last executing test programs: 9m51.206247008s ago: executing program 1 (id=1100): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sendto(0xffffffffffffffff, 0x0, 0x0, 0x4000000, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3a) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_int(r3, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) ioctl$int_in(r3, 0x5452, &(0x7f0000000040)=0x7fff) sendto$inet6(r3, &(0x7f00000000c0)="e9", 0x1, 0x20008045, &(0x7f00000001c0)={0xa, 0x2, 0x1000, @empty}, 0x1c) syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f0000001180)=ANY=[], 0x1, 0x183, &(0x7f0000000500)="$eJzskrGO00AQhr+1neSA4wQS1TV3xUlAgez4ANFxZejpaLASEyISROJIkCiFEUIpKBAlT5DXQOIFoEA8QOoUETUy2t2x5YRHuP2K/TP/zs7uTPwyG2ct4O920eUCg88RP5UiAE6U9Tae1S+iv0Q/W+GH5D0R/4PocTabNyXnlJvWeJUMh+nkFPhjvMrKHr/32JhSv+XQc6AoigI8eqDTOSxztouuD4yrHDgO4JZpoqhydCM6uA2E09GbMJvN7w1GST/tp69j//xhdD+KHsThi8EwjeyqaldIK2i9C7QOxEgOzX4D+CjWVXZRtafJvrrCM8razXKGR4p9vNrZUhXfqne1KP8veHoB+llvc1Vzz0yVANNSB4UvQTuovc/edWA2wmvQW6JQ5bEVQVWjvaZRBXE9OH+Uc92WWkrJM9GO6Ep0LXqy98kEuV4/SXQnhybvkul00tZDsr8acnYSV158I68PTN/61dtt7rv332wdDofD4XA4HA6H47LxLwAA///evHHK") r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r4, &(0x7f0000001fc0)=""/184, 0x20002078) shutdown(r3, 0x1) 9m50.12706761s ago: executing program 1 (id=1102): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000fc0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = openat$fb0(0xffffffffffffff9c, 0x0, 0x402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r6, 0x0) recvmsg$unix(r5, 0x0, 0x40000300) close_range(r0, 0xffffffffffffffff, 0x200000000000000) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') 9m47.333040684s ago: executing program 1 (id=1106): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_clone3(0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) bind$alg(0xffffffffffffffff, 0x0, 0x0) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0x3) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) chmod(0x0, 0x20e) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) ptrace$pokeuser(0x6, r3, 0x358, 0x0) syz_usb_connect$cdc_ecm(0x5, 0x5d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000020000102505a1a440000000010109024b0001010070f9090400001702020009052406000005240004000d"], 0x0) 9m35.790519749s ago: executing program 1 (id=1117): socket$key(0xf, 0x3, 0x2) openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendto$inet6(r2, &(0x7f0000000040)='l', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)='5', 0x1, 0x20000000, 0x0, 0x0) mmap(&(0x7f00000f8000/0x1000)=nil, 0x1000, 0x2, 0x80010, r1, 0x3000) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x1) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x1c, 0x0, &(0x7f0000000040)=[@free_buffer, @exit_looper, @dead_binder_done], 0x54, 0x0, &(0x7f0000000100)="d73438587cb3a623fd8ee905e684fde28aea60592a03b7ec818dc884a0444fe71fca81497f44d5c5103915620fa908bb58537bcec2fccf1896aa399773300d53147fe686b8f0784f7bef1841c2a46d758265bf81"}) r5 = epoll_create(0xd751) epoll_pwait(r5, &(0x7f00000000c0)=[{}], 0x1, 0xef19, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000500)={0x1}) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000000)={0x11, @empty, 0x8000, 0x8000, 'none\x00', 0x10, 0x2}, 0x2c) getsockopt$IP_VS_SO_GET_SERVICE(r3, 0x0, 0x483, &(0x7f0000000000), &(0x7f0000000180)=0x68) 9m29.45924266s ago: executing program 1 (id=1127): socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000088}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x80000, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$tty1(0xc, 0x4, 0x1) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2) connect$inet6(r0, &(0x7f0000000200)={0xa, 0xfffc, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) r5 = io_uring_setup(0x7, 0x0) sendfile(r5, r0, 0x0, 0x6208) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r5, 0x7, &(0x7f0000000000), 0x1) 9m26.592967488s ago: executing program 1 (id=1129): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0xffffffffffffffff}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x5) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x10, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0xa, &(0x7f0000000180), 0x4) recvmsg$unix(0xffffffffffffffff, 0x0, 0x2082) unshare(0x62040200) socket$nl_route(0x10, 0x3, 0x0) syz_open_procfs(0x0, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000540)=ANY=[@ANYBLOB], 0x0) syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file1\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x365, &(0x7f0000000700)="$eJzs3c9rM0UYwPEnaZI3SWmTgygK0sFe9LK00bMYpAUhYGkbsRWEbbvRkDUp2VCNiG1PXsW7J8FD6c2Ch4L2H+jFm15E8NaL4MEe1JX9lWySTWtD0mj7/cBLJjPzbGZ3Ji/Pptns1duff1CrWFpFb0k8rSQmInItkpe4BGL+Y9wtpyTsSF6a/f3H5ze2ymmvQq0WN18uKKXmF7778JOM3+38iVzm3736rfDr5dOXz179vfl+1VJVS9UbLaWrncbPLX3HNNRe1appSq2Zhm4Zqlq3jKbX/o2/HbOxv99Wen1vLrvfNCxL6fW2qhlt1WqoVrOt9Pf0al1pmqbmsoLblE/W1/XiiMG7Yx4MJqTZLOozIpIZaCmfTGVAAABgqvrz/7iT0o+S/2/LfKm0sq6czt38//SFi9bsW2fzfv5/norK/1/5ydtWT/7vnE508/+Gd35QuT3//1LukP8PZkSPy8j5f34Cg8FoFlIDVbGeZ07+n/Xfv67jd06X3AL5PwAAAAAAAAAAAAAAAAAAAAAA/wfXtp2zbTsXPAb/upcQ+M/xIA2b/yciknZm32b+H7KNrW1JuxfuOXNsfnZQPih7j36HCxExxfjL7uesjeDKI+XIy/fmoR9/eFCecVuKFak68bIsOcm76ykUb9urb5RWlpXHj+9cppQNxxckJ0+F4791V6cTX+iN918/JS8uhuI1yckPu9IQU/bcyO7rf7qs1OtvlvriM24/Efnl3icFAAAAAIAx01RH5Pm7pg1r935lpFhxPyYyZEly8mf0+f1S5Pl5IvdcYtp7DwAAAADA42C1P67pEjeabsE0owoZGdo0hkKipyYpIpGdU301yZu2PBPaw387npT3fZfY3aJM00j3dv4qOKp3OQjBFymcgXea/DuqyGiHN9h/tyaWGH2aYkfiLoCjcFNchkQlQzWJ/sEvOBUq8rUWhw7j2N+RTk3wsVFqyHGWtcHtxG+Y0+RAjR0bbT0/88XXf4zvDfLqmb8CPrq987Fp2IcybFJuXL1RUclJ/78DAAAA4P51k/6g5rVwc/hGIuGb5fCXewAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxmgiP+nXV5j2PgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Ff8EAAD//7vA8MY=") umount2(&(0x7f0000000200)='./file0\x00', 0xc) unshare(0x2c040000) 9m9.9619771s ago: executing program 32 (id=1129): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0xffffffffffffffff}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x5) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x10, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0xa, &(0x7f0000000180), 0x4) recvmsg$unix(0xffffffffffffffff, 0x0, 0x2082) unshare(0x62040200) socket$nl_route(0x10, 0x3, 0x0) syz_open_procfs(0x0, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000540)=ANY=[@ANYBLOB], 0x0) syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file1\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x365, &(0x7f0000000700)="$eJzs3c9rM0UYwPEnaZI3SWmTgygK0sFe9LK00bMYpAUhYGkbsRWEbbvRkDUp2VCNiG1PXsW7J8FD6c2Ch4L2H+jFm15E8NaL4MEe1JX9lWySTWtD0mj7/cBLJjPzbGZ3Ji/Pptns1duff1CrWFpFb0k8rSQmInItkpe4BGL+Y9wtpyTsSF6a/f3H5ze2ymmvQq0WN18uKKXmF7778JOM3+38iVzm3736rfDr5dOXz179vfl+1VJVS9UbLaWrncbPLX3HNNRe1appSq2Zhm4Zqlq3jKbX/o2/HbOxv99Wen1vLrvfNCxL6fW2qhlt1WqoVrOt9Pf0al1pmqbmsoLblE/W1/XiiMG7Yx4MJqTZLOozIpIZaCmfTGVAAABgqvrz/7iT0o+S/2/LfKm0sq6czt38//SFi9bsW2fzfv5/norK/1/5ydtWT/7vnE508/+Gd35QuT3//1LukP8PZkSPy8j5f34Cg8FoFlIDVbGeZ07+n/Xfv67jd06X3AL5PwAAAAAAAAAAAAAAAAAAAAAA/wfXtp2zbTsXPAb/upcQ+M/xIA2b/yciknZm32b+H7KNrW1JuxfuOXNsfnZQPih7j36HCxExxfjL7uesjeDKI+XIy/fmoR9/eFCecVuKFak68bIsOcm76ykUb9urb5RWlpXHj+9cppQNxxckJ0+F4791V6cTX+iN918/JS8uhuI1yckPu9IQU/bcyO7rf7qs1OtvlvriM24/Efnl3icFAAAAAIAx01RH5Pm7pg1r935lpFhxPyYyZEly8mf0+f1S5Pl5IvdcYtp7DwAAAADA42C1P67pEjeabsE0owoZGdo0hkKipyYpIpGdU301yZu2PBPaw387npT3fZfY3aJM00j3dv4qOKp3OQjBFymcgXea/DuqyGiHN9h/tyaWGH2aYkfiLoCjcFNchkQlQzWJ/sEvOBUq8rUWhw7j2N+RTk3wsVFqyHGWtcHtxG+Y0+RAjR0bbT0/88XXf4zvDfLqmb8CPrq987Fp2IcybFJuXL1RUclJ/78DAAAA4P51k/6g5rVwc/hGIuGb5fCXewAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxmgiP+nXV5j2PgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Ff8EAAD//7vA8MY=") umount2(&(0x7f0000000200)='./file0\x00', 0xc) unshare(0x2c040000) 4m49.325870097s ago: executing program 2 (id=1492): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendto$llc(0xffffffffffffffff, 0x0, 0x0, 0x8005, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) shmdt(0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000180)=0x1, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000240)={'vlan0\x00', &(0x7f0000000200)=@ethtool_cmd={0x4f, 0x8001, 0x1a9, 0x0, 0x8, 0x7, 0x3, 0x40, 0x4, 0x1, 0x1, 0x1, 0x7, 0x10, 0xf, 0x1ff, [0x1a121cef, 0x3]}}) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x800, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 4m47.320227954s ago: executing program 2 (id=1496): socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) close(0x3) sched_setscheduler(0x0, 0x2, &(0x7f0000000440)=0x7) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xc1) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000001280)={0xffffffffffffffff, 0x0, {0x2a12, 0x80010000, 0x0, 0x8, 0x1, 0x0, 0x0, 0x19, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea80000000000000000000000deff0000100000000000000000000000000800", "2866e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f000061ac00000000000000f500", "90be8b1c55f96400", [0x8a2]}}) r4 = socket$nl_generic(0x10, 0x3, 0x10) shmget$private(0x0, 0x3000, 