161.869133][ T5888] usb 5-1: Manufacturer: syz [ 161.875019][ T5888] usb 5-1: SerialNumber: syz [ 161.979258][ T5888] usb 5-1: config 0 descriptor?? [ 163.848673][ T5888] usb 5-1: USB disconnect, device number 2 [ 165.583972][ T6340] loop4: detected capacity change from 0 to 1764 [ 168.097185][ T6355] loop4: detected capacity change from 0 to 512 [ 168.849504][ T6365] loop0: detected capacity change from 0 to 1024 [ 168.904312][ T6355] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 168.925795][ T6355] EXT4-fs (loop4): orphan cleanup on readonly fs [ 168.960427][ T6355] __quota_error: 20 callbacks suppressed [ 168.960448][ T6355] Quota error (device loop4): dq_insert_tree: Quota tree root isn't allocated! [ 168.984066][ T6355] Quota error (device loop4): qtree_write_dquot: Error -5 occurred while creating quota [ 169.057572][ T6355] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.110: Failed to acquire dquot type 1 [ 169.110930][ T6355] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.110: bg 0: block 40: padding at end of block bitmap is not set [ 169.497959][ T6355] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 169.530899][ T6355] EXT4-fs (loop4): 1 truncate cleaned up [ 169.564822][ T6355] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 170.407620][ T6376] loop0: detected capacity change from 0 to 64 [ 170.633321][ T6355] netlink: 'syz.4.110': attribute type 2 has an invalid length. [ 172.059559][ T5847] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.696713][ T6402] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 174.703584][ T6402] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 174.798639][ T6409] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 174.820430][ T6402] vhci_hcd vhci_hcd.0: Device attached [ 175.037160][ T6410] vhci_hcd vhci_hcd.0: pdev(3) rhport(2) sockfd(8) [ 175.043783][ T6410] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 175.097929][ T5888] vhci_hcd: vhci_device speed not set [ 175.145776][ T6410] vhci_hcd vhci_hcd.0: Device attached [ 175.680891][ T6402] vhci_hcd vhci_hcd.0: pdev(3) rhport(3) sockfd(13) [ 175.687579][ T6402] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 175.757557][ T5888] usb 39-1: new full-speed USB device number 2 using vhci_hcd [ 175.804630][ T6410] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 176.056242][ T6402] vhci_hcd vhci_hcd.0: Device attached [ 176.056643][ T6409] vhci_hcd vhci_hcd.0: pdev(3) rhport(5) sockfd(18) [ 176.068422][ T6409] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 177.158902][ T6409] vhci_hcd vhci_hcd.0: Device attached [ 179.641285][ T6424] vhci_hcd: connection closed [ 179.648264][ T1163] vhci_hcd: stop threads [ 179.707515][ T1163] vhci_hcd: release socket [ 180.397337][ T1163] vhci_hcd: disconnect device [ 180.758421][ T6416] vhci_hcd: connection closed [ 180.834818][ T6405] vhci_hcd: connection reset by peer [ 180.933092][ T6413] vhci_hcd: connection closed [ 181.147990][ T6406] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 181.365173][ T1170] vhci_hcd: stop threads [ 181.377408][ T1170] vhci_hcd: release socket [ 181.383063][ T1170] vhci_hcd: disconnect device [ 181.472514][ T1170] vhci_hcd: stop threads [ 181.476930][ T1170] vhci_hcd: release socket [ 181.734039][ T1170] vhci_hcd: disconnect device [ 181.740405][ T1170] vhci_hcd: stop threads [ 181.744872][ T1170] vhci_hcd: release socket [ 182.664704][ T6460] cgroup: fork rejected by pids controller in /syz1 [ 182.732869][ T1170] vhci_hcd: disconnect device [ 182.808731][ T5888] vhci_hcd: vhci_device speed not set [ 182.839679][ T6490] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 183.780242][ T6498] overlayfs: failed to clone upperpath [ 184.862126][ T6508] loop3: detected capacity change from 0 to 1024 [ 184.888003][ T6508] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 184.897945][ T6508] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 184.924218][ T6508] JBD2: no valid journal superblock found [ 184.930412][ T6508] EXT4-fs (loop3): Could not load journal inode [ 190.079532][ T1163] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 190.370985][ T6557] netlink: 8 bytes leftover after parsing attributes in process `syz.2.150'. [ 193.270697][ T30] audit: type=1326 audit(1748947315.227:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6570 comm="syz.0.155" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f136938e969 code=0x0 [ 193.782465][ T6582] netlink: 16 bytes leftover after parsing attributes in process `syz.1.157'. [ 194.499306][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.505714][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.588530][ T6601] Invalid ELF header magic: != ELF [ 197.225519][ T6598] loop3: detected capacity change from 0 to 128 [ 197.723180][ T980] kernel read not supported for file /file0 (pid: 980 comm: kworker/0:3) [ 197.768542][ T6598] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 197.799240][ T6598] ext4 filesystem being mounted at /29/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 199.878371][ T5841] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 200.481186][ T6623] netlink: 8 bytes leftover after parsing attributes in process `syz.1.167'. [ 202.120179][ T6639] loop0: detected capacity change from 0 to 1764 [ 204.969997][ T6652] netlink: 16 bytes leftover after parsing attributes in process `syz.0.174'. [ 205.499714][ T6656] futex_wake_op: syz.2.176 tries to shift op by -1; fix this program [ 210.221022][ T6691] ceph: No mds server is up or the cluster is laggy [ 210.268923][ T980] libceph: connect (1)[c::]:6789 error -101 [ 210.294546][ T980] libceph: mon0 (1)[c::]:6789 connect error [ 210.570365][ T5888] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 210.728322][ T5888] usb 5-1: Using ep0 maxpacket: 16 [ 211.244640][ T5888] usb 5-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35 [ 211.292600][ T5888] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.318338][ T5888] usb 5-1: Product: syz [ 211.325004][ T5888] usb 5-1: Manufacturer: syz [ 211.815669][ T5888] usb 5-1: SerialNumber: syz [ 211.863572][ T5888] usb 5-1: config 0 descriptor?? [ 211.996995][ T5888] as10x_usb: device has been detected [ 212.033380][ T5888] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led)) [ 212.352991][ T6711] loop3: detected capacity change from 0 to 40427 [ 212.468054][ T6711] F2FS-fs (loop3): invalid crc value [ 212.535424][ T5888] usb 5-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))... [ 213.289940][ T6711] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 213.586334][ T6724] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 213.592938][ T6724] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 214.199931][ T5888] as10x_usb: error during firmware upload part1 [ 214.207165][ T6724] vhci_hcd vhci_hcd.0: Device attached [ 214.222153][ T5888] Registered device Sky IT Digital Key (green led) [ 214.231779][ T5888] usb 5-1: USB disconnect, device number 3 [ 215.083712][ T5841] syz-executor: attempt to access beyond end of device [ 215.083712][ T5841] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 215.152404][ T6725] vhci_hcd: cannot find the pending unlink 5 [ 215.183255][ T980] IPVS: starting estimator thread 0... [ 215.221580][ T5841] CPU: 0 UID: 0 PID: 5841 Comm: syz-executor Not tainted 6.15.0-next-20250603-syzkaller #0 PREEMPT(full) [ 215.221611][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 215.221633][ T5841] Call Trace: [ 215.221642][ T5841] [ 215.221652][ T5841] dump_stack_lvl+0x189/0x250 [ 215.221697][ T5841] ? __pfx_dump_stack_lvl+0x10/0x10 [ 215.221718][ T5841] ? __pfx_queue_work_on+0x10/0x10 [ 215.221738][ T5841] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 215.221771][ T5841] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 215.221800][ T5841] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 215.221830][ T5841] ? f2fs_hw_is_readonly+0x39b/0x470 [ 215.221866][ T5841] f2fs_handle_critical_error+0x37c/0x540 [ 215.221902][ T5841] f2fs_write_end_io+0x495/0x810 [ 215.221933][ T5841] ? blkg_put+0x22/0x240 [ 215.221973][ T5841] __submit_merged_bio+0x27a/0x6a0 [ 215.222009][ T5841] __submit_merged_write_cond+0x255/0x530 [ 215.222045][ T5841] f2fs_write_data_pages+0x261d/0x3000 [ 215.222115][ T5841] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 215.222226][ T5841] ? __lock_acquire+0xab9/0xd20 [ 215.222272][ T5841] ? do_raw_spin_lock+0x121/0x290 [ 215.222310][ T5841] ? do_raw_spin_unlock+0x122/0x240 [ 215.222335][ T5841] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 215.222368][ T5841] do_writepages+0x32e/0x550 [ 215.222405][ T5841] ? do_raw_spin_unlock+0x122/0x240 [ 215.222435][ T5841] filemap_fdatawrite+0x191/0x230 [ 215.222459][ T5841] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 215.222535][ T5841] ? do_raw_spin_unlock+0x122/0x240 [ 215.222565][ T5841] f2fs_sync_dirty_inodes+0x31f/0x830 [ 215.222616][ T5841] f2fs_write_checkpoint+0x94a/0x1de0 [ 215.222677][ T5841] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 215.222756][ T5841] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 215.222776][ T5841] ? kfree+0x18e/0x440 [ 215.222798][ T5841] ? kill_f2fs_super+0x298/0x6c0 [ 215.222837][ T5841] kill_f2fs_super+0x2c3/0x6c0 [ 215.222878][ T5841] ? __pfx_kill_f2fs_super+0x10/0x10 [ 215.222909][ T5841] ? radix_tree_delete_item+0x2b6/0x400 [ 215.222949][ T5841] ? shrinker_free+0x2ce/0x3e0 [ 215.222981][ T5841] deactivate_locked_super+0xb9/0x130 [ 215.223017][ T5841] cleanup_mnt+0x425/0x4c0 [ 215.223050][ T5841] ? lockdep_hardirqs_on+0x9c/0x150 [ 215.223083][ T5841] task_work_run+0x1d1/0x260 [ 215.223115][ T5841] ? __pfx_task_work_run+0x10/0x10 [ 215.223139][ T5841] ? __x64_sys_umount+0x122/0x160 [ 215.223166][ T5841] ? exit_to_user_mode_loop+0x40/0x110 [ 215.223202][ T5841] exit_to_user_mode_loop+0xec/0x110 [ 215.223239][ T5841] do_syscall_64+0x2bd/0x3b0 [ 215.223271][ T5841] ? lockdep_hardirqs_on+0x9c/0x150 [ 215.223301][ T5841] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.223324][ T5841] ? clear_bhb_loop+0x60/0xb0 [ 215.223351][ T5841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.223372][ T5841] RIP: 0033:0x7f65c338fc97 [ 215.223397][ T5841] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 215.223415][ T5841] RSP: 002b:00007ffc54cfe1f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 215.223437][ T5841] RAX: 0000000000000000 RBX: 00007f65c341089d RCX: 00007f65c338fc97 [ 215.223452][ T5841] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc54cfe2b0 [ 215.223465][ T5841] RBP: 00007ffc54cfe2b0 R08: 0000000000000000 R09: 0000000000000000 [ 215.223478][ T5841] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc54cff340 [ 215.223491][ T5841] R13: 00007f65c341089d R14: 0000000000034484 R15: 00007ffc54cff380 [ 215.223525][ T5841] [ 215.223535][ T5841] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 215.347417][ T5169] usb 33-1: new high-speed USB device number 2 using vhci_hcd [ 215.607509][ T6725] vhci_hcd: connection closed [ 215.697141][ T5989] vhci_hcd: stop threads [ 215.909360][ T6739] IPVS: using max 33 ests per chain, 79200 per kthread [ 216.237840][ T5989] vhci_hcd: release socket [ 216.314551][ T5888] Unregistered device Sky IT Digital Key (green led) [ 216.328754][ T5989] vhci_hcd: disconnect device [ 216.351322][ T5888] as10x_usb: device has been disconnected [ 220.747661][ T6785] loop0: detected capacity change from 0 to 40427 [ 220.767438][ T6785] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 220.775353][ T6785] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 220.926609][ T6785] F2FS-fs (loop0): invalid crc value [ 221.052410][ T6785] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 221.059698][ T6785] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 223.076775][ T5169] vhci_hcd: vhci_device speed not set [ 223.108998][ T6782] Bluetooth: hci4: command 0x0406 tx timeout [ 223.115084][ T6782] Bluetooth: hci0: command 0x0406 tx timeout [ 223.121164][ T6782] Bluetooth: hci1: command 0x0406 tx timeout [ 223.127175][ T6782] Bluetooth: hci2: command 0x0406 tx timeout [ 223.133266][ T6782] Bluetooth: hci3: command 0x0406 tx timeout [ 226.716954][ T66] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 228.722530][ T6864] virtio-fs: tag <./file0/file0> not found [ 229.984903][ T6871] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 232.609232][ T6884] loop3: detected capacity change from 0 to 512 [ 232.616967][ T6884] EXT4-fs: Ignoring removed mblk_io_submit option [ 233.273312][ T6884] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 233.313399][ T6884] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a042c118, mo2=0002] [ 233.321690][ T6884] System zones: 1-12 [ 233.348396][ T6884] EXT4-fs error (device loop3): ext4_iget_extra_inode:5035: inode #15: comm syz.3.219: corrupted in-inode xattr: e_value size too large [ 233.368108][ T6884] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.219: couldn't read orphan inode 15 (err -117) [ 233.386627][ T6884] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 235.558622][ T5841] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.943165][ T6913] loop3: detected capacity change from 0 to 2048 [ 238.789073][ T6913] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 238.847585][ T6913] ext4 filesystem being mounted at /40/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 240.229992][ T6941] sctp: [Deprecated]: syz.1.232 (pid 6941) Use of int in max_burst socket option deprecated. [ 240.229992][ T6941] Use struct sctp_assoc_value instead [ 241.040348][ T5841] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 242.927856][ T6950] loop3: detected capacity change from 0 to 2048 [ 243.612314][ T6950] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 243.790578][ T6950] ext4 filesystem being mounted at /41/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 243.817417][ T6778] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 243.837556][ T6778] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 243.857733][ T6778] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 243.866780][ T6778] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 243.874871][ T6778] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 243.936649][ T30] audit: type=1800 audit(1748947365.887:33): pid=6950 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.234" name="file0" dev="loop3" ino=13 res=0 errno=0 [ 243.939358][ T6950] fs-verity: sha512 using implementation "sha512-avx2" [ 246.659816][ T1170] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.672246][ T6779] Bluetooth: hci4: command tx timeout [ 247.029699][ T6950] fs-verity (loop3, inode 13): Error -4 building Merkle tree [ 247.272791][ T1170] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.273548][ T5841] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 247.811389][ T6981] loop4: detected capacity change from 0 to 1024 [ 247.820602][ T6981] EXT4-fs: Ignoring removed orlov option [ 247.826316][ T6981] EXT4-fs: Ignoring removed nomblk_io_submit option [ 247.872984][ T6950] syz.3.234 (6950) used greatest stack depth: 20152 bytes left [ 247.902344][ T6981] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 247.952692][ T6977] netlink: 'syz.4.241': attribute type 21 has an invalid length. [ 247.960627][ T6977] IPv6: NLM_F_CREATE should be specified when creating new route [ 248.205355][ T1170] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.310065][ T5847] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 248.949926][ T6779] Bluetooth: hci4: command tx timeout [ 249.494566][ T1170] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.410153][ T6779] Bluetooth: hci4: command tx timeout [ 251.940490][ T6966] chnl_net:caif_netlink_parms(): no params data found [ 252.757105][ T1170] bridge_slave_1: left allmulticast mode [ 252.767057][ T1170] bridge_slave_1: left promiscuous mode [ 252.780835][ T1170] bridge0: port 2(bridge_slave_1) entered disabled state [ 252.919129][ T5895] IPVS: starting estimator thread 0... [ 253.144447][ T7031] IPVS: using max 25 ests per chain, 60000 per kthread [ 253.156426][ T1170] bridge_slave_0: left allmulticast mode [ 253.203453][ T1170] bridge_slave_0: left promiscuous mode [ 253.232893][ T1170] bridge0: port 1(bridge_slave_0) entered disabled state [ 253.477410][ T6779] Bluetooth: hci4: command tx timeout [ 254.973960][ T7053] input: syz1 as /devices/virtual/input/input6 [ 255.559452][ T7057] netlink: 'syz.3.258': attribute type 10 has an invalid length. [ 255.887372][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.893750][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.669735][ T7080] No such timeout policy "syz1" [ 262.034773][ T1170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 262.046545][ T1170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 262.059578][ T1170] bond0 (unregistering): Released all slaves [ 262.199167][ T7057] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 262.295507][ T7061] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 262.489054][ T6966] bridge0: port 1(bridge_slave_0) entered blocking state [ 262.496396][ T6966] bridge0: port 1(bridge_slave_0) entered disabled state [ 263.207020][ T6966] bridge_slave_0: entered allmulticast mode [ 263.228466][ T6966] bridge_slave_0: entered promiscuous mode [ 263.278705][ T6848] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 266.073959][ T6966] bridge0: port 2(bridge_slave_1) entered blocking state [ 266.112790][ T6966] bridge0: port 2(bridge_slave_1) entered disabled state [ 266.137866][ T6966] bridge_slave_1: entered allmulticast mode [ 266.160555][ T7136] loop4: detected capacity change from 0 to 1024 [ 266.164470][ T6966] bridge_slave_1: entered promiscuous mode [ 266.394567][ T7136] loop4: detected capacity change from 0 to 256 [ 266.445174][ T6966] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 266.660562][ T6966] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 267.488774][ T7136] FAT-fs (loop4): Directory bread(block 64) failed [ 267.495686][ T7136] FAT-fs (loop4): Directory bread(block 65) failed [ 267.588196][ T7136] FAT-fs (loop4): Directory bread(block 66) failed [ 267.594825][ T7136] FAT-fs (loop4): Directory bread(block 67) failed [ 268.448023][ T7136] FAT-fs (loop4): Directory bread(block 68) failed [ 268.455982][ T7136] FAT-fs (loop4): Directory bread(block 69) failed [ 268.468247][ T7136] FAT-fs (loop4): Directory bread(block 70) failed [ 269.102286][ T7136] FAT-fs (loop4): Directory bread(block 71) failed [ 269.155726][ T7136] FAT-fs (loop4): Directory bread(block 72) failed [ 269.206740][ T7136] FAT-fs (loop4): Directory bread(block 73) failed [ 269.393492][ T7157] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 269.410102][ T7157] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 269.539123][ T6966] team0: Port device team_slave_0 added [ 269.561925][ T6966] team0: Port device team_slave_1 added [ 269.625585][ T1170] hsr_slave_0: left promiscuous mode [ 269.858442][ T1170] hsr_slave_1: left promiscuous mode [ 269.864895][ T1170] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 270.317657][ T7178] xt_NFQUEUE: number of total queues is 0 [ 270.815490][ T1170] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 270.856520][ T1170] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 270.887539][ T1170] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 270.996403][ T1170] veth1_macvtap: left promiscuous mode [ 271.714053][ T1170] veth0_macvtap: left promiscuous mode [ 271.744662][ T1170] veth1_vlan: left promiscuous mode [ 271.766565][ T1170] veth0_vlan: left promiscuous mode [ 272.623172][ T7192] syz.2.290 uses obsolete (PF_INET,SOCK_PACKET) [ 277.834797][ T7200] uprobe: syz.2.293:7200 failed to unregister, leaking uprobe [ 283.650008][ T7252] loop4: detected capacity change from 0 to 2048 [ 284.582118][ T7252] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 286.153568][ T7252] NILFS (loop4): bad btree root (ino=6): level = 0, flags = 0x7, nchildren = 0 [ 286.162981][ T7252] NILFS (loop4): ifile inode (checkpoint number=2) corrupted [ 286.174839][ T7252] NILFS (loop4): error -5 while loading last checkpoint (checkpoint number=2) [ 289.264193][ T7277] netlink: 452 bytes leftover after parsing attributes in process `syz.3.310'. [ 289.694437][ T7285] binder: 7283:7285 ioctl c018620c 200000000100 returned -1 [ 291.787496][ T1170] team0 (unregistering): Port device team_slave_1 removed [ 291.923189][ T1170] team0 (unregistering): Port device team_slave_0 removed [ 295.829951][ T7313] loop3: detected capacity change from 0 to 256 [ 297.326533][ T66] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 297.583132][ T6966] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 299.285494][ T6966] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 299.622874][ T6966] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 299.874840][ T6966] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 299.934480][ T6966] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 300.183953][ T6966] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 304.010517][ T1170] IPVS: stop unused estimator thread 0... [ 304.040882][ T6778] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 304.067364][ T6778] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 304.077600][ T6778] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 304.094042][ T6778] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 304.105333][ T6778] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 304.719618][ T66] bridge_slave_1: left allmulticast mode [ 304.805236][ T66] bridge_slave_1: left promiscuous mode [ 304.884069][ T66] bridge0: port 2(bridge_slave_1) entered disabled state [ 305.132003][ T66] bridge_slave_0: left allmulticast mode [ 305.222550][ T66] bridge_slave_0: left promiscuous mode [ 305.333081][ T66] bridge0: port 1(bridge_slave_0) entered disabled state [ 305.640528][ T7383] xt_nat: multiple ranges no longer supported [ 306.015764][ T7389] loop4: detected capacity change from 0 to 256 [ 306.298535][ T6779] Bluetooth: hci5: command tx timeout [ 306.928428][ T7387] block device autoloading is deprecated and will be removed. [ 307.488661][ T7404] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 308.452056][ T6778] Bluetooth: hci5: command tx timeout [ 308.534921][ T66] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 309.438308][ T66] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 309.670677][ T66] bond0 (unregistering): Released all slaves [ 309.751760][ T7417] dlm: no local IP address has been set [ 309.757968][ T7417] dlm: cannot start dlm midcomms -107 [ 311.417285][ T6778] Bluetooth: hci5: command tx timeout [ 312.509908][ T66] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 312.527509][ T66] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 312.756518][ T66] team0 (unregistering): Port device team_slave_1 removed [ 313.475920][ T66] team0 (unregistering): Port device team_slave_0 removed [ 313.487892][ T6778] Bluetooth: hci5: command tx timeout [ 314.827050][ T7456] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 314.840937][ T7456] Error validating options; rc = [-22] [ 318.031888][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.038365][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 319.403531][ T7363] chnl_net:caif_netlink_parms(): no params data found [ 323.688497][ T7363] bridge0: port 1(bridge_slave_0) entered blocking state [ 323.804210][ T7363] bridge0: port 1(bridge_slave_0) entered disabled state [ 323.838265][ T7363] bridge_slave_0: entered allmulticast mode [ 323.865215][ T7363] bridge_slave_0: entered promiscuous mode [ 323.919634][ T7363] bridge0: port 2(bridge_slave_1) entered blocking state [ 323.987497][ T7363] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.994824][ T7363] bridge_slave_1: entered allmulticast