0x2, &(0x7f0000ffd000/0x3000)=nil) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000006040), r4) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000006080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000006180)={0x0, 0x0, &(0x7f0000006140)={&(0x7f0000000200)={0x4c, r5, 0x11, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r6}, @val={0xc, 0x99, {0xfffffffb, 0x2d}}}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @NL80211_ATTR_IFNAME={0x14, 0x4, 'pimreg\x00'}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_ACTIVE={0x4}]}]]}, 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x10) 4m45.714068438s ago: executing program 2 (id=1498): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x800) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x43) ftruncate(r5, 0x2007ffb) r6 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x200) r7 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) sendfile(r7, r6, 0x0, 0x7ffff000) creat(&(0x7f0000000000)='./bus\x00', 0x48) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x4048010}, 0x0) 4m41.779603668s ago: executing program 2 (id=1501): syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0xed, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x6) ioprio_get$uid(0x3, 0x0) open$dir(0x0, 0x48000, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x14, 0x2, 0x8, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x4080}, 0x4008050) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe3}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r4, &(0x7f0000004a80), 0x0, 0x400c0) sendto$inet(r4, &(0x7f0000000580)="17", 0x1d4c, 0x10048095, 0x0, 0x0) 4m39.711614739s ago: executing program 2 (id=1507): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, 0x0, 0x48) recvmsg$unix(r5, &(0x7f00000003c0)={0x0, 0xffffffffffffff04, &(0x7f0000002380)=[{&(0x7f0000002480)=""/195, 0xc3}], 0x1}, 0x2000) shutdown(r4, 0x2) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) syz_open_dev$ptys(0xc, 0x3, 0x1) syz_open_dev$loop(&(0x7f0000000000), 0xae1, 0x80) syz_open_dev$loop(&(0x7f00000000c0), 0xf, 0x183a43) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$KDSKBENT(r6, 0x4b47, &(0x7f0000000400)={0x0, 0x83, 0xf00}) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x5, 0x110, r6, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x6, &(0x7f0000000000/0x400000)=nil) 4m37.46798953s ago: executing program 2 (id=1510): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) sendmsg$RDMA_NLDEV_CMD_RES_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x10}, 0x1, 0x0, 0x0, 0x40009}, 0x40800) write$P9_RXATTRWALK(0xffffffffffffffff, &(0x7f0000000100)={0xf, 0x1f, 0x2, 0x2}, 0x51) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000161000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x498, &(0x7f0000000300)={0x0, 0x9834, 0x8, 0x8000, 0xb}, 0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) accept4(r4, 0x0, 0x0, 0x800) syz_io_uring_submit(0x0, r3, 0x0) io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x30) prlimit64(0x0, 0x6, &(0x7f0000000140)={0x0, 0x4}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r5 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x8, 0xc1}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02080000040000000100000009000100000000", @ANYRES32, @ANYBLOB='\x00\x00'], 0x48) io_uring_enter(r5, 0x2219, 0x7721, 0x16, 0x0, 0x0) 4m21.06195274s ago: executing program 33 (id=1510): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) sendmsg$RDMA_NLDEV_CMD_RES_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x10}, 0x1, 0x0, 0x0, 0x40009}, 0x40800) write$P9_RXATTRWALK(0xffffffffffffffff, &(0x7f0000000100)={0xf, 0x1f, 0x2, 0x2}, 0x51) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000161000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x498, &(0x7f0000000300)={0x0, 0x9834, 0x8, 0x8000, 0xb}, 0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) accept4(r4, 0x0, 0x0, 0x800) syz_io_uring_submit(0x0, r3, 0x0) io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x30) prlimit64(0x0, 0x6, &(0x7f0000000140)={0x0, 0x4}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r5 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x8, 0xc1}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02080000040000000100000009000100000000", @ANYRES32, @ANYBLOB='\x00\x00'], 0x48) io_uring_enter(r5, 0x2219, 0x7721, 0x16, 0x0, 0x0) 19.756010914s ago: executing program 4 (id=1803): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40000) getpgid(0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001800)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x0, 0x0, 0x1, 0x7}, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r3 = socket$inet(0x2, 0x3, 0x9) sendmmsg$inet(r3, &(0x7f0000000c80)=[{{&(0x7f0000000000)={0x2, 0x12, @remote}, 0x10, 0x0}}, {{&(0x7f00000001c0)={0x2, 0x0, @private}, 0x10, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000000000000000000007000000860c0000000301"], 0x20}}], 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000380)={0x0}, 0x1, 0x0, 0x0, 0xe3d61e193265878f}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000200)={'netdevsim0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000300)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {0x0, 0xfffe}, {0xfff1, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x81d4) 19.755523613s ago: executing program 5 (id=1804): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = add_key$keyring(&(0x7f0000000340), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$restrict_keyring(0xa, r3, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000380)='dx\xeb\xf4\xd8&w\xef\xcd1w\xfd2\x19x\xcc\x8d\xabN\xea\xd1\xea\xfa\xc3u\xcdMB\xb2m\xe5Bq\xe3\x9a~\xbe3\xd7\xb1\x16\x8b\xb9\xb6\xc6u\x0f9S\x05\x83n\x01\xa1\x1c\x82\\fsa<\xcd\x18}=A{\x17\xd0\x95\xbd25N\b^\x8eFsTvd)\xad') sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = add_key$keyring(&(0x7f00000001c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe) r5 = add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, r4) keyctl$KEYCTL_MOVE(0x1e, r4, r4, r5, 0x0) r6 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x6a, 0x4) bind$inet(r6, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x41, &(0x7f0000000040)=0x100, 0x5) connect$inet(r6, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, 0x0, 0x0) sendto(r6, 0x0, 0x0, 0x4008044, 0x0, 0x0) write$binfmt_misc(r6, 0x0, 0x0) sendto$inet(r6, 0x0, 0x0, 0x0, 0x0, 0x0) 17.323492526s ago: executing program 5 (id=1807): r0 = epoll_create(0x7) epoll_create1(0x0) r1 = epoll_create(0x7) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000100)) r3 = epoll_create1(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x202) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r8, 0xc08c5332, &(0x7f0000000780)={0xfffffffe, 0x0, 0x0, 'queue0\x00', 0x48}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r8, 0x40bc5311, &(0x7f0000000100)={0x80, 0x1, 'client1\x00', 0xffffffff80000004, "00000000ffffffe3", "71a19060009f0000000000005c4100a0200010040400", 0x800000, 0x40}) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$ENABLE_STATS(0x20, 0x0, 0x0) write$sndseq(r8, 0x0, 0x0) accept4$bt_l2cap(r7, 0x0, 0x0, 0x80800) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)={0x60000000}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r3, &(0x7f0000000080)={0x1008}) 17.202192053s ago: executing program 4 (id=1809): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, 0x0) bind$can_j1939(r3, &(0x7f0000000340)={0x1d, 0x0, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) 15.20115355s ago: executing program 5 (id=1810): syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(0xffffffffffffffff, 0xc0a85322, &(0x7f0000000240)) r3 = socket(0x40000000015, 0x5, 0x0) recvmmsg(r3, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x43, 0x0) pidfd_getfd(r2, r2, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x104000, 0x0) open_tree(0xffffffffffffffff, 0x0, 0x89901) umount2(&(0x7f0000000040)='.\x00', 0x2) syz_open_procfs(0x0, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000100)={'wpan4\x00'}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x10, 0x3, &(0x7f0000000040)=@framed={{0x85, 0x0, 0x0, 0x0, 0x19, 0x4, 0x0, 0x0, 0x8}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x803}, 0x94) 14.682434271s ago: executing program 4 (id=1811): ioperm(0x0, 0x33, 0x3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000200)=0x2110, 0x4) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000008c0)=0x5, 0x4) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001780), r4) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000017c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_QOS_MAP(r4, &(0x7f0000001900)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f0000001800)={0x30, r5, 0x1, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_QOS_MAP={0x14, 0xc7, {[{0xb2, 0x4}, {0x46, 0x6}, {0xe, 0x3}, {0x1}], "36c23104cd585935"}}]}, 0x30}, 0x1, 0x0, 0x0, 0x4c050}, 0x10) symlink(0x0, 0x0) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x12, 0xa01, 0x0, 0x0, {0x80}}, 0x26}}, 0x0) lremovexattr(&(0x7f00000043c0)='./file0\x00', &(0x7f0000004400)=@known='system.posix_acl_default\x00') bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xeb5, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) sendmsg$NL80211_CMD_START_AP(r4, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000040)={&(0x7f0000002180)={0xc0, r5, 0x8, 0x70bd25, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @acl_policy=[@NL80211_ATTR_ACL_POLICY={0x8}, @NL80211_ATTR_ACL_POLICY={0x8}, @NL80211_ATTR_MAC_ADDRS={0x4c, 0xa6, 0x0, 0x1, [{0xa}, {0xa, 0x6, @device_b}, {0xa}, {0xa, 0x6, @broadcast}, {0xa}, {0xa}]}, @NL80211_ATTR_MAC_ADDRS={0x34, 0xa6, 0x0, 0x1, [{0xa, 0x6, @device_b}, {0xa, 0x6, @broadcast}, {0xa}, {0xa, 0x6, @device_b}]}], @NL80211_ATTR_P2P_OPPPS={0x5}, @beacon, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x1}]}, 0xc0}}, 0x40015) clock_nanosleep(0x8, 0x1, 0x0, 0x0) 14.68163506s ago: executing program 3 (id=1812): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000900)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD(0x5, 0x0, 0xffffffffffffff8d) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014}, 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000f91f20207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r6}, 0xc) r7 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r7, 0x0, 0x60, 0x0, 0x0) r8 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) connect$unix(r0, &(0x7f0000000180)=@abs={0x1, 0x0, 0x4e21}, 0x6e) r9 = ioctl$LOOP_CTL_GET_FREE(r8, 0x4c82) ioctl$LOOP_CTL_REMOVE(r8, 0x4c81, r9) r10 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r10, &(0x7f0000000040)={0x3, 0x0, 0x0, 0x1, 0x7}, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, 0x0, 0x0) write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[], 0xa052) syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[], 0x2, 0x5513, &(0x7f0000000640)="$eJzs3EtvG9UXAPDjPNqk7b//CLFg15EqpESqrTiPCnYBWvEQqaICC1bg2I7l1vZEseOErFiwRCz4JggkViz5DCxYs0MsQOyQQJ6ZQMNDQooTk+b3k8Zn7vX1mXOtqtKZiRzApbWQ/PxjKW7GfERMR8SNiOy8VByZjTw8FxG3ImLqiaNUzP8+cSUirkXEzVHyPGepeOvTO8Pb6z+88dNX31yduf7Zl99ObtfApD0fEd3d/Pygm8e0lcdHxXxt2M5id21YxPyN7uNinObxoLmdZTioHa+rZXG1la+fj/3+KO50avVRbLV3svndXn7B/rB1nCf7wKPaXjZuNLez2O6nWWwd5XUdHuX/tx31B3meRpHvgyx9DAbHMZ9vHjbz/ew+zmK9Nyjm87xpo3k4isMiFpeLetppZHVsn+ab/m97s93bP0yGzb1+O+0l65XqC5Xq3XJ1L200B821cq3buLuWLLY6o2XlQbPW3WilaavTrNTT7lKy2KrXy9Vqsnivud2u9ZJqtbJaWS6vLxVnd5JXH7yTdBrJ4ii+3O7tD9qdfrKT7iX5J5aSlcrqi0vJ7Wry1uZWsvXw/v3Nrbffu/fug5c2X3+lWPSXspLFleWVlXJ1ubxSXbpE+/+oKHqM+4dTKU26AICLR/8PTMLZ9f97DyNO9v/p7vj7/9D/j8WF6n8ve/9/BvuHU9H/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcWt/Nfv5adrKQj68X8/8rpp4pxqWImIqIX//GdFw5kXO6yDP7D+tn/1TD16XIMoyucbU4rkXERnH88v+z/hYAAADg6fXFh7c+ybv1/GVh0gVxnvKbNlM33h9TvrmImF34fkzZpkYvz44pWfbveyYOx5Qtu4E1N6Zk+S23mXFl+1emT4S5J0IpD1PnWg4AAHAuTnYC59uFAAAAcJ4+nnQBTEYpjh9lHj8Lzv7y/o8HgvMnRgAAAMAFVJp0AQAAAMCZy/p/v/8HAAAAT7f89/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDf2Lmb2zSCMAzA3y5sAvlRUJR7WskNOsg1JeToo0UBboICfMAtuAFqwDeXYIHF7rA2FpIt7Z9sPY+0LLMaXr5BXGZGGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSXbFe3Fz+vmqas9s3085oAAAAgHO2xXpRvplV7a/p+ff06GdqZxGRR8S5ufsoPp1kjlJO8dT/+nn/4kUNtxFlwuE7PqfrS0T8SdfDj65/BQAAAPi4NsvVvJqtVy+zoQuiT9WiTf7tX0t5WUQUs/uW0vJD3q+Wwsr/9zgumgXUygWsSfOqKuWS27ittDepRnNctZscb9O6Q372Y3WRrY0dAADo0ejk1u8sBAAAgD79H7oAhpHFcSszbQXWe5xpe2960gIAAADeoWzoAgAAAIDOlfP/ns7/2792/t9f5/8BAABAJ6rz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjStlgvNsvVvGnObt9MO6MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhkf95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAePO7v/yfmBpnkrnXxtLzSLJ2amydGnvnxtEfxtevAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC+6He//J+YGmeSudPG0vFIsnbV2Lpq7D1oHD0Yb/8GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQGn09iROskNnHMfFuc29h0tZv3Wozzxe257PWhZHdSZ9MrxY/RB1m0sEAACAsyMp6/sQwk66vpD1cSev/9Pymqzm//bpcVzW84fr/rIva/+s/fLz7vP7A3XG42Q3vbk8HFw6mkrr/5vlbHvmL69o5U8+f/eS5F9I/N7qc6M0f57R1xsb77Tz8Fwd2QIA/8TFsi+C8vehrO83mRgAZ0arUniX9X/SaTYnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDqMVsOTZRyFEOZbkziztfdw6bj+8dr2fNmuPXq0Fr6c3DO7RRpCuLk8HFyqdTaz7d79B7cXh8PB3fqDl0IITY3+VjH92x9McXEIjTwfwX8UxMWXPSv5nIygwR9KAACcSmnRsrp+J11fyM5FcyH88d3B+v/VShymrP93P7y2WR2rWv/3a5vh7Out3Pm0d+/+g9eX7yzeGtwafPzG5f6b/SvXr1693svflfS8MQEAAODfaRetWv/Hc0fX/y9U4jBl/f/ZN/0vqmMl6v9jTRb9ms4EAADgbHv25d9/i445H7Xb4fPFlZW7/fFx//Pl8bGBVP+2c0Wr1v/JXNNZAQAAAHUYrUYH1v9vVOIw5fr/U9+/8GP1nkkI4Xyx/n9x6ZPhjfqmM9Pq+HPipucIAABAs84Xrbr+n+b7/+P9LQ9xCOG1V8Zx8W8Ap6r/k3e/+qE6VnX//5X6pjiT4u74eeR9N4RWt+mMAAAAOM2eKFpW7P+ari989NOF99v2/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADU7c8AAAD///BgPhM=") 11.27524117s ago: executing program 4 (id=1813): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000100001000000"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x3fffffffffffd75, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='dctcp', 0x5) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) r5 = syz_open_dev$vim2m(&(0x7f0000000300), 0x7ffd, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r5, 0xc100565c, &(0x7f0000000340)={0xfffffffd, 0x4005, 0x4, {0x1, @win={{0x0, 0xfff}, 0x0, 0x3, 0x0, 0x0, 0x0}}}) sendto$inet6(r0, &(0x7f00000002c0)="a644aebac2f418a0267314e7440e32159c7c31479cf145aeb4c8dcfbf275dd34eb4d5d0cd52bbd5ab0078dcba2f421379c600428ce3258a5f3fb426e39358c8424d5ff0867ca02996b66378c84d3ddadeb02552cce41d3fedf9b39d23a4f25155ebae7a019b4", 0x66, 0x20000045, 0x0, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='reno', 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) shutdown(r0, 0x1) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TYPE(r6, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, 0xd, 0x6, 0x801, 0x0, 0x0, {0x7, 0x0, 0xa}, [@IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000814}, 0x4000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'geneve0\x00'}) 10.908149642s ago: executing program 3 (id=1815): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, 0x0) 10.792519448s ago: executing program 5 (id=1816): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendto$llc(0xffffffffffffffff, 0x0, 0x0, 0x8005, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) shmdt(0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000100)={0x0, 0x0, 0x80000, 0x0, 0xffffffffffffffff}) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000180)=0x1, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000240)={'vlan0\x00', &(0x7f0000000200)=@ethtool_cmd={0x4f, 0x8001, 0x1a9, 0x0, 0x8, 0x7, 0x3, 0x40, 0x4, 0x1, 0x1, 0x1, 0x7, 0x10, 0xf, 0x1ff, [0x1a121cef, 0x3]}}) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x800, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 9.682569573s ago: executing program 4 (id=1817): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000240)={r0, r1, 0x1, 0x0, @void}, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) signalfd(0xffffffffffffffff, &(0x7f0000000100)={[0x8]}, 0x8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x100000, &(0x7f0000000800)=ANY=[@ANYBLOB='trans=fd', @ANYBLOB="48c0000000", @ANYBLOB="2c667363616368652c6673757569643d61546332386535612d333030302d333864302d64c133302d32643633356135322c7065726d69745f646972656374696f2c", @ANYRESDEC]) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x84}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x8031, 0xffffffffffffffff, 0xf6bf000) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6(0xa, 0x80002, 0x0) 8.679126372s ago: executing program 3 (id=1818): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket(0x25, 0x1, 0x0) sendmmsg$unix(r4, &(0x7f0000004400), 0x400000000000203, 0x0) r5 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'tunl0\x00', 0x0}) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r8) sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x1c, r9, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x4008004) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000540)) sendto$packet(r0, &(0x7f0000000080)="33031600d1fd140000007ef52f555f2a3b9fe67025c1d97bfbf719143baa4b1f0f858c6632f47042195e", 0xfdef, 0x40008c1, &(0x7f00000000c0)={0x11, 0x86dd, r6, 0x1, 0x62}, 0x14) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0xe, 0xfeff, &(0x7f0000000100)="e0857f9f582f0300000000000000", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 7.014398139s ago: executing program 4 (id=1819): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, 0x0) bind$can_j1939(r3, &(0x7f0000000340)={0x1d, 0x0, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) 6.65818674s ago: executing program 0 (id=1820): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) 5.087011472s ago: executing program 3 (id=1821): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$ptp0(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b4080000b62c851373113900000000008510"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94) write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) unshare(0x2c020400) msgget$private(0x0, 0x0) r3 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') r4 = openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff) write$binfmt_script(r4, &(0x7f0000000080)={'#! ', './file1', [{}]}, 0x2) close(r4) execveat$binfmt(0xffffffffffffff9c, r3, 0x0, 