mode [ 324.189277][ T7363] bridge_slave_1: entered promiscuous mode [ 325.167619][ T7363] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 325.203556][ T7363] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 327.515702][ T7363] team0: Port device team_slave_0 added [ 327.561617][ T7363] team0: Port device team_slave_1 added [ 328.046639][ T7363] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 328.058316][ T7363] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 329.101579][ T7363] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 329.114921][ T7363] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 329.123741][ T7363] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 329.262072][ T7363] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 329.573301][ T7363] hsr_slave_0: entered promiscuous mode [ 329.593829][ T7363] hsr_slave_1: entered promiscuous mode [ 329.639099][ T7363] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 329.647408][ T7363] Cannot create hsr debugfs directory [ 330.203764][ T43] IPVS: starting estimator thread 0... [ 330.250082][ T6848] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 330.297752][ T7600] IPVS: using max 22 ests per chain, 52800 per kthread [ 331.824477][ T7612] netlink: 60 bytes leftover after parsing attributes in process `syz.1.387'. [ 332.879730][ T7363] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 333.047033][ T7363] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 333.106737][ T7363] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 333.159894][ T7363] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 334.122810][ T7363] 8021q: adding VLAN 0 to HW filter on device bond0 [ 334.216712][ T30] audit: type=1326 audit(1748947456.167:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65c338e969 code=0x7ffc0000 [ 334.521543][ T30] audit: type=1326 audit(1748947456.197:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f65c338e969 code=0x7ffc0000 [ 334.544243][ C1] vkms_vblank_simulate: vblank timer overrun [ 334.738346][ T7363] 8021q: adding VLAN 0 to HW filter on device team0 [ 335.177353][ T30] audit: type=1326 audit(1748947456.197:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65c338e969 code=0x7ffc0000 [ 335.227100][ T5974] bridge0: port 1(bridge_slave_0) entered blocking state [ 335.234375][ T5974] bridge0: port 1(bridge_slave_0) entered forwarding state [ 335.297496][ T30] audit: type=1326 audit(1748947456.197:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65c338e969 code=0x7ffc0000 [ 335.375579][ T30] audit: type=1326 audit(1748947456.207:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f65c338d2d0 code=0x7ffc0000 [ 336.178443][ T5974] bridge0: port 2(bridge_slave_1) entered blocking state [ 336.185684][ T5974] bridge0: port 2(bridge_slave_1) entered forwarding state [ 336.228497][ T30] audit: type=1326 audit(1748947456.207:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f65c3390197 code=0x7ffc0000 [ 336.384759][ T30] audit: type=1326 audit(1748947456.207:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f65c338e969 code=0x7ffc0000 [ 336.552491][ T30] audit: type=1326 audit(1748947456.217:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f65c3390197 code=0x7ffc0000 [ 336.694645][ T30] audit: type=1326 audit(1748947456.217:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f65c338d5ca code=0x7ffc0000 [ 337.370846][ T30] audit: type=1326 audit(1748947456.217:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65c338e969 code=0x7ffc0000 [ 339.255916][ T7666] loop4: detected capacity change from 0 to 512 [ 340.068986][ T7666] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 340.177630][ T7666] ext4 filesystem being mounted at /81/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 342.995237][ T7363] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 344.171396][ T5847] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 346.027982][ T7711] delete_channel: no stack [ 346.208052][ T7713] netlink: 4 bytes leftover after parsing attributes in process `syz.1.407'. [ 348.578581][ T7363] veth0_vlan: entered promiscuous mode [ 348.645872][ T7363] veth1_vlan: entered promiscuous mode [ 349.888847][ T5888] IPVS: starting estimator thread 0... [ 350.920545][ T7363] veth0_macvtap: entered promiscuous mode [ 351.577663][ T7739] IPVS: using max 25 ests per chain, 60000 per kthread [ 351.831266][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 351.831309][ T30] audit: type=1804 audit(1748947473.737:48): pid=7744 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.410" name="file0" dev="tmpfs" ino=605 res=1 errno=0 [ 352.322545][ T7363] veth1_macvtap: entered promiscuous mode [ 352.574378][ T7363] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 352.823225][ T7363] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 353.147853][ T7759] sctp: [Deprecated]: syz.1.414 (pid 7759) Use of int in max_burst socket option deprecated. [ 353.147853][ T7759] Use struct sctp_assoc_value instead [ 354.730469][ T7363] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.743280][ T7363] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.787667][ T7363] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.796458][ T7363] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.565258][ T6848] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 356.779684][ T6848] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 357.774415][ T7786] xt_CT: You must specify a L4 protocol and not use inversions on it [ 358.559042][ T6848] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 359.432305][ T6848] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 362.359038][ T5974] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 362.809990][ T7829] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 365.902846][ T6779] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 365.911972][ T6779] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 365.920188][ T6779] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 365.937601][ T6779] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 365.948003][ T6779] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 366.145132][ T7852] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 368.049070][ T6778] Bluetooth: hci4: command tx timeout [ 369.696216][ T6848] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.257517][ T6778] Bluetooth: hci4: command tx timeout [ 370.911004][ T6848] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.951265][ T7856] chnl_net:caif_netlink_parms(): no params data found [ 372.248414][ T7919] ptrace attach of "./syz-executor exec"[5849] was attempted by "\x09   Àÿ Àÿ Ðÿ àÿ ðÿ °ÿ Àÿ ÿÿÿÿ /dev/dlm-control /dev/adsp1 àxX¡       ÿÿ ÿÿÿÿ    $  \x0c   , @ (    ÿÿ ÿÿÿÿ    $ @@  \x0c   , @ ( [ 372.282380][ T6778] Bluetooth: hci4: command tx timeout [ 372.528740][ T7922] overlayfs: failed to resolve './file0': -2 [ 373.815571][ T6848] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 374.437569][ T6778] Bluetooth: hci4: command tx timeout [ 375.030931][ T6848] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 375.242036][ T30] audit: type=1326 audit(1748947497.177:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7942 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15798e969 code=0x7ffc0000 [ 375.321924][ T30] audit: type=1326 audit(1748947497.227:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7942 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa15798e969 code=0x7ffc0000 [ 375.345531][ T30] audit: type=1326 audit(1748947497.227:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7942 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15798e969 code=0x7ffc0000 [ 375.382565][ T30] audit: type=1326 audit(1748947497.227:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7942 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15798e969 code=0x7ffc0000 [ 375.420508][ T30] audit: type=1326 audit(1748947497.227:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7942 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa15798e969 code=0x7ffc0000 [ 375.978745][ T7945] Option ' ' to dns_resolver key: bad/missing value [ 376.010080][ T30] audit: type=1326 audit(1748947497.227:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7942 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15798e969 code=0x7ffc0000 [ 376.181873][ T30] audit: type=1326 audit(1748947497.227:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7942 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15798e969 code=0x7ffc0000 [ 376.277534][ T30] audit: type=1326 audit(1748947497.237:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7942 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa15798e969 code=0x7ffc0000 [ 376.317303][ T30] audit: type=1326 audit(1748947497.237:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7942 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15798e969 code=0x7ffc0000 [ 377.599094][ T30] audit: type=1326 audit(1748947497.237:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7942 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15798e969 code=0x7ffc0000 [ 377.627621][ T7856] bridge0: port 1(bridge_slave_0) entered blocking state [ 377.634822][ T7856] bridge0: port 1(bridge_slave_0) entered disabled state [ 379.018774][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.025152][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.703493][ T7856] bridge_slave_0: entered allmulticast mode [ 381.378362][ T7856] bridge_slave_0: entered promiscuous mode [ 381.773358][ T7856] bridge0: port 2(bridge_slave_1) entered blocking state [ 381.932297][ T7856] bridge0: port 2(bridge_slave_1) entered disabled state [ 381.940153][ T7856] bridge_slave_1: entered allmulticast mode [ 382.029030][ T7856] bridge_slave_1: entered promiscuous mode [ 386.840436][ T8016] overlayfs: failed to clone upperpath [ 386.855668][ T7856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 386.911004][ T7856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 388.361594][ T7856] team0: Port device team_slave_0 added [ 388.440234][ T7856] team0: Port device team_slave_1 added [ 389.287551][ T6848] bridge_slave_1: left allmulticast mode [ 389.293279][ T6848] bridge_slave_1: left promiscuous mode [ 389.656951][ T6848] bridge0: port 2(bridge_slave_1) entered disabled state [ 389.896271][ T6848] bridge_slave_0: left allmulticast mode [ 389.952663][ T6848] bridge_slave_0: left promiscuous mode [ 389.987015][ T6848] bridge0: port 1(bridge_slave_0) entered disabled state [ 391.577866][ T8059] use of bytesused == 0 is deprecated and will be removed in the future, [ 391.587686][ T8059] use the actual size instead. [ 394.442553][ T6846] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 399.487492][ T8105] loop4: detected capacity change from 0 to 8 [ 399.495098][ T8105] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 400.102063][ T7746] udevd[7746]: incorrect cramfs checksum on /dev/loop4 [ 400.524248][ T7745] udevd[7745]: incorrect cramfs checksum on /dev/loop4 [ 406.507842][ T6848] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 406.528563][ T6848] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 407.043278][ T6848] bond0 (unregistering): Released all slaves [ 407.265770][ T8128] netlink: 4 bytes leftover after parsing attributes in process `syz.1.496'. [ 410.763021][ T7856] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 411.711583][ T8162] loop4: detected capacity change from 0 to 32768 [ 411.727439][ T7856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 411.868108][ T7856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 411.946444][ T7856] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 411.985107][ T7856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 412.108565][ T7856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 415.593213][ T7856] hsr_slave_0: entered promiscuous mode [ 416.557954][ T7856] hsr_slave_1: entered promiscuous mode [ 416.673042][ T7856] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 416.717997][ T7856] Cannot create hsr debugfs directory [ 416.747842][ T8177] lo speed is unknown, defaulting to 1000 [ 416.756011][ T8177] lo speed is unknown, defaulting to 1000 [ 416.763001][ T8177] lo speed is unknown, defaulting to 1000 [ 416.783381][ T8177] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 416.814074][ T8177] lo speed is unknown, defaulting to 1000 [ 416.822316][ T8177] lo speed is unknown, defaulting to 1000 [ 416.831659][ T8177] lo speed is unknown, defaulting to 1000 [ 416.839609][ T8177] lo speed is unknown, defaulting to 1000 [ 416.847592][ T8177] lo speed is unknown, defaulting to 1000 [ 416.855688][ T8177] lo speed is unknown, defaulting to 1000 [ 418.891767][ T6848] hsr_slave_0: left promiscuous mode [ 419.007544][ T6848] hsr_slave_1: left promiscuous mode [ 419.040232][ T6848] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 419.768463][ T6848] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 419.920680][ T6848] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 420.033100][ T6848] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 421.005309][ T6848] veth1_macvtap: left promiscuous mode [ 421.197799][ T6848] veth0_macvtap: left promiscuous mode [ 421.211665][ T6848] veth1_vlan: left promiscuous mode [ 423.246790][ T6848] veth0_vlan: left promiscuous mode [ 424.493670][ T8241] trusted_key: syz.2.523 sent an empty control message without MSG_MORE. [ 425.629736][ T6778] Bluetooth: hci0: unexpected event for opcode 0x0401 [ 427.818218][ T36] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 428.412194][ T6779] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 428.423033][ T6779] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 428.446381][ T6779] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 428.457055][ T6779] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 428.466237][ T6779] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 428.784903][ T6848] team0 (unregistering): Port device team_slave_1 removed [ 428.830822][ T6848] team0 (unregistering): Port device team_slave_0 removed [ 429.753433][ T8270] overlayfs: failed to clone upperpath [ 430.523641][ T6779] Bluetooth: hci5: command tx timeout [ 431.264127][ T8269] loop4: detected capacity change from 0 to 2048 [ 431.358416][ T8280] siw: device registration error -23 [ 432.395078][ T8269] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 432.439985][ T8263] lo speed is unknown, defaulting to 1000 [ 432.598539][ T6779] Bluetooth: hci5: command tx timeout [ 433.434557][ T8291] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 433.623029][ T5847] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 433.823273][ T5888] IPVS: starting estimator thread 0... [ 433.937992][ T8302] IPVS: using max 26 ests per chain, 62400 per kthread [ 434.675096][ T8314] Cannot find add_set index 0 as target [ 434.977397][ T6779] Bluetooth: hci5: command tx timeout [ 437.459401][ T6779] Bluetooth: hci5: command tx timeout [ 438.316200][ T8263] chnl_net:caif_netlink_parms(): no params data found [ 440.060317][ T8364] overlayfs: failed to clone lowerpath [ 440.165642][ T8365] overlayfs: failed to clone upperpath [ 440.268711][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.275259][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.073682][ T66] bridge_slave_1: left allmulticast mode [ 442.132304][ T66] bridge_slave_1: left promiscuous mode [ 442.272433][ T66] bridge0: port 2(bridge_slave_1) entered disabled state [ 442.523127][ T66] bridge_slave_0: left allmulticast mode [ 442.566485][ T66] bridge_slave_0: left promiscuous mode [ 442.611150][ T66] bridge0: port 1(bridge_slave_0) entered disabled state [ 444.265093][ T8381] loop4: detected capacity change from 0 to 1024 [ 444.279084][ T6846] hfsplus: b-tree write err: -5, ino 4 [ 445.694851][ T66] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 445.771011][ T66] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 445.813452][ T66] bond0 (unregistering): Released all slaves [ 449.346362][ T8417] ecryptfs: Unknown parameter '³(' [ 450.857865][ T66] hsr_slave_0: left promiscuous mode [ 451.057607][ T8427] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 451.083167][ T66] hsr_slave_1: left promiscuous mode [ 451.557859][ T66] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 451.955132][ T66] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 453.955810][ T66] team0 (unregistering): Port device team_slave_1 removed [ 455.534539][ T66] team0 (unregistering): Port device team_slave_0 removed [ 457.027529][ T8263] bridge0: port 1(bridge_slave_0) entered blocking state [ 457.791787][ T8263] bridge0: port 1(bridge_slave_0) entered disabled state [ 457.804395][ T8263] bridge_slave_0: entered allmulticast mode [ 457.819193][ T8263] bridge_slave_0: entered promiscuous mode [ 458.054860][ T8449] netlink: 8 bytes leftover after parsing attributes in process `syz.3.563'. [ 458.981163][ T8263] bridge0: port 2(bridge_slave_1) entered blocking state [ 458.995173][ T8263] bridge0: port 2(bridge_slave_1) entered disabled state [ 459.814798][ T5989] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 459.838027][ T8263] bridge_slave_1: entered allmulticast mode [ 459.846403][ T8263] bridge_slave_1: entered promiscuous mode [ 460.501664][ T8263] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 460.776762][ T8263] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 463.963070][ T8263] team0: Port device team_slave_0 added [ 464.116892][ T8506] loop4: detected capacity change from 0 to 256 [ 464.763679][ T8506] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 464.774466][ T8506] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 464.815287][ T8263] team0: Port device team_slave_1 added [ 464.853912][ T8506] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 465.890658][ T8514] netlink: 8 bytes leftover after parsing attributes in process `syz.3.579'. [ 465.916817][ T8263] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 465.941016][ T8263] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 466.159138][ T8263] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 466.172629][ T8263] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 466.179680][ T8263] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 466.256063][ T8263] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 468.522247][ T8263] hsr_slave_0: entered promiscuous mode [ 468.738472][ T8534] loop4: detected capacity change from 0 to 4096 [ 469.505559][ T8263] hsr_slave_1: entered promiscuous mode [ 469.528343][ T8263] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 469.797434][ T8263] Cannot create hsr debugfs directory [ 469.804661][ T8548] netlink: 8 bytes leftover after parsing attributes in process `syz.3.586'. [ 470.152740][ T8554] overlayfs: failed to clone upperpath [ 471.608475][ T8567] netlink: 32 bytes leftover after parsing attributes in process `syz.2.590'. [ 472.211028][ T8567] netlink: 216 bytes leftover after parsing attributes in process `syz.2.590'. [ 472.220753][ T8567] netlink: 216 bytes leftover after parsing attributes in process `syz.2.590'. [ 472.233719][ T8567] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 474.287671][ T8581] loop4: detected capacity change from 0 to 256 [ 474.316654][ T8581] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 475.030025][ T8581] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 475.135936][ T8581] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x062de574, utbl_chksum : 0xe619d30d) [ 477.974179][ T8603] siw: device registration error -23 [ 479.134607][ T30] kauditd_printk_skb: 47 callbacks suppressed [ 479.134626][ T30] audit: type=1326 audit(1748947601.087:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8609 comm="syz.3.601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65c338e969 code=0x7ffc0000 [ 479.498509][ T30] audit: type=1326 audit(1748947601.087:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8609 comm="syz.3.601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65c338e969 code=0x7ffc0000 [ 480.530012][ T30] audit: type=1326 audit(1748947601.137:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8609 comm="syz.3.601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=139 compat=0 ip=0x7f65c338e969 code=0x7ffc0000 [ 481.064365][ T30] audit: type=1326 audit(1748947601.137:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8609 comm="syz.3.601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65c338e969 code=0x7ffc0000 [ 482.101025][ T30] audit: type=1326 audit(1748947601.137:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8609 comm="syz.3.601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65c338e969 code=0x7ffc0000 [ 482.124873][ T30] audit: type=1326 audit(1748947601.137:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8609 comm="syz.3.601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f65c338e969 code=0x7ffc0000 [ 482.201526][ T30] audit: type=1326 audit(1748947601.137:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8609 comm="syz.3.601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65c338e969 code=0x7ffc0000 [ 482.314702][ T30] audit: type=1326 audit(1748947601.137:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8609 comm="syz.3.601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65c338e969 code=0x7ffc0000 [ 482.923161][ T8634] netlink: 8 bytes leftover after parsing attributes in process `syz.4.604'. [ 482.983903][ T30] audit: type=1326 audit(1748947601.137:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8609 comm="syz.3.601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f65c338e969 code=0x7ffc0000 [ 483.046805][ T8263] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 483.076428][ T30] audit: type=1326 audit(1748947601.137:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8609 comm="syz.3.601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65c338e969 code=0x7ffc0000 [ 483.799692][ T5887] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 485.097167][ T5887] usb 4-1: config 0 has no interfaces? [ 485.230261][ T5887] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 485.375138][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 485.411146][ T5887] usb 4-1: Product: syz [ 485.415391][ T5887] usb 4-1: Manufacturer: syz [ 485.429515][ T5887] usb 4-1: SerialNumber: syz [ 485.459759][ T5887] usb 4-1: config 0 descriptor?? [ 487.786788][ T5887] usb 4-1: can't set config #0, error -71 [ 487.825700][ T5887] usb 4-1: USB disconnect, device number 2 [ 488.848322][ T6778] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 488.858710][ T6778] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 488.889063][ T6778] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 488.902662][ T6778] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 488.948485][ T6778] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 490.875980][ T8674] lo speed is unknown, defaulting to 1000 [ 491.247891][ T6778] Bluetooth: hci4: command tx timeout [ 492.338021][ T5989] bridge_slave_1: left allmulticast mode [ 492.830769][ T5989] bridge_slave_1: left promiscuous mode [ 492.838033][ T5989] bridge0: port 2(bridge_slave_1) entered disabled state [ 492.956139][ T5989] bridge_slave_0: left allmulticast mode [ 492.967342][ T5989] bridge_slave_0: left promiscuous mode [ 492.973213][ T5989] bridge0: port 1(bridge_slave_0) entered disabled state [ 493.317522][ T6778] Bluetooth: hci4: command tx timeout [ 494.057648][ T6702] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 495.274774][ T5989] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 495.287068][ T5989] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 495.299141][ T5989] bond0 (unregistering): Released all slaves [ 495.567279][ T6778] Bluetooth: hci4: command tx timeout [ 496.621355][ T5989] hsr_slave_0: left promiscuous mode [ 496.721636][ T5989] hsr_slave_1: left promiscuous mode [ 496.845616][ T5989] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 496.949986][ T8728] netlink: 'syz.3.625': attribute type 1 has an invalid length. [ 496.982935][ T5989] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 497.137893][ T8730] (syz.4.623,8730,0):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 497.147504][ T8730] (syz.4.623,8730,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 497.421685][ T8731] netlink: 8 bytes leftover after parsing attributes in process `syz.1.624'. [ 497.642384][ T6778] Bluetooth: hci4: command tx timeout [ 498.571908][ T5989] team0 (unregistering): Port device team_slave_1 removed [ 498.622235][ T5989] team0 (unregistering): Port device team_slave_0 removed [ 499.959350][ T8728] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 500.060455][ T8735] vlan2: entered allmulticast mode [ 500.075931][ T8735] veth1: entered allmulticast mode [ 501.644290][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.866715][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.173925][ T8674] chnl_net:caif_netlink_parms(): no params data found [ 503.218194][ T8372] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 504.081432][ T8372] usb 5-1: Using ep0 maxpacket: 8 [ 504.086813][ T8822] capability: warning: `syz.3.636' uses deprecated v2 capabilities in a way that may be insecure [ 504.095592][ T8372] usb 5-1: config 0 has an invalid interface number: 211 but max is 0 [ 504.107737][ T8372] usb 5-1: config 0 has no interface number 0 [ 504.114809][ T8372] usb 5-1: config 0 interface 211 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 504.152383][ T8372] usb 5-1: config 0 interface 211 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 504.214372][ T8372] usb 5-1: config 0 interface 211 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 504.228126][ T8372] usb 5-1: config 0 interface 211 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 504.475635][ T8372] usb 5-1: string descriptor 0 read error: -71 [ 504.515696][ T8372] usb 5-1: New USB device found, idVendor=12d1, idProduct=6ce6, bcdDevice=af.a8 [ 504.550629][ T8372] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 504.946224][ T8838] netlink: 696 bytes leftover after parsing attributes in process `syz.3.640'. [ 505.828581][ T8372] usb 5-1: config 0 descriptor?? [ 505.857491][ T8372] usb 5-1: can't set config #0, error -71 [ 506.067625][ T8372] usb 5-1: USB disconnect, device number 4 [ 506.117099][ T8674] bridge0: port 1(bridge_slave_0) entered blocking state [ 506.188127][ T8674] bridge0: port 1(bridge_slave_0) entered disabled state [ 506.233269][ T8674] bridge_slave_0: entered allmulticast mode [ 506.295140][ T8674] bridge_slave_0: entered promiscuous mode [ 506.320685][ T8674] bridge0: port 2(bridge_slave_1) entered blocking state [ 506.345387][ T8674] bridge0: port 2(bridge_slave_1) entered disabled state [ 506.365060][ T8674] bridge_slave_1: entered allmulticast mode [ 506.379196][ T8674] bridge_slave_1: entered promiscuous mode [ 506.408609][ T8847] netlink: 28 bytes leftover after parsing attributes in process `syz.3.641'. [ 506.435887][ T8847] netlink: 28 bytes leftover after parsing attributes in process `syz.3.641'. [ 507.781445][ T8852] Bluetooth: hci0: unsupported parameter 2327 [ 507.788397][ T8852] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 508.018008][ T8847] syz_tun: entered promiscuous mode [ 508.039166][ T8847] erspan0: entered promiscuous mode [ 509.101415][ T8674] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 509.367891][ T8674] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 513.333365][ T8674] team0: Port device team_slave_0 added [ 513.356570][ T8674] team0: Port device team_slave_1 added [ 513.499001][ T8905] xt_TCPMSS: Only works on TCP SYN packets [ 513.766654][ T8674] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 513.995018][ T8674] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 514.022200][ T8674] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 514.084792][ T8674] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 514.094768][ T8674] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 514.935910][ T8674] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 516.154953][ T8674] hsr_slave_0: entered promiscuous mode [ 516.338345][ T8674] hsr_slave_1: entered promiscuous mode [ 516.344851][ T8674] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 516.397001][ T8674] Cannot create hsr debugfs directory [ 516.657222][ T8933] loop4: detected capacity change from 0 to 256 [ 519.539570][ T8961] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 520.688117][ T8963] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 524.453004][ T8674] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 525.421421][ T8674] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 525.490628][ T9011] loop4: detected capacity change from 0 to 128 [ 526.037785][ T6778] Bluetooth: hci1: command 0x0406 tx timeout [ 526.538356][ T9011] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 526.572762][ T8674] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 526.627305][ T9011] ext4 filesystem being mounted at /151/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 526.674208][ T8674] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 526.752705][ T6848] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 527.143342][ T9026] syz.2.679: attempt to access beyond end of device [ 527.143342][ T9026] loop5: rw=0, sector=0, nr_sectors = 1 limit=0 [ 527.156253][ T9026] FAT-fs (loop5): unable to read boot sector [ 528.554594][ T5847] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 528.975383][ T9035] netlink: 'syz.2.682': attribute type 7 has an invalid length. [ 528.988921][ T8674] 8021q: adding VLAN 0 to HW filter on device bond0 [ 529.031092][ T8674] 8021q: adding VLAN 0 to HW filter on device team0 [ 529.098611][ T66] bridge0: port 1(bridge_slave_0) entered blocking state [ 529.105768][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state [ 529.542387][ T1152] bridge0: port 2(bridge_slave_1) entered blocking state [ 529.551080][ T1152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 530.910742][ T8674] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 531.361889][ T9059] sp0: Synchronizing with TNC [ 531.956661][ T9050] [U] è [ 533.487306][ T8674] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 533.590522][ T5887] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 533.762184][ T9083] uprobe: syz.2.689:9083 failed to unregister, leaking uprobe [ 533.788860][ T5887] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 533.831067][ T5887] usb 4-1: config 220 has 1 interface, different from the descriptor's value: 3 [ 533.862056][ T5887] usb 4-1: config 220 interface 0 has no altsetting 0 [ 533.891924][ T5887] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 533.931235][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 533.957513][ T5887] usb 4-1: Product: syz [ 533.969830][ T5887] usb 4-1: Manufacturer: syz [ 533.983555][ T5887] usb 4-1: SerialNumber: syz [ 535.451494][ T8674] veth0_vlan: entered promiscuous mode [ 535.517477][ T5887] usb 4-1: Found UVC 0.00 device syz (8086:0b07) [ 535.523953][ T5887] usb 4-1: No valid video chain found. [ 536.044911][ T8674] veth1_vlan: entered promiscuous mode [ 536.234765][ T5887] usb 4-1: USB disconnect, device number 3 [ 536.557564][ T9110] overlayfs: failed to clone upperpath [ 537.746472][ T8674] veth0_macvtap: entered promiscuous mode [ 537.933711][ T8674] veth1_macvtap: entered promiscuous mode [ 538.855908][ T8674] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 539.152091][ T9130] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.271268][ T8674] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 539.387251][ T9131] loop4: detected capacity change from 0 to 8 [ 539.669144][ T8674] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.679580][ T9122] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.707256][ T8674] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.871290][ T8674] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.880776][ T8674] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.896919][ T9134] uprobe: syz.3.699:9134 failed to unregister, leaking uprobe [ 539.920585][ T9131] SQUASHFS error: lzo decompression failed, data probably corrupt [ 539.930583][ T9122] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.737177][ T9131] SQUASHFS error: Failed to read block 0x91: -5 [ 540.743524][ T9131] SQUASHFS error: Unable to read metadata cache entry [8f] [ 540.783032][ T9131] SQUASHFS error: Unable to read inode 0x11f [ 541.187950][ T1170] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 541.903217][ T1170] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 541.928442][ T9148] netlink: 2 bytes leftover after parsing attributes in process `syz.1.701'. [ 542.192738][ T1170] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 542.236005][ T1170] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 542.736934][ T9162] fuse: Bad value for 'fd' [ 544.245253][ T9149] delete_channel: no stack [ 544.365979][ T6702] wlan0: Trigger new scan to find an IBSS to join [ 546.877735][ T9195] loop4: detected capacity change from 0 to 32768 [ 547.024207][ T9195] (syz.4.708,9195,0):ocfs2_load_local_alloc:339 ERROR: inconsistent detected, clean journal with unrecovered local alloc, please run fsck.ocfs2! [ 547.024207][ T9195] found = 2, set = 0, taken = 0, off = 0 [ 547.046342][ T9195] (syz.4.708,9195,0):ocfs2_load_local_alloc:356 ERROR: status = -22 [ 547.054470][ T9195] (syz.4.708,9195,0):ocfs2_check_volume:2404 ERROR: status = -22 [ 547.062398][ T9195] (syz.4.708,9195,0):ocfs2_check_volume:2432 ERROR: status = -22 [ 547.070239][ T9195] (syz.4.708,9195,0):ocfs2_mount_volume:1764 ERROR: status = -22 [ 547.110980][ T9195] (syz.4.708,9195,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 547.396712][ T9203] uprobe: syz.2.711:9203 failed to unregister, leaking uprobe [ 549.036289][ T36] wlan0: Trigger new scan to find an IBSS to join [ 550.705468][ T9228] loop5: detected capacity change from 0 to 2048 [ 551.786058][ T9228] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 551.957559][ T9228] ext4 filesystem being mounted at /4/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 552.035324][ T36] wlan0: Creating new IBSS network, BSSID 46:f3:42:c6:e7:4a [ 552.189550][ T9240] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 552.202181][ T9240] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 553.436621][ T8674] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 554.449239][ T30] kauditd_printk_skb: 28 callbacks suppressed [ 554.449281][ T30] audit: type=1800 audit(1748947676.397:144): pid=9257 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.719" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0 [ 558.590255][ T980] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 559.259167][ T980] usb 4-1: config 0 has an invalid interface number: 23 but max is 0 [ 559.284963][ T980] usb 4-1: config 0 has no interface number 0 [ 559.304280][ T980] usb 4-1: New USB device found, idVendor=03f0, idProduct=0307, bcdDevice= 0.01 [ 559.327221][ T980] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 559.335292][ T980] usb 4-1: Product: syz [ 559.376299][ T980] usb 4-1: Manufacturer: syz [ 559.397550][ T980] usb 4-1: SerialNumber: syz [ 559.414701][ T980] usb 4-1: config 0 descriptor?? [ 559.533736][ T980] ums-usbat 4-1:0.23: USB Mass Storage device detected [ 560.244497][ T30] audit: type=1326 audit(1748947682.197:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9308 comm="syz.4.733" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1d1f38e969 code=0x0 [ 560.827054][ T5888] usb 4-1: USB disconnect, device number 4 [ 