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.parent_freezing\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000040), 0xfea7) 5.015102566s ago: executing program 0 (id=1822): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x14, 0x0, 0xffffffffffffffdc) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x800, 0x0, 0x2, 0x1}, 0x20) mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='minix\x00', 0x0, 0x0) r4 = add_key$fscrypt_v1(&(0x7f00000002c0), &(0x7f0000000300)={'fscrypt:', @desc4}, &(0x7f0000000440)={0x0, "8527d2100090af54bfbca283be11c0de7af30e90937920fcba13d90af61beaa44d66a6535daf1bc35fb3af1e9197e31d26589d073c10184095fb00", 0x14}, 0x48, 0xffffffffffffffff) r5 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x40, 0x0) open_tree(r5, &(0x7f0000000640)='\x00', 0x9901) keyctl$unlink(0x9, r4, 0xffffffffffffffff) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004080}, 0x48810) recvmsg(r6, 0x0, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) close(r3) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="018d008dffff"}) 3.73765077s ago: executing program 3 (id=1823): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1a1) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='mqueue\x00', 0x200011, 0x0) mq_open(0x0, 0x40, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') syz_init_net_socket$x25(0x9, 0x5, 0x0) ioprio_set$pid(0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000200)={0xa, 0x4e24, 0x2, @empty}, 0x1c) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x66, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', '#\x00'}, 0x28) writev(r3, &(0x7f0000000740)=[{&(0x7f0000000280)="581a17919cc77431510e7fc4ed9fb860505f1495ff92f16a44f8a13d58751d926def1f80b315bdc726cdd8", 0x2b}], 0x1) syz_emit_vhci(&(0x7f00000007c0)=ANY=[@ANYBLOB], 0x9) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) 3.721506251s ago: executing program 0 (id=1824): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000003d40), 0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x4}}}]}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "be"}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$F2FS_IOC_SET_COMPRESS_OPTION(r3, 0x4002f516, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) r4 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000500)=[@in6={0xa, 0x4e23, 0x9, @remote, 0x9}, @in={0x2, 0x4e23, @local}, @in6={0xa, 0x4e23, 0x1, @private2, 0x2000000}, @in={0x2, 0x4e23, @local}], 0x58) syz_emit_ethernet(0x2a, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0xfb, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) r5 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$tipc(r5, &(0x7f0000003200)=@name={0x1e, 0x2, 0x1, {{0x2, 0x3}}}, 0x8) ioctl$sock_netdev_private(0xffffffffffffffff, 0x8971, &(0x7f0000000180)="4e86449e78b23a") sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x7, 0x0, 0x0, {{@in=@remote, @in=@multicast2, 0x4e20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x4d5, 0x5e}, @in6=@private0, {0x1, 0x0, 0x2, 0xfffffffffffffffc, 0x10000000, 0xad, 0x1}, {0x0, 0x200000, 0x7}, {0x40000, 0xfffffffd, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x74}}, 0xf0}, 0x1, 0x0, 0x0, 0x80}, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_MPP(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)={0x14, r6, 0x400, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x40005) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000980)=@base={0xa, 0x8, 0x1, 0x40, 0x42}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000140), 0x1003, r7}, 0x38) bpf$MAP_LOOKUP_ELEM(0x15, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000004180)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @local, @local, {[], {{0x8000, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x42, 0x100}}}}}}}, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0x58}, 0xfffffffffffffda3) 3.544202682s ago: executing program 5 (id=1825): epoll_create1(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x800) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000001000010429bd7000000000000000", @ANYRES32=0x0, @ANYBLOB="2b030000000000002000128008000100677470001400028008000100", @ANYRES32=r4, @ANYBLOB="080002"], 0x40}}, 0x8080) 3.186623283s ago: executing program 0 (id=1826): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, 0x0) 2.281425795s ago: executing program 5 (id=1827): io_setup(0x8, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(0xffffffffffffffff, 0xf503, 0x0) r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x5]}, 0x8, 0x800) fgetxattr(r0, &(0x7f0000000040)=@random={'security.', 'nl80211\x00'}, &(0x7f0000000080)=""/179, 0xb3) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000740)='./file0\x00', 0x10040, &(0x7f0000000100)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@barrier_val={'barrier', 0x3d, 0xde2}}]}, 0xfd, 0x269, &(0x7f0000000a00)="$eJzs3U9oHFUcB/Df7B/jJotEvQjiHxARDYR4E7zEi0JAQhARVIiIeJJEiAnesp68eNCzSkDwEkpvTXssvYReWgo9pW0O6aXQhh4aemgPW3Znt2ySDW33b9n5fGCYmbz35r0J832zLMxsAJk1GRGzEZGPiKmIKEZE0lrh7XSZbOxulLYXI6rVL+4m9XrpfqrZbiIiKhHxUUShWba29c3e/Z3P3vtjtfju/1tflwZ1fq3293Y/P/h3/vczcx+uXb56ez6J2Sg3ylrPo5eSNn8rJBGv9KOz50RSGPYIeBoLv56+Vsv9qxHxTj3/xcg1IvvnygsXivHBPye1/evOldcHOVag96rVYu0eWKkCmZOLiHIkuemISLdzuenp9DP89fx47qfllV+mflxeXfph2DMV0CvlSHY/PTd2duJI/m/l0/wDo6scsfvlwuaN2vZBftijAfqm9dv2N9JVLf9T362/H/IPmSP/kF3yD9kl/zACOsyu/EN2dZP/F/s0JmAw3P9hhBWbG5W2xfIP2SX/MKL+a/fU6WHyD9nVmn8AIFuqY8N+AhkYlmHPPwAAAAAAAAAAAAAAAAAAwHEbpe3F5jKoPi/+HbH/SUQU2vWfr/8ecfNt4+P3klq1x5K0WVe+favLA3TpVM+evi511Oqlm73qvzOX3uzPcX87vHviP2d9KaJSqzxTKBy//pLG9de5l59QXvy+yw6e0dG3An781WD7P+rh5nD7n9uJOF+bf2bazT+5eK2+bj//lFtfsdyhnx90eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG5lEAAAD//4oibec=") r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) pwritev2(r2, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0) rename(0x0, &(0x7f0000000640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') mknod$loop(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, 0x1) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x804071, 0x0, 0x3, 0x0, &(0x7f0000000140)) link(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90) getdents64(r3, &(0x7f0000001f80)=""/4097, 0x1001) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TCSBRKP(r4, 0x5425, 0x0) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000044, &(0x7f0000000380), 0x1, 0x55e, &(0x7f00000003c0)="$eJzs3d9rW+UbAPDnpM1+f7/rYAwVkcIunMyla+uPCV7MS9HhQO9naM/KaLqMJh1rHbhduBtvZAgiDsR7vfdKhv+Af8VAB0NG0QtvKic9abs1adIuWzrz+cDZ3jfnJO95cs7z9n1zTkgAA2s0+6cQ8WJEfJVEHI6IJF83HPnK0dXtlh9en8qWJFZWPv4zaWyX1Zuv1XzewbzyQkT8+kXEycLmdmuLS7PlSiWdz+tj9bkrY7XFpVOX5soz6Ux6eWJy8sybkxPvvP1Wz2J97fzf33509/0zXx5f/uan+0duJ3E2DuXrNsbxBG5srIzGaP6eFOPsYxuOr/7XizZ3haTfO8CODOV5XoysDzgcQ3nWA/99n0fECjCgEvkPA6o5DmjO7Xs0D35uPHhvdQK0Of7h1c9GYl9jbnRgOXlkZpTNd0d60H7Wxs9/3LmdLdG7zyEAOrpxMyJODw9v7v+SvP/budNdbPN4G/o/eHbuZuOf11uNfwpr459oMf452CJ3d6Jz/hfu96CZtrLx37stx79rF61GhvLa/xpjvmJy8VIlzfq2/0fEiSjuzerjW7RxZvneSrt1G8d/2ZK13xwL5vtxf3jvo8+ZLtfLTxLzRg9uRrzUcvybrB3/pMXxz96P8122cSy980q7dZ3jf7pWfoh4teXxX7+ilWx9fXKscT6MNc+Kzf66dey3du33O/7s+B/YOv6RZOP12tr22/h+3z9pu3WPxB/dn/97kk8a5T35Y9fK9fr8eMSe5MPNj0+sP7dZb26fxX/i+Nb93/r5/8va6+yPiE+7jP/W0R9f3tdN/H06/tPbOv7bL9z74LPv2rXfXf/3RqN0In+km/6vw34VY8dnMwAAAAAAAOxehYg4FEmhtFYuFEql1fs7jsaBQqVaq5+8WF24PB2N78qORLHQvNJ9eMP9EOP5/bDN+sRj9cmIOBIRXw/tb9RLU9XKdL+DBwAAAAAAAAAAAAAAAAAAgF3iYJvv/2d+H+r33gFPnZ/8hsHVMf978UtPwK7k7z8MLvkPg0v+w+CS/zC45D8MLvkPg0v+w+CS/wAAAAAAAAAAAAAAAAAAAAAAAAAAANBT58+dy5aV5YfXp7L69NXFhdnq1VPTaW22NLcwVZqqzl8pzVSrM5W0NFWd6/R6lWr1yvhELFwbq6e1+lhtcenCXHXhcv3CpbnyTHohLT6TqAAAAAAAAAAAAAAAAAAAAOD5Ultcmi1XKum8gsKOCsO7YzcUelzod88EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOv+DQAA//8Kozfs") pwritev2(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xffffffc2}], 0x1, 0x7800, 0x0, 0x0) 1.324617991s ago: executing program 3 (id=1828): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, 0x0) bind$can_j1939(r3, &(0x7f0000000340)={0x1d, 0x0, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r4, r4) 1.230187247s ago: executing program 0 (id=1829): r0 = io_uring_setup(0x4dc2, 0x0) io_uring_register$IORING_REGISTER_FILES(r0, 0x2, 0x0, 0x0) 0s ago: executing program 0 (id=1830): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) kernel console output (not intermixed with test programs): T6631] team0: Failed to send port change of device team_slave_1 via netlink (err -105) [ 205.561574][ T6631] team0: Port device team_slave_1 removed [ 205.629595][ T6631] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 205.660955][ T6631] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 205.688865][ T6631] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 205.727357][ T6631] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 205.806211][ T6634] team0: Mode changed to "activebackup" [ 208.057028][ T6673] syz.1.183 (6673) used greatest stack depth: 16296 bytes left [ 211.824761][ T6702] xt_CT: You must specify a L4 protocol and not use inversions on it [ 218.023347][ T6744] overlayfs: failed to clone lowerpath [ 221.788281][ T6769] loop3: detected capacity change from 0 to 512 [ 222.854588][ T6769] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 223.474266][ T28] audit: type=1804 audit(1771016961.452:4): pid=6778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.202" name="/newroot/48/file0/file1" dev="loop3" ino=15 res=1 errno=0 [ 223.735787][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 224.739856][ T6785] loop3: detected capacity change from 0 to 512 [ 224.820969][ T6785] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 224.922335][ T6785] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 224.950414][ T6785] ext4 filesystem being mounted at /49/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 225.033936][ T6791] overlayfs: failed to clone upperpath [ 227.727665][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 228.585960][ T6800] xt_CT: You must specify a L4 protocol and not use inversions on it [ 229.577424][ T6807] bridge_slave_0: left allmulticast mode [ 229.583272][ T6807] bridge_slave_0: left promiscuous mode [ 229.642608][ T6807] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.711673][ T6807] bridge_slave_1: left allmulticast mode [ 229.754856][ T6807] bridge_slave_1: left promiscuous mode [ 229.771544][ T6807] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.823939][ T6807] bond0: (slave bond_slave_0): Releasing backup interface [ 230.141144][ T6807] bond0: (slave bond_slave_1): Releasing backup interface [ 230.161107][ T6807] team_slave_0: left promiscuous mode [ 230.911243][ T6807] team0: Port device team_slave_0 removed [ 230.949306][ T6807] team_slave_1: left promiscuous mode [ 230.972182][ T6807] team0: Port device team_slave_1 removed [ 231.003425][ T6807] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 231.021483][ T6807] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 231.040156][ T6807] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 231.074777][ T6807] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 231.112877][ T6809] team0: Mode changed to "activebackup" [ 231.171130][ T6815] netlink: 'syz.2.213': attribute type 3 has an invalid length. [ 231.179232][ T6815] netlink: 'syz.2.213': attribute type 3 has an invalid length. [ 235.690698][ T6848] overlayfs: failed to clone upperpath [ 246.622987][ T6957] loop3: detected capacity change from 0 to 512 [ 246.744885][ T6957] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 247.267892][ T6957] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #15: comm syz.3.244: inode has both inline data and extents flags [ 247.364528][ T6957] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.244: couldn't read orphan inode 15 (err -117) [ 247.390200][ T6957] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 248.081372][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 252.405971][ T7006] overlayfs: failed to clone upperpath [ 255.958193][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.964579][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.409190][ T7043] tipc: Enabling of bearer rejected, failed to enable media [ 271.552304][ T7129] netlink: 14 bytes leftover after parsing attributes in process `syz.3.286'. [ 276.492412][ T7158] vlan2: entered promiscuous mode [ 276.498377][ T7158] bridge0: entered promiscuous mode [ 276.527011][ T7164] bridge0: port 3(hsr0) entered blocking state [ 276.548696][ T7164] bridge0: port 3(hsr0) entered disabled state [ 276.567798][ T7164] hsr0: entered allmulticast mode [ 276.592371][ T7164] hsr_slave_0: entered allmulticast mode [ 276.602078][ T7164] hsr_slave_1: entered allmulticast mode [ 276.618871][ T7164] hsr0: entered promiscuous mode [ 276.625819][ T7164] bridge0: port 3(hsr0) entered blocking state [ 276.632096][ T7164] bridge0: port 3(hsr0) entered forwarding state [ 276.844145][ T7167] 8021q: adding VLAN 0 to HW filter on device bond1 [ 276.923164][ T7168] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 276.949975][ T7168] bond1: (slave macvlan2): Enslaving as a backup interface with a down link [ 284.510599][ T7238] overlayfs: failed to clone lowerpath [ 287.547563][ T7289] loop3: detected capacity change from 0 to 16 [ 287.570812][ T7289] erofs: (device loop3): mounted with root inode @ nid 36. [ 287.734772][ T7290] 8021q: VLANs not supported on lo [ 287.905622][ T7290] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 287.962663][ T7290] erofs: (device loop3): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 297.527840][ T7340] loop3: detected capacity change from 0 to 1764 [ 298.710799][ T7338] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 299.944404][ T7348] fuse: Bad value for 'fd' [ 310.225278][ T51] Bluetooth: hci3: unexpected event for opcode 0x041b [ 311.758561][ T7418] netlink: 'syz.2.350': attribute type 1 has an invalid length. [ 311.901078][ T7418] bond2: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 311.946887][ T7418] veth3: entered promiscuous mode [ 311.956973][ T7418] bond2: (slave veth3): Enslaving as a backup interface with a down link [ 312.036297][ T7418] netlink: 28 bytes leftover after parsing attributes in process `syz.2.350'. [ 312.047225][ T7418] 8021q: adding VLAN 0 to HW filter on device bond2 [ 312.066217][ T11] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 312.261323][ T11] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 314.569102][ T7445] loop3: detected capacity change from 0 to 512 [ 314.588366][ T7445] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 315.188173][ T7445] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 315.505307][ T7445] ext4 filesystem being mounted at /75/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 317.329575][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.422430][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.476848][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 318.708403][ T7470] loop3: detected capacity change from 0 to 256 [ 319.009966][ T7470] FAT-fs (loop3): Directory bread(block 64) failed [ 319.034360][ T7470] FAT-fs (loop3): Directory bread(block 65) failed [ 319.053287][ T7470] FAT-fs (loop3): Directory bread(block 66) failed [ 319.204990][ T7470] FAT-fs (loop3): Directory bread(block 67) failed [ 319.211701][ T7470] FAT-fs (loop3): Directory bread(block 68) failed [ 320.014793][ T7470] FAT-fs (loop3): Directory bread(block 69) failed [ 320.059640][ T7470] FAT-fs (loop3): Directory bread(block 70) failed [ 320.083095][ T7470] FAT-fs (loop3): Directory bread(block 71) failed [ 320.111453][ T7470] FAT-fs (loop3): Directory bread(block 72) failed [ 320.123797][ T7470] FAT-fs (loop3): Directory bread(block 73) failed [ 321.479120][ T7491] loop3: detected capacity change from 0 to 256 [ 332.768319][ T7568] loop3: detected capacity change from 0 to 512 [ 332.788667][ T7568] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 333.897458][ T7568] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 333.920877][ T7568] ext4 filesystem being mounted at /82/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 335.817547][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 338.617656][ T5783] Bluetooth: hci0: command 0x0406 tx timeout [ 340.510789][ T7609] warning: `syz.0.393' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 344.189069][ T7641] tipc: Enabling of bearer rejected, failed to enable media [ 349.726735][ T7684] netlink: 'syz.3.410': attribute type 10 has an invalid length. [ 349.812871][ T7684] bridge0: port 3(hsr0) entered disabled state [ 350.484883][ T7684] hsr0: left allmulticast mode [ 350.497013][ T7684] hsr_slave_0: left allmulticast mode [ 350.502447][ T7684] hsr_slave_1: left allmulticast mode [ 350.509778][ T7684] bridge0: port 3(hsr0) entered disabled state [ 351.356073][ T7684] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 351.389277][ T7684] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 351.412544][ T7684] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 351.438785][ T7684] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 351.991008][ T7704] overlayfs: failed to clone lowerpath [ 353.813542][ T7724] (null): rxe_set_mtu: Set mtu to 1024 [ 353.825806][ T7724] wg2 speed is unknown, defaulting to 1000 [ 353.846919][ T7724] wg2 speed is unknown, defaulting to 1000 [ 353.867020][ T7724] wg2 speed is unknown, defaulting to 1000 [ 354.433906][ T7724] infiniband syz2: set active [ 354.439062][ T7724] infiniband syz2: added wg2 [ 354.487861][ T5826] wg2 speed is unknown, defaulting to 1000 [ 354.512571][ T7724] RDS/IB: syz2: added [ 354.517517][ T7724] smc: adding ib device syz2 with port count 1 [ 354.523966][ T7724] smc: ib device syz2 port 1 has pnetid [ 354.534666][ T7724] wg2 speed is unknown, defaulting to 1000 [ 354.694254][ T7724] wg2 speed is unknown, defaulting to 1000 [ 355.353159][ T7724] wg2 speed is unknown, defaulting to 1000 [ 355.485696][ T5857] wg2 speed is unknown, defaulting to 1000 [ 355.544029][ T7724] wg2 speed is unknown, defaulting to 1000 [ 355.955257][ T5783] Bluetooth: hci2: unexpected event for opcode 0x0c7d [ 358.654884][ T7745] sctp: [Deprecated]: syz.0.423 (pid 7745) Use of int in maxseg socket option. [ 358.654884][ T7745] Use struct sctp_assoc_value instead [ 360.817632][ T7762] overlayfs: overlapping lowerdir path [ 365.949746][ T7808] overlayfs: failed to clone lowerpath [ 368.169065][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 368.233045][ T7821] netlink: 20 bytes leftover after parsing attributes in process `syz.0.441'. [ 368.258510][ T7821] netlink: 20 bytes leftover after parsing attributes in process `syz.0.441'. [ 370.378970][ T7843] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 370.388996][ T7843] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 370.397905][ T7843] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 370.407018][ T7843] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 370.465974][ T7843] vxlan0: entered promiscuous mode [ 370.487658][ T7843] team0: Port device vxlan0 added [ 370.855861][ T7847] loop3: detected capacity change from 0 to 32768 [ 371.480938][ T7853] ERROR: (device loop3): dbAlloc: the hint is outside the map [ 371.480938][ T7853] [ 371.523207][ T7853] ERROR: (device loop3): remounting filesystem as read-only [ 371.540086][ T7853] syz.3.443: attempt to access beyond end of device [ 371.540086][ T7853] loop3: rw=2049, sector=44032, nr_sectors = 8 limit=32768 [ 371.685024][ T112] blkno = 1580, nblocks = 1 [ 371.689645][ T112] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map [ 371.689645][ T112] [ 373.516194][ T5783] Bluetooth: hci2: command 0x0406 tx timeout [ 376.967622][ T7883] loop3: detected capacity change from 0 to 1024 [ 379.578035][ T5783] Bluetooth: hci3: command 0x0406 tx timeout [ 379.584642][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.590991][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 383.935367][ T7934] sctp: [Deprecated]: syz.2.468 (pid 7934) Use of int in maxseg socket option. [ 383.935367][ T7934] Use struct sctp_assoc_value instead [ 385.171869][ T7926] netlink: 'syz.0.476': attribute type 10 has an invalid length. [ 385.187082][ T7926] hsr0: entered promiscuous mode [ 385.195052][ T7926] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 385.207185][ T7926] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 385.218032][ T7926] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 385.230384][ T7926] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 390.383158][ T7978] netlink: 'syz.3.474': attribute type 1 has an invalid length. [ 390.432081][ T7978] 8021q: adding VLAN 0 to HW filter on device bond1 [ 390.467762][ T7978] macvlan2: entered promiscuous mode [ 390.515031][ T7978] macvlan2: entered allmulticast mode [ 390.523613][ T7978] bond1: entered allmulticast mode [ 390.529050][ T7978] bond1: entered promiscuous mode [ 390.535104][ T7978] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 390.544411][ T7978] team0: Port device macvlan2 added [ 390.608759][ T7980] bond1: (slave ip6gretap1): making interface the new active one [ 390.624540][ T7980] ip6gretap1: entered promiscuous mode [ 390.641152][ T7980] ip6gretap1: entered allmulticast mode [ 390.656435][ T7980] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 390.982709][ T7989] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 391.009412][ T7989] CIFS: Unable to determine destination address [ 391.543995][ T7993] loop3: detected capacity change from 0 to 16 [ 391.554254][ T7993] erofs: (device loop3): erofs_read_inode: unsupported chunk format fe00 of nid 36 [ 391.734723][ T7976] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 392.751078][ T5826] libceph: connect (1)[c::]:6789 error -101 [ 392.765273][ T5826] libceph: mon0 (1)[c::]:6789 connect error [ 392.914753][ T8006] ceph: No mds server is up or the cluster is laggy [ 393.037953][ T5826] libceph: connect (1)[c::]:6789 error -101 [ 393.046303][ T5826] libceph: mon0 (1)[c::]:6789 connect error [ 393.845857][ T8028] loop3: detected capacity change from 0 to 512 [ 393.867199][ T8028] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 393.904238][ T8028] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 393.929221][ T8028] ext4 filesystem being mounted at /106/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 394.036926][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 395.319542][ T8044] loop3: detected capacity change from 0 to 128 [ 395.398130][ T8044] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 396.841147][ T28] audit: type=1800 audit(1771017135.032:5): pid=8046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.496" name="SYSV00000000" dev="hugetlbfs" ino=4 res=0 errno=0 [ 397.727637][ T8067] sctp: [Deprecated]: syz.3.501 (pid 8067) Use of int in maxseg socket option. [ 397.727637][ T8067] Use struct sctp_assoc_value instead [ 397.962231][ T8067] loop3: detected capacity change from 0 to 256 [ 400.502292][ T8096] loop3: detected capacity change from 0 to 128 [ 400.542515][ T8096] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 402.671160][ T8105] trusted_key: syz.3.510 sent an empty control message without MSG_MORE. [ 406.829576][ T8134] loop3: detected capacity change from 0 to 1024 [ 407.387488][ T8139] sctp: [Deprecated]: syz.1.514 (pid 8139) Use of int in maxseg socket option. [ 407.387488][ T8139] Use struct sctp_assoc_value instead [ 408.595755][ T28] audit: type=1800 audit(1771017146.742:6): pid=8141 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.511" name="file1" dev="loop3" ino=20 res=0 errno=0 [ 414.076894][ T8183] loop3: detected capacity change from 0 to 1024 [ 414.861718][ T8189] hfsplus: xattr search failed [ 415.043457][ T78] hfsplus: b-tree write err: -5, ino 4 [ 423.889541][ T8] IPVS: starting estimator thread 0... [ 424.036563][ T8276] IPVS: using max 18 ests per chain, 43200 per kthread [ 425.999203][ T8294] netlink: 12 bytes leftover after parsing attributes in process `syz.1.557'. [ 427.078772][ T8302] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 428.314977][ T8290] sctp: failed to load transform for md5: -2 [ 437.197908][ T8383] loop3: detected capacity change from 0 to 4096 [ 438.842337][ T28] audit: type=1800 audit(1771017177.032:7): pid=8395 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.575" name="file1" dev="loop3" ino=33 res=0 errno=0 [ 440.190698][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.201001][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 444.960573][ T8452] loop3: detected capacity change from 0 to 128 [ 444.977636][ T8452] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 445.116959][ T8457] loop3: detected capacity change from 0 to 128 [ 445.137898][ T8457] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 446.329528][ T8471] xt_CT: You must specify a L4 protocol and not use inversions on it [ 448.913637][ T8491] overlayfs: failed to clone upperpath [ 450.216118][ T8501] loop3: detected capacity change from 0 to 512 [ 450.229227][ T8501] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 450.328806][ T8501] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 450.904269][ T8501] ext4 filesystem being mounted at /131/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 453.713494][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 454.216629][ T8537] loop3: detected capacity change from 0 to 128 [ 454.234345][ T8537] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 455.149727][ T8544] tipc: Enabling of bearer rejected, failed to enable media [ 457.760109][ T8569] loop3: detected capacity change from 0 to 512 [ 457.778101][ T8569] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 457.827156][ T8569] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 457.847048][ T8569] ext4 filesystem being mounted at /134/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 459.785245][ T8585] syz.0.620 uses obsolete (PF_INET,SOCK_PACKET) [ 460.644271][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 460.981110][ T8604] loop3: detected capacity change from 0 to 512 [ 461.025207][ T8604] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 461.099210][ T8604] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 461.328336][ T8604] ext4 filesystem being mounted at /135/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 464.014392][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 472.809881][ T28] audit: type=1326 audit(1771017210.612:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8699 comm="syz.0.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf2cf9bf79 code=0x7ffc0000 [ 473.957838][ T28] audit: type=1326 audit(1771017210.612:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8699 comm="syz.0.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf2cf9bf79 code=0x7ffc0000 [ 473.980916][ T28] audit: type=1326 audit(1771017210.712:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8699 comm="syz.0.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fbf2cf9bf79 code=0x7ffc0000 [ 474.028598][ T28] audit: type=1326 audit(1771017210.712:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8699 comm="syz.0.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf2cf9bf79 code=0x7ffc0000 [ 474.082061][ T28] audit: type=1326 audit(1771017210.712:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8699 comm="syz.0.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf2cf9bf79 code=0x7ffc0000 [ 474.322666][ T28] audit: type=1326 audit(1771017210.812:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8699 comm="syz.0.