563.082013][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.280287][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.298473][ T9332] netlink: 8 bytes leftover after parsing attributes in process `syz.2.737'. [ 564.336908][ T30] audit: type=1800 audit(1748947686.287:146): pid=9345 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.739" name="/" dev="fuse" ino=0 res=0 errno=0 [ 565.145575][ T9340] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 567.308203][ T9356] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 571.355228][ T9405] loop5: detected capacity change from 0 to 128 [ 572.018957][ T9405] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 573.010751][ T9405] ext4 filesystem being mounted at /12/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 574.618168][ T9428] netlink: 4 bytes leftover after parsing attributes in process `syz.4.757'. [ 574.627203][ T9428] netlink: 4 bytes leftover after parsing attributes in process `syz.4.757'. [ 574.630675][ T8674] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 574.636033][ T9428] netlink: 12 bytes leftover after parsing attributes in process `syz.4.757'. [ 582.097797][ T1163] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 585.184342][ T9516] loop5: detected capacity change from 0 to 128 [ 586.057368][ T9516] FAT-fs (loop5): invalid media value (0x00) [ 586.096134][ T9516] FAT-fs (loop5): This doesn't look like a DOS 1.x volume; no bootstrapping code [ 586.125151][ T9516] FAT-fs (loop5): Can't find a valid FAT filesystem [ 588.095738][ T9541] input: syz0 as /devices/virtual/input/input8 [ 588.276850][ T9542] overlayfs: failed to clone upperpath [ 589.667026][ T9550] loop4: detected capacity change from 0 to 1024 [ 593.098623][ T6846] hfsplus: b-tree write err: -5, ino 4 [ 593.917766][ T9579] loop4: detected capacity change from 0 to 32768 [ 593.983942][ T9579] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.790 (9579) [ 594.337718][ T9579] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 594.348542][ T9579] BTRFS info (device loop4): using sha256 (sha256-x86_64) checksum algorithm [ 594.559829][ T9579] BTRFS info (device loop4): rebuilding free space tree [ 594.776816][ T9579] BTRFS info (device loop4): disabling free space tree [ 594.784166][ T9579] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 594.794237][ T9579] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 596.299119][ T30] audit: type=1800 audit(1748947718.217:147): pid=9609 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.790" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 597.667226][ T9610] tty tty2: ldisc open failed (-12), clearing slot 1 [ 598.392223][ T5847] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 599.024827][ T9625] siw: device registration error -23 [ 603.106724][ T9655] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 604.605901][ T9664] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 606.046656][ T9679] Cannot find add_set index 2 as target [ 608.472294][ T9691] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 611.023500][ T9715] loop4: detected capacity change from 0 to 512 [ 611.036563][ T9715] EXT4-fs: inline encryption not supported [ 611.319317][ T9715] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 611.332610][ T9715] ext4 filesystem being mounted at /176/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 612.223713][ T9715] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 613.884790][ T6844] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 614.887477][ T9741] capability: warning: `syz.5.821' uses 32-bit capabilities (legacy support in use) [ 616.865045][ T9738] Bluetooth: hci4: command 0x0406 tx timeout [ 622.532301][ T9787] loop4: detected capacity change from 0 to 40427 [ 622.540979][ T9787] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 622.548890][ T9787] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 622.582572][ T9787] F2FS-fs (loop4): invalid crc value [ 622.788454][ T9787] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 622.795588][ T9787] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 623.057188][ T9797] overlayfs: failed to clone upperpath [ 623.759703][ T9794] loop5: detected capacity change from 0 to 2048 [ 623.884971][ T9794] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 623.967765][ T9794] ext4 filesystem being mounted at /24/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 624.439465][ T9812] 9pnet_fd: Insufficient options for proto=fd [ 624.564501][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.571274][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.908114][ T8674] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 626.108354][ T9823] xt_ecn: cannot match TCP bits for non-tcp packets [ 628.422278][ T9835] No control pipe specified [ 630.653718][ T9846] xt_TPROXY: Can be used only with -p tcp or -p udp [ 633.956978][ T9868] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 634.997366][ C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 639.166059][ T9904] netlink: 'syz.3.859': attribute type 1 has an invalid length. [ 639.173826][ T9904] netlink: 'syz.3.859': attribute type 2 has an invalid length. [ 643.177509][ T9936] netlink: 8 bytes leftover after parsing attributes in process `syz.3.867'. [ 644.696186][ T9941] loop5: detected capacity change from 0 to 2048 [ 644.738743][ T9941] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 644.801364][ T9941] NILFS (loop5): mounting unchecked fs [ 644.809872][ T8663] udevd[8663]: incorrect nilfs2 checksum on /dev/loop5 [ 644.936898][ T9941] NILFS (loop5): recovery complete [ 645.349748][ T9949] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 645.693366][ T9951] uprobe: syz.1.872:9951 failed to unregister, leaking uprobe [ 646.979995][ T30] audit: type=1800 audit(1748947768.587:148): pid=9956 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.869" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 647.009571][ T6844] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 652.567763][ T9998] mmap: syz.5.883 (9998) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 655.711094][T10011] loop4: detected capacity change from 0 to 40427 [ 655.800676][T10011] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 655.810743][T10011] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 656.005043][T10011] F2FS-fs (loop4): invalid crc value [ 657.357349][T10011] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 657.364555][T10011] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 659.686105][ T1170] kworker/u8:8: attempt to access beyond end of device [ 659.686105][ T1170] loop4: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 665.059936][T10070] mmap: syz.4.891 (10070): VmData 25989120 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 665.985719][T10074] loop4: detected capacity change from 0 to 16 [ 666.011434][T10074] erofs (device loop4): mounted with root inode @ nid 36. [ 668.853256][ T30] audit: type=1800 audit(1748947790.727:149): pid=10085 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.902" name="file3" dev="loop4" ino=89 res=0 errno=0 [ 668.897747][ T6778] erofs (device loop4): failed to decompress 6887 in[4096, 0] out[9000] [ 674.657325][ T30] audit: type=1326 audit(1748947796.567:150): auid=4294967295 uid=32768 gid=0 ses=4294967295 subj=unconfined pid=10125 comm="syz.5.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d2ed8e969 code=0x7ffc0000 [ 674.699768][ T30] audit: type=1326 audit(1748947796.567:151): auid=4294967295 uid=32768 gid=0 ses=4294967295 subj=unconfined pid=10125 comm="syz.5.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d2ed8e969 code=0x7ffc0000 [ 674.722395][ C0] vkms_vblank_simulate: vblank timer overrun [ 675.016673][T10134] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 675.043002][ C0] vkms_vblank_simulate: vblank timer overrun [ 675.053348][T10134] CIFS mount error: No usable UNC path provided in device string! [ 675.053348][T10134] [ 675.063970][T10134] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 675.680597][ T30] audit: type=1326 audit(1748947796.567:152): auid=4294967295 uid=32768 gid=0 ses=4294967295 subj=unconfined pid=10125 comm="syz.5.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1d2ed8e969 code=0x7ffc0000 [ 676.534324][ T30] audit: type=1326 audit(1748947796.567:153): auid=4294967295 uid=32768 gid=0 ses=4294967295 subj=unconfined pid=10125 comm="syz.5.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d2ed8e969 code=0x7ffc0000 [ 676.683429][ T30] audit: type=1326 audit(1748947796.567:154): auid=4294967295 uid=32768 gid=0 ses=4294967295 subj=unconfined pid=10125 comm="syz.5.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d2ed8e969 code=0x7ffc0000 [ 676.813948][ T30] audit: type=1326 audit(1748947796.567:155): auid=4294967295 uid=32768 gid=0 ses=4294967295 subj=unconfined pid=10125 comm="syz.5.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f1d2ed8e969 code=0x7ffc0000 [ 678.454651][T10157] netlink: 'syz.5.921': attribute type 21 has an invalid length. [ 678.463025][T10157] netlink: 128 bytes leftover after parsing attributes in process `syz.5.921'. [ 678.477156][T10157] netlink: 'syz.5.921': attribute type 5 has an invalid length. [ 678.485453][T10157] netlink: 'syz.5.921': attribute type 6 has an invalid length. [ 678.493751][T10157] netlink: 3 bytes leftover after parsing attributes in process `syz.5.921'. [ 679.338311][ T1163] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 681.925314][T10182] overlayfs: failed to clone upperpath [ 681.941048][T10175] loop5: detected capacity change from 0 to 128 [ 681.981826][T10175] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 682.245995][T10170] fuse: Bad value for 'fd' [ 683.084297][T10175] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 685.987093][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.993657][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 688.247327][ T10] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 688.428646][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 688.447237][ T10] usb 4-1: no configurations [ 688.451915][ T10] usb 4-1: can't read configurations, error -22 [ 688.627198][ T10] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 688.949430][T10224] netlink: 4 bytes leftover after parsing attributes in process `syz.4.938'. [ 690.056011][ T30] audit: type=1326 audit(1748947811.927:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10231 comm="syz.3.940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65c338e969 code=0x7ffc0000 [ 690.988382][ T30] audit: type=1326 audit(1748947811.927:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10231 comm="syz.3.940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65c338e969 code=0x7ffc0000 [ 691.139544][ T30] audit: type=1326 audit(1748947811.927:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10231 comm="syz.3.940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=445 compat=0 ip=0x7f65c338e969 code=0x7ffc0000 [ 691.162973][ T30] audit: type=1326 audit(1748947811.927:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10231 comm="syz.3.940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65c338e969 code=0x7ffc0000 [ 691.189607][ T30] audit: type=1326 audit(1748947811.927:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10231 comm="syz.3.940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65c338e969 code=0x7ffc0000 [ 691.235911][T10240] loop5: detected capacity change from 0 to 2048 [ 691.345578][T10245] uprobe: syz.2.931:10245 failed to unregister, leaking uprobe [ 691.368792][ T30] audit: type=1326 audit(1748947811.937:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10231 comm="syz.3.940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f65c338d2d0 code=0x7ffc0000 [ 692.359242][ T30] audit: type=1326 audit(1748947811.937:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10231 comm="syz.3.940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f65c3390197 code=0x7ffc0000 [ 692.381761][ T30] audit: type=1326 audit(1748947811.937:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10231 comm="syz.3.940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f65c338e969 code=0x7ffc0000 [ 692.405105][ T30] audit: type=1326 audit(1748947811.937:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10231 comm="syz.3.940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f65c3390197 code=0x7ffc0000 [ 692.796614][T10240] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 692.875188][T10224] bond0: (slave bond_slave_0): Releasing backup interface [ 693.105171][ T30] audit: type=1326 audit(1748947811.937:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10231 comm="syz.3.940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f65c338d5ca code=0x7ffc0000 [ 693.400232][T10262] @: renamed from vlan0 (while UP) [ 694.224128][ T8674] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 696.582533][T10286] loop5: detected capacity change from 0 to 1024 [ 696.590308][T10286] EXT4-fs: Ignoring removed nobh option [ 696.595940][T10286] EXT4-fs: Ignoring removed bh option [ 696.689891][T10286] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 697.319406][ T8674] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 697.570260][T10300] uprobe: syz.5.956:10300 failed to unregister, leaking uprobe [ 699.748619][T10307] tty tty31: ldisc open failed (-12), clearing slot 30 [ 700.474082][T10318] netlink: set zone limit has 4 unknown bytes [ 711.474715][T10397] syz.5.977: attempt to access beyond end of device [ 711.474715][T10397] loop5: rw=0, sector=1, nr_sectors = 1 limit=0 [ 711.494416][T10397] qnx4: unable to read the superblock [ 712.963550][T10402] netlink: 28 bytes leftover after parsing attributes in process `syz.1.979'. [ 714.381510][T10416] netlink: 28 bytes leftover after parsing attributes in process `syz.1.983'. [ 714.696386][T10421] loop4: detected capacity change from 0 to 512 [ 715.075003][T10421] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 715.117852][T10421] ext4 filesystem being mounted at /201/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 718.010121][ T5847] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 721.074601][T10470] netlink: 28 bytes leftover after parsing attributes in process `syz.5.991'. [ 721.094690][T10470] binder: 10446:10470 ioctl c0306201 0 returned -14 [ 729.267361][ T30] kauditd_printk_skb: 68 callbacks suppressed [ 729.267383][ T30] audit: type=1800 audit(1748947850.457:234): pid=10519 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1007" name="bus" dev="overlay" ino=1131 res=0 errno=0 [ 733.650428][T10543] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1013'. [ 735.261429][ T1152] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 738.199461][T10567] uprobe: syz.4.1020:10567 failed to unregister, leaking uprobe [ 739.461501][T10574] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1022'. [ 739.777665][ T9738] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 739.805248][ T9738] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 739.816332][ T9738] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 740.570022][T10574] 8021q: adding VLAN 0 to HW filter on device team1 [ 740.600130][T10586] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1024'. [ 740.609206][T10586] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1024'. [ 740.627641][ T9738] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 740.638811][ T9738] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 742.313297][T10605] loop4: detected capacity change from 0 to 1024 [ 742.686228][ T6778] Bluetooth: hci4: command tx timeout [ 742.737724][ T6850] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 742.993259][T10580] lo speed is unknown, defaulting to 1000 [ 743.455381][ T6850] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 744.556588][T10618] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 744.787540][ T6778] Bluetooth: hci4: command tx timeout [ 745.268349][ T6850] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 745.418015][T10632] uprobe: syz.1.1034:10632 failed to unregister, leaking uprobe [ 745.533722][ T6850] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 746.842486][ T6778] Bluetooth: hci4: command tx timeout [ 747.405389][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.412803][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.023110][T10652] sctp: [Deprecated]: syz.2.1038 (pid 10652) Use of int in max_burst socket option deprecated. [ 748.023110][T10652] Use struct sctp_assoc_value instead [ 748.841296][ T30] audit: type=1326 audit(1748947870.797:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10648 comm="syz.3.1039" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f65c338e969 code=0x0 [ 748.920747][ T6778] Bluetooth: hci4: command tx timeout [ 749.595798][ T6850] bridge_slave_1: left allmulticast mode [ 749.773684][ T6850] bridge_slave_1: left promiscuous mode [ 749.795215][ T6850] bridge0: port 2(bridge_slave_1) entered disabled state [ 750.567713][T10671] loop4: detected capacity change from 0 to 256 [ 750.575293][T10671] /dev/loop4: Can't open blockdev [ 751.618167][ T6850] bridge_slave_0: left allmulticast mode [ 751.624291][ T6850] bridge_slave_0: left promiscuous mode [ 751.808765][ T6850] bridge0: port 1(bridge_slave_0) entered disabled state [ 753.021343][T10694] xt_CT: You must specify a L4 protocol and not use inversions on it [ 754.790968][T10707] usb usb8: usbfs: process 10707 (syz.4.1049) did not claim interface 0 before use [ 754.812942][T10707] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1049'. [ 756.022478][ T6850] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 756.801274][ T6850] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 756.834965][ T6850] bond0 (unregistering): Released all slaves [ 757.120923][T10580] chnl_net:caif_netlink_parms(): no params data found [ 766.051200][T10800] syz.3.1069: attempt to access beyond end of device [ 766.051200][T10800] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 766.068375][T10800] hpfs: hpfs_map_sector(): read error [ 766.683303][T10783] can: request_module (can-proto-0) failed. [ 767.401606][T10580] bridge0: port 1(bridge_slave_0) entered blocking state [ 767.426028][T10580] bridge0: port 1(bridge_slave_0) entered disabled state [ 768.203324][T10580] bridge_slave_0: entered allmulticast mode [ 768.219132][T10580] bridge_slave_0: entered promiscuous mode [ 768.276928][T10819] netlink: 'syz.1.1075': attribute type 5 has an invalid length. [ 768.288540][T10580] bridge0: port 2(bridge_slave_1) entered blocking state [ 768.295783][T10580] bridge0: port 2(bridge_slave_1) entered disabled state [ 768.459713][T10580] bridge_slave_1: entered allmulticast mode [ 768.489162][T10580] bridge_slave_1: entered promiscuous mode [ 768.527777][ T1163] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 768.817584][ T30] audit: type=1326 audit(1748947890.517:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10823 comm="syz.1.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15798e969 code=0x7ffc0000 [ 770.004453][ T30] audit: type=1326 audit(1748947890.517:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10823 comm="syz.1.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15798e969 code=0x7ffc0000 [ 770.310733][ T30] audit: type=1326 audit(1748947890.517:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10823 comm="syz.1.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa15798e969 code=0x7ffc0000 [ 770.388913][ T30] audit: type=1326 audit(1748947890.517:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10823 comm="syz.1.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15798e969 code=0x7ffc0000 [ 770.473222][ T30] audit: type=1326 audit(1748947890.517:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10823 comm="syz.1.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15798e969 code=0x7ffc0000 [ 770.500376][ T30] audit: type=1326 audit(1748947890.517:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10823 comm="syz.1.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa15798e969 code=0x7ffc0000 [ 771.285674][ T6850] hsr_slave_0: left promiscuous mode [ 771.322664][ T6850] hsr_slave_1: left promiscuous mode [ 771.354036][ T6850] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 771.397692][ T30] audit: type=1326 audit(1748947890.517:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10823 comm="syz.1.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15798e969 code=0x7ffc0000 [ 771.420237][ T30] audit: type=1326 audit(1748947890.517:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10823 comm="syz.1.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15798e969 code=0x7ffc0000 [ 771.442987][ T30] audit: type=1326 audit(1748947890.517:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10823 comm="syz.1.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa15798e969 code=0x7ffc0000 [ 771.529131][ T30] audit: type=1326 audit(1748947890.517:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10823 comm="syz.1.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15798e969 code=0x7ffc0000 [ 771.693202][ T6850] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 771.713692][ T6850] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 771.729851][ T6850] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 771.990851][T10844] loop4: detected capacity change from 0 to 512 [ 772.037930][ T6850] veth1_macvtap: left promiscuous mode [ 772.043578][ T6850] veth0_macvtap: left promiscuous mode [ 772.049343][ T6850] veth1_vlan: left promiscuous mode [ 772.054754][ T6850] veth0_vlan: left promiscuous mode [ 773.368678][T10844] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 773.412520][T10844] ext4 filesystem being mounted at /220/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 773.866777][ T6778] Bluetooth: hci0: unexpected event for opcode 0x1405 [ 774.907736][ T5847] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 776.054172][T10875] loop4: detected capacity change from 0 to 512 [ 776.255387][T10875] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 776.328993][T10875] ext4 filesystem being mounted at /221/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 776.381761][ C0] vxcan1: j1939_tp_rxtimer: 0xffff888058ee1c00: rx timeout, send abort [ 776.393518][ C0] vxcan1: j1939_xtp_rx_abort_one: 0xffff888058ee1c00: 0x0f000: (3) A timeout occurred and this is the connection abort to close the session. [ 777.359743][ T5847] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 779.312859][ C1] hrtimer: interrupt took 42077 ns [ 779.347591][ T6850] team0 (unregistering): Port device team_slave_1 removed [ 779.694572][ T6850] team0 (unregistering): Port device team_slave_0 removed [ 784.524699][T10925] loop4: detected capacity change from 0 to 32768 [ 784.542016][T10925] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1101 (10925) [ 784.814356][T10925] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 784.825750][T10925] BTRFS info (device loop4): using sha256 (sha256-x86_64) checksum algorithm [ 785.002849][T10931] hub 1-0:1.0: USB hub found [ 785.017923][T10931] hub 1-0:1.0: 1 port detected [ 785.103187][T10925] BTRFS info (device loop4): using free-space-tree [ 786.376089][T10925] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 788.016929][ T30] kauditd_printk_skb: 19 callbacks suppressed [ 788.016950][ T30] audit: type=1804 audit(1748947909.967:265): pid=10956 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1104" name="/newroot/230/file1" dev="fuse" ino=1 res=1 errno=0 [ 788.565833][ T30] audit: type=1800 audit(1748947909.967:266): pid=10956 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1104" name="/" dev="fuse" ino=1 res=0 errno=0 [ 788.689578][ T30] audit: type=1800 audit(1748947909.967:267): pid=10956 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1104" name="/" dev="fuse" ino=1 res=0 errno=0 [ 791.852601][T10580] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 792.150629][T10580] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 792.704536][T10580] team0: Port device team_slave_0 added [ 792.743847][T10580] team0: Port device team_slave_1 added [ 792.834290][T11005] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1114'. [ 793.092429][T10580] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 793.186469][T11016] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1116'. [ 794.026452][T10580] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 794.224504][T10580] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 794.244554][T11010] batadv0: entered promiscuous mode [ 794.249903][T11010] batadv0: entered allmulticast mode [ 794.512733][T11015] syz.1.1117 (11015) used greatest stack depth: 17992 bytes left [ 795.000548][T11032] loop4: detected capacity change from 0 to 1024 [ 796.837303][ T6848] hfsplus: b-tree write err: -5, ino 4 [ 798.248013][ T36] bridge_slave_1: left allmulticast mode [ 798.253751][ T36] bridge_slave_1: left promiscuous mode [ 799.121593][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 800.160338][T11063] ptrace attach of "./syz-executor exec"[5849] was attempted by " [ 800.302972][ T36] bridge_slave_0: left allmulticast mode [ 800.551631][ T36] bridge_slave_0: left promiscuous mode [ 800.592300][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 800.629447][ T6779] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 800.642322][ T6779] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 800.654682][ T6779] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 800.788221][ T6779] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 800.796284][ T6779] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 802.719143][ T6779] Bluetooth: hci3: command 0x0406 tx timeout [ 802.738166][T11089] Bluetooth: MGMT ver 1.23 [ 802.847602][ T9738] Bluetooth: hci4: command tx timeout [ 803.298038][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 803.312124][T11094] ip6t_srh: unknown srh match flags 4000 [ 804.076517][T11101] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1133'. [ 804.323127][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 804.783481][ T1152] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 804.819286][ T36] bond0 (unregistering): Released all slaves [ 804.924060][ T9738] Bluetooth: hci4: command tx timeout [ 805.004288][T11066] lo speed is unknown, defaulting to 1000 [ 911.136992][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 911.144005][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P10/2:b..l [ 911.152373][ C1] rcu: (detected by 1, t=10506 jiffies, g=33529, q=390 ncpus=2) [ 911.160118][ C1] task:kworker/0:1 state:R running task stack:24296 pid:10 tgid:10 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 911.174691][ C1] Workqueue: mld mld_ifc_work [ 911.179562][ C1] Call Trace: [ 911.182860][ C1] [ 911.185820][ C1] __schedule+0x16f5/0x4d00 [ 911.190600][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 911.196603][ C1] ? preempt_schedule_common+0x83/0xd0 [ 911.202110][ C1] ? enqueue_to_backlog+0xa45/0xfa0 [ 911.207460][ C1] ? __pfx___schedule+0x10/0x10 [ 911.212372][ C1] ? eth_type_trans+0x3a8/0x760 [ 911.217354][ C1] ? netif_rx_internal+0x130/0x560 [ 911.222516][ C1] ? preempt_schedule+0xae/0xc0 [ 911.227407][ C1] ? __dev_queue_xmit+0x27e/0x3a70 [ 911.232554][ C1] preempt_schedule_common+0x83/0xd0 [ 911.237879][ C1] preempt_schedule+0xae/0xc0 [ 911.242598][ C1] ? __pfx_preempt_schedule+0x10/0x10 [ 911.248009][ C1] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 911.254177][ C1] preempt_schedule_thunk+0x16/0x30 [ 911.259417][ C1] __local_bh_enable_ip+0x13e/0x1c0 [ 911.264698][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 911.270464][ C1] ? __dev_queue_xmit+0x27e/0x3a70 [ 911.275605][ C1] ? __dev_queue_xmit+0x27e/0x3a70 [ 911.280749][ C1] ? __dev_queue_xmit+0x27e/0x3a70 [ 911.285895][ C1] __dev_queue_xmit+0x1cd7/0x3a70 [ 911.290969][ C1] ? __dev_queue_xmit+0x27e/0x3a70 [ 911.296120][ C1] ? fib_rules_lookup+0x96/0xe90 [ 911.301133][ C1] ? __pfx_fib_rules_lookup+0x10/0x10 [ 911.306536][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 911.311936][ C1] ? l3mdev_update_flow+0x4d1/0x640 [ 911.317225][ C1] ? look_up_lock_class+0x74/0x170 [ 911.322394][ C1] ? register_lock_class+0x51/0x320 [ 911.327652][ C1] ? __lock_acquire+0xab9/0xd20 [ 911.332596][ C1] ? ip6_finish_output2+0xf99/0x16a0 [ 911.337975][ C1] ip6_finish_output2+0x11bc/0x16a0 [ 911.343208][ C1] ? ip6_finish_output2+0x701/0x16a0 [ 911.348530][ C1] ? __pfx_ip6_finish_output2+0x10/0x10 [ 911.354110][ C1] ? ip6_mtu+0x7d/0x3f0 [ 911.358336][ C1] ? ip6_mtu+0x7d/0x3f0 [ 911.362521][ C1] ip6_finish_output+0x234/0x7d0 [ 911.367495][ C1] NF_HOOK+0x9e/0x380 [ 911.371515][ C1] ? NF_HOOK+0x101/0x380 [ 911.375782][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 911.380838][ C1] ? __pfx_dst_output+0x10/0x10 [ 911.385814][ C1] ? icmp6_dst_alloc+0x3a5/0x420 [ 911.390834][ C1] ? icmp6_dst_alloc+0x3a5/0x420 [ 911.395910][ C1] mld_sendpack+0x800/0xd80 [ 911.400488][ C1] ? mld_sendpack+0x1de/0xd80 [ 911.405201][ C1] ? __pfx_mld_sendpack+0x10/0x10 [ 911.410280][ C1] mld_ifc_work+0x835/0xde0 [ 911.414816][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 911.420055][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 911.425841][ C1] process_scheduled_works+0xae1/0x17b0 [ 911.431451][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 911.437497][ C1] worker_thread+0x8a0/0xda0 [ 911.442143][ C1] kthread+0x70e/0x8a0 [ 911.446245][ C1] ? __pfx_worker_thread+0x10/0x10 [ 911.451379][ C1] ? __pfx_kthread+0x10/0x10 [ 911.456000][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 911.461315][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 911.466546][ C1] ? __pfx_kthread+0x10/0x10 [ 911.471162][ C1] ret_from_fork+0x3fc/0x770 [ 911.475814][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 911.480968][ C1] ? __switch_to_asm+0x39/0x70 [ 911.485755][ C1] ? __switch_to_asm+0x33/0x70 [ 911.490541][ C1] ? __pfx_kthread+0x10/0x10 [ 911.495156][ C1] ret_from_fork_asm+0x1a/0x30 [ 911.499964][ C1] [ 911.503005][ C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 10505 jiffies! g33529 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 [ 911.515351][ C1] rcu: Possible timer handling issue on cpu=0 timer-softirq=56794 [ 911.523255][ C1] rcu: rcu_preempt kthread starved for 10506 jiffies! g33529 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0 [ 911.534726][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 911.544709][ C1] rcu: RCU grace-period kthread stack dump: [ 911.550606][ C1] task:rcu_preempt state:I stack:27128 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 911.562587][ C1] Call Trace: [ 911.565885][ C1] [ 911.568839][ C1] __schedule+0x16f5/0x4d00 [ 911.573397][ C1] ? schedule+0x165/0x360 [ 911.577771][ C1] ? __pfx___schedule+0x10/0x10 [ 911.582674][ C1] ? schedule+0x91/0x360 [ 911.586953][ C1] schedule+0x165/0x360 [ 911.591142][ C1] schedule_timeout+0x12b/0x270 [ 911.596022][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 911.601426][ C1] ? __pfx_process_timeout+0x10/0x10 [ 911.606801][ C1] ? prepare_to_swait_event+0x341/0x380 [ 911.612382][ C1] rcu_gp_fqs_loop+0x301/0x1540 [ 911.617280][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 911.622247][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 911.627478][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 911.632791][ C1] ? _raw_spin_unlock_irq+0x2e/0x50 [ 911.638024][ C1] ? finish_swait+0xcd/0x1f0 [ 911.642642][ C1] rcu_gp_kthread+0x99/0x390 [ 911.647273][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 911.652505][ C1] ? __kthread_parkme+0x7b/0x200 [ 911.657477][ C1] ? __kthread_parkme+0x1a1/0x200 [ 911.662531][ C1] kthread+0x70e/0x8a0 [ 911.666674][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 911.671905][ C1] ? __pfx_kthread+0x10/0x10 [ 911.676524][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 911.681751][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 911.686977][ C1] ? __pfx_kthread+0x10/0x10 [ 911.691601][ C1] ret_from_fork+0x3fc/0x770 [ 911.696230][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 911.701382][ C1] ? __switch_to_asm+0x39/0x70 [ 911.706172][ C1] ? __switch_to_asm+0x33/0x70 [ 911.710965][ C1] ? __pfx_kthread+0x10/0x10 [ 911.715585][ C1] ret_from_fork_asm+0x1a/0x30 [ 911.720391][ C1] [ 911.723441][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 911.729789][ C1] Sending NMI from CPU 1 to CPUs 0: [ 911.735031][ C0] NMI backtrace for cpu 0 [ 911.735052][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.15.0-next-20250603-syzkaller #0 PREEMPT(full) [ 911.735073][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 911.735087][ C0] RIP: 0010:advance_sched+0x1f1/0xc90 [ 911.735165][ C0] Code: c0 be ff ff ff ff e8 3e 52 e0 01 89 c3 31 ff 89 c6 e8 e3 b9 3a f8 85 db 0f 84 68 06 00 00 e8 96 b5 3a f8 eb 05 e8 8f b5 3a f8 <49> 8d 5c 24 f8 48 89 d9 48 c1 e9 03 48 b8 00 00 00 00 00 fc ff df [ 911.735180][ C0] RSP: 0018:ffffc90000007c70 EFLAGS: 00000006 [ 911.735196][ C0] RAX: ffffffff8985aa1a RBX: 0000000000000001 RCX: ffffffff8de95280 [ 911.735208][ C0] RDX: 0000000000010000 RSI: 0000000000000001 RDI: 0000000000000000 [ 911.735220][ C0] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000004 [ 911.735231][ C0] R10: dffffc0000000000 R11: fffff52000000f7c R12: ffff888078ca4340 [ 911.735244][ C0] R13: ffff888078ca4000 R14: ffff888078ca4330 R15: ffff888055651800 [ 911.735258][ C0] FS: 0000000000000000(0000) GS:ffff888125c53000(0000) knlGS:0000000000000000 [ 911.735272][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 911.735284][ C0] CR2: 00007fd6071ed43c CR3: 00000000755b6000 CR4: 00000000003526f0 [ 911.735300][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 911.735311][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 911.735322][ C0] Call Trace: [ 911.735330][ C0] [ 911.735340][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 911.735374][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 911.735414][ C0] ? __pfx_advance_sched+0x10/0x10 [ 911.735439][ C0] __hrtimer_run_queues+0x52c/0xc60 [ 911.735479][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 911.735505][ C0] ? read_tsc+0x9/0x20 [ 911.735532][ C0] hrtimer_interrupt+0x45b/0xaa0 [ 911.735575][ C0] __sysvec_apic_timer_interrupt+0x108/0x410 [ 911.735606][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 911.735633][ C0] [ 911.735638][ C0] [ 911.735645][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 911.735690][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 911.735715][ C0] Code: c3 d4 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 43 35 22 00 f3 0f 1e fa fb f4 98 d4 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 911.735730][ C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c6 [ 911.735745][ C0] RAX: 32adffee00e5ba00 RBX: ffffffff81976058 RCX: 32adffee00e5ba00 [ 911.735758][ C0] RDX: 0000000000000001 RSI: ffffffff8d982532 RDI: ffffffff8be29c00 [ 911.735771][ C0] RBP: ffffffff8de07ea8 R08: ffff8880b8632f5b R09: 1ffff110170c65eb [ 911.735784][ C0] R10: dffffc0000000000 R11: ffffed10170c65ec R12: ffffffff8fa124f0 [ 911.735797][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50 [ 911.735812][ C0] ? do_idle+0x1e8/0x510 [ 911.735833][ C0] default_idle+0x13/0x20 [ 911.735849][ C0] default_idle_call+0x74/0xb0 [ 911.735866][ C0] do_idle+0x1e8/0x510 [ 911.735886][ C0] ? __pfx_do_idle+0x10/0x10 [ 911.735910][ C0] cpu_startup_entry+0x44/0x60 [ 911.735927][ C0] rest_init+0x2de/0x300 [ 911.735944][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 911.736026][ C0] start_kernel+0x47d/0x500 [ 911.736087][ C0] x86_64_start_reservations+0x24/0x30 [ 911.736110][ C0] x86_64_start_kernel+0x143/0x1c0 [ 911.736132][ C0] common_startup_64+0x13e/0x147 [ 911.736161][ C0]