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=297 compat=0 ip=0x7fbf2cf9bf79 code=0x7ffc0000 [ 474.848975][ T28] audit: type=1326 audit(1771017210.812:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8699 comm="syz.0.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf2cf9bf79 code=0x7ffc0000 [ 474.920709][ T28] audit: type=1326 audit(1771017210.812:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8699 comm="syz.0.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf2cf9bf79 code=0x7ffc0000 [ 475.076275][ T28] audit: type=1326 audit(1771017210.812:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8699 comm="syz.0.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fbf2cf9bf79 code=0x7ffc0000 [ 475.183687][ T28] audit: type=1326 audit(1771017210.812:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8699 comm="syz.0.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf2cf9bf79 code=0x7ffc0000 [ 476.626738][ T8723] loop3: detected capacity change from 0 to 512 [ 476.735153][ T8723] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 478.407132][ T8729] xt_CT: No such helper "pptp" [ 479.597328][ T8723] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 479.633310][ T8723] ext4 filesystem being mounted at /139/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 480.338019][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 482.816553][ T8767] netlink: 'syz.2.665': attribute type 1 has an invalid length. [ 484.879195][ T8767] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address [ 484.893732][ T8767] bond3: (slave vxcan3): Error -95 calling set_mac_address [ 485.216001][ T8782] netlink: 20 bytes leftover after parsing attributes in process `syz.2.665'. [ 485.347558][ T8782] bond3: (slave bridge1): Enslaving as an active interface with a down link [ 485.434848][ T8783] netlink: 28 bytes leftover after parsing attributes in process `syz.2.665'. [ 485.515480][ T8783] 8021q: adding VLAN 0 to HW filter on device bond3 [ 485.593418][ T8784] macvlan3: entered promiscuous mode [ 485.624243][ T8784] macvlan3: entered allmulticast mode [ 485.877468][ T8784] bond3: entered promiscuous mode [ 485.883288][ T8784] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 486.270693][ T8784] bond3: left promiscuous mode [ 489.863721][ T8806] xt_SECMARK: invalid mode: 2 [ 490.901922][ T8814] trusted_key: encrypted_key: insufficient parameters specified [ 491.077092][ T8821] netlink: 'syz.3.679': attribute type 10 has an invalid length. [ 491.117916][ T8821] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 493.490736][ T786] libceph: connect (1)[c::]:6789 error -101 [ 493.519361][ T786] libceph: mon0 (1)[c::]:6789 connect error [ 493.789393][ T8834] ceph: No mds server is up or the cluster is laggy [ 493.805304][ T23] libceph: connect (1)[c::]:6789 error -101 [ 493.811378][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 495.071296][ T8856] loop3: detected capacity change from 0 to 256 [ 495.083756][ T8856] FAT-fs (loop3): Unrecognized mount option "nnonumtail=1" or missing value [ 495.157378][ T8858] xt_hashlimit: overflow, try lower: 18446744073709551615/255 [ 496.358815][ T8863] tipc: Started in network mode [ 496.363765][ T8863] tipc: Node identity a6afaa1367eb, cluster identity 4711 [ 496.374922][ T8861] xt_SECMARK: invalid mode: 2 [ 496.392525][ T8863] tipc: Enabled bearer , priority 0 [ 496.400459][ T8865] netlink: 24 bytes leftover after parsing attributes in process `syz.2.691'. [ 496.414974][ T8863] syzkaller0: entered promiscuous mode [ 496.420480][ T8863] syzkaller0: entered allmulticast mode [ 496.449057][ T8863] tipc: Resetting bearer [ 496.462596][ T8862] tipc: Resetting bearer [ 496.503635][ T8862] tipc: Disabling bearer [ 498.425671][ T8888] netlink: 84 bytes leftover after parsing attributes in process `syz.3.699'. [ 498.439376][ T8888] netlink: 'syz.3.699': attribute type 1 has an invalid length. [ 499.570251][ T8905] tipc: Enabling of bearer rejected, failed to enable media [ 499.827040][ T8911] loop3: detected capacity change from 0 to 512 [ 499.876863][ T8911] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 500.178772][ T8911] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 500.580212][ T8911] ext4 filesystem being mounted at /156/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 501.629810][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.636525][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.130679][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 503.321359][ T8947] xt_TCPMSS: Only works on TCP SYN packets [ 509.148878][ T8994] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 510.994802][ T9005] 9pnet_fd: Insufficient options for proto=fd [ 512.540260][ T9018] loop3: detected capacity change from 0 to 512 [ 513.078118][ T9018] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 513.297196][ T9018] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 513.329647][ T9018] ext4 filesystem being mounted at /161/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 513.946223][ T9040] netlink: 165 bytes leftover after parsing attributes in process `syz.0.732'. [ 515.352901][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 518.983536][ T28] kauditd_printk_skb: 11 callbacks suppressed [ 518.983553][ T28] audit: type=1326 audit(1771017257.152:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9069 comm="syz.0.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf2cf9bf79 code=0x7ffc0000 [ 523.974822][ T28] audit: type=1326 audit(1771017257.152:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9069 comm="syz.0.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf2cf9bf79 code=0x7ffc0000 [ 524.079234][ T28] audit: type=1326 audit(1771017257.162:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9069 comm="syz.0.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7fbf2cf9bf79 code=0x7ffc0000 [ 525.433937][ T28] audit: type=1326 audit(1771017257.162:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9069 comm="syz.0.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf2cf9bf79 code=0x7ffc0000 [ 525.734639][ T28] audit: type=1326 audit(1771017257.162:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9069 comm="syz.0.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf2cf9bf79 code=0x7ffc0000 [ 525.927798][ T28] audit: type=1326 audit(1771017257.162:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9069 comm="syz.0.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbf2cf9bf79 code=0x7ffc0000 [ 525.950841][ T28] audit: type=1326 audit(1771017257.162:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9069 comm="syz.0.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf2cf9bf79 code=0x7ffc0000 [ 525.973094][ T28] audit: type=1326 audit(1771017257.162:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9069 comm="syz.0.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fbf2cf9bf79 code=0x7ffc0000 [ 525.995194][ T28] audit: type=1326 audit(1771017257.162:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9069 comm="syz.0.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf2cf9bf79 code=0x7ffc0000 [ 526.017400][ T28] audit: type=1326 audit(1771017257.162:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9069 comm="syz.0.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf2cf9bf79 code=0x7ffc0000 [ 526.073703][ T28] audit: type=1326 audit(1771017257.162:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9069 comm="syz.0.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fbf2cf9bf79 code=0x7ffc0000 [ 526.257099][ T28] audit: type=1326 audit(1771017257.162:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9069 comm="syz.0.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf2cf9bf79 code=0x7ffc0000 [ 532.896922][ T23] libceph: connect (1)[c::]:6789 error -101 [ 532.903044][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 533.069367][ T9152] ceph: No mds server is up or the cluster is laggy [ 535.164091][ T9178] xt_hashlimit: overflow, try lower: 18446744073709551615/255 [ 535.889143][ T9184] xt_TCPMSS: Only works on TCP SYN packets [ 540.060809][ T9220] syz_tun: entered allmulticast mode [ 540.107932][ T9220] fuse: Bad value for 'fd' [ 540.127563][ T9220] syz_tun: left allmulticast mode [ 540.235028][ T8011] libceph: connect (1)[c::]:6789 error -101 [ 540.254904][ T8011] libceph: mon0 (1)[c::]:6789 connect error [ 540.598275][ T8011] libceph: connect (1)[c::]:6789 error -101 [ 540.606475][ T8011] libceph: mon0 (1)[c::]:6789 connect error [ 541.041624][ T9217] ceph: No mds server is up or the cluster is laggy [ 548.977156][ T9308] loop3: detected capacity change from 0 to 4096 [ 548.996706][ T9308] ext4: Unknown parameter 'noacl' [ 549.303891][ T9314] loop3: detected capacity change from 0 to 128 [ 549.326282][ T9314] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 550.701482][ T9319] syz.3.800 (9319): drop_caches: 2 [ 553.856032][ T9337] lo: entered allmulticast mode [ 553.932239][ T9339] netlink: 4 bytes leftover after parsing attributes in process `syz.3.802'. [ 554.011656][ T9336] lo: left allmulticast mode [ 557.540832][ T8011] Process accounting resumed [ 558.930424][ T9378] loop3: detected capacity change from 0 to 512 [ 558.941972][ T9378] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 558.981788][ T9378] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 559.002998][ T9378] ext4 filesystem being mounted at /183/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 563.085172][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.091541][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.107599][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 566.492013][ T9467] netlink: 8 bytes leftover after parsing attributes in process `syz.3.835'. [ 569.651887][ T9491] netlink: 20 bytes leftover after parsing attributes in process `syz.1.844'. [ 569.763064][ T9491] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0 [ 571.794807][ T9499] Bluetooth: hci3: command 0x0406 tx timeout [ 573.926153][ T9534] tipc: Enabling of bearer rejected, failed to enable media [ 574.482109][ T5819] IPVS: starting estimator thread 0... [ 574.586082][ T9541] IPVS: using max 19 ests per chain, 45600 per kthread [ 580.210952][ T9579] netlink: 'syz.0.865': attribute type 1 has an invalid length. [ 580.398224][ T9584] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 580.430928][ T9584] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 582.193520][ T9579] bond1: (slave bridge1): Enslaving as an active interface with a down link [ 582.345776][ T9579] bond1: (slave gretap1): making interface the new active one [ 582.359191][ T9579] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 583.577047][ T9584] macvlan2: entered promiscuous mode [ 583.634331][ T9584] macvlan2: entered allmulticast mode [ 583.673827][ T9584] bond1: entered promiscuous mode [ 583.694859][ T9584] gretap1: entered promiscuous mode [ 583.728035][ T9584] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 583.786675][ T9584] bond1: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap1 [ 583.846254][ T9584] bond1: left promiscuous mode [ 583.851102][ T9584] gretap1: left promiscuous mode [ 591.366912][ T9647] loop3: detected capacity change from 0 to 4096 [ 591.931489][ T9647] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 595.895938][ T9667] netlink: 12 bytes leftover after parsing attributes in process `syz.3.883'. [ 598.204842][ T9678] (null): rxe_set_mtu: Set mtu to 1024 [ 598.332364][ T9678] infiniband : set active [ 598.338023][ T9678] infiniband : added veth0_vlan [ 598.385279][ T9678] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR [ 598.391123][ T9678] infiniband : Couldn't open port 1 [ 598.431890][ T9678] RDS/IB: : added [ 598.435754][ T9678] smc: adding ib device  with port count 1 [ 598.441697][ T9678] smc: ib device  port 1 has pnetid [ 601.197532][ T9698] loop3: detected capacity change from 0 to 1024 [ 601.369467][ T9700] blktrace: Concurrent blktraces are not allowed on loop4 [ 601.398488][ T9700] relay: one or more items not logged [item size (56) > sub-buffer size (14)] [ 602.174574][ T9702] hfsplus: xattr search failed [ 602.423854][ T1297] hfsplus: b-tree write err: -5, ino 4 [ 607.719383][ T9753] netlink: 28 bytes leftover after parsing attributes in process `syz.3.902'. [ 612.430607][ T9776] loop3: detected capacity change from 0 to 512 [ 612.465411][ T9776] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 612.502917][ T9776] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 612.536545][ T9776] ext4 filesystem being mounted at /202/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 613.651627][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 614.065270][ T9796] capability: warning: `syz.1.911' uses deprecated v2 capabilities in a way that may be insecure [ 614.939939][ T9803] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode [ 616.150835][ T9806] orangefs_mount: mount request failed with -4 [ 617.828610][ T9820] loop3: detected capacity change from 0 to 4096 [ 618.525376][ T9826] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 619.902449][ T9833] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=12) [ 619.931013][ T9833] Remounting filesystem read-only [ 620.142829][ T5774] NILFS (loop3): discard dirty page: offset=0, ino=6 [ 620.162209][ T5774] NILFS (loop3): discard dirty block: blocknr=23, size=4096 [ 620.171373][ T5774] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 620.185937][ T5774] NILFS (loop3): discard dirty block: blocknr=24, size=4096 [ 620.193327][ T5774] NILFS (loop3): discard dirty page: offset=8192, ino=6 [ 620.203847][ T5774] NILFS (loop3): discard dirty block: blocknr=25, size=4096 [ 625.687971][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 625.694339][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.443068][ T9876] xt_ecn: cannot match TCP bits for non-tcp packets [ 628.908197][ T9894] loop3: detected capacity change from 0 to 512 [ 628.944760][ T9894] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 629.016393][ T9894] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 629.060687][ T9894] ext4 filesystem being mounted at /210/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 632.202636][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 634.123848][ T9933] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 637.413146][ T9977] loop3: detected capacity change from 0 to 256 [ 637.462482][ T9977] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xecc0b056, utbl_chksum : 0xe619d30d) [ 640.921793][ T9999] loop3: detected capacity change from 0 to 512 [ 641.600261][ T9999] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 641.644398][ T9999] EXT4-fs (loop3): 1 truncate cleaned up [ 641.651630][ T9999] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 642.084795][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 643.304682][ T27] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 644.834740][ T27] usb 4-1: Using ep0 maxpacket: 16 [ 644.845603][ T27] usb 4-1: config 0 has an invalid interface number: 180 but max is 0 [ 644.858688][ T27] usb 4-1: config 0 has no interface number 0 [ 644.869077][ T27] usb 4-1: New USB device found, idVendor=0421, idProduct=0114, bcdDevice=11.72 [ 644.883455][ T27] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 644.892031][ T27] usb 4-1: Product: syz [ 644.901397][ T27] usb 4-1: Manufacturer: syz [ 644.906636][ T27] usb 4-1: SerialNumber: syz [ 645.045290][ T27] usb 4-1: config 0 descriptor?? [ 645.085164][ T27] usb 4-1: bad CDC descriptors [ 645.108677][ T27] usb 4-1: bad CDC descriptors [ 645.976210][ T8] usb 4-1: USB disconnect, device number 2 [ 647.553648][ T9499] Bluetooth: hci0: unexpected Set CIG Parameters response data [ 648.424433][ T9499] Bluetooth: hci0: unexpected event for opcode 0x2062 [ 650.951415][T10078] netlink: 12 bytes leftover after parsing attributes in process `syz.3.977'. [ 652.378863][T10093] netlink: 32 bytes leftover after parsing attributes in process `syz.3.978'. [ 653.455572][ T9499] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 653.465914][ T9499] Bluetooth: hci0: Injecting HCI hardware error event [ 653.489788][ T5783] Bluetooth: hci0: hardware error 0x00 [ 655.585223][ T5783] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 659.915233][T10145] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 660.373478][ T28] kauditd_printk_skb: 23 callbacks suppressed [ 660.373496][ T28] audit: type=1326 audit(1771017398.562:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10170 comm="syz.1.995" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f473179bf79 code=0x0 [ 667.280012][T10219] loop3: detected capacity change from 0 to 512 [ 667.521965][T10219] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a802c01c, mo2=0002] [ 668.334766][T10219] System zones: 0-7 [ 668.370097][T10219] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 668.398593][T10226] Invalid ELF header magic: != ELF [ 668.936248][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 669.122659][T10239] loop3: detected capacity change from 0 to 2048 [ 669.189695][T10239] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 670.481117][T10254] dvmrp1: entered allmulticast mode [ 672.135959][ T5783] Bluetooth: Frame is too long (len 18, expected len 4) [ 674.767180][ T5783] Bluetooth: hci3: unexpected Set CIG Parameters response data [ 674.785602][ T5783] Bluetooth: hci3: unexpected event for opcode 0x2062 [ 677.704881][T10294] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 677.713798][T10294] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 677.722314][T10294] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 679.780393][ T5783] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 679.795965][ T5783] Bluetooth: hci3: Injecting HCI hardware error event [ 679.805038][ T9499] Bluetooth: hci3: hardware error 0x00 [ 679.961973][T10306] overlayfs: bad index found (index=index/00fb210001c41462f2812a4e2aa2b25f21194b21497d606c81ef04000000000000, ftype=2000, origin ftype=a000). [ 680.572429][T10308] loop3: detected capacity change from 0 to 4096 [ 680.595565][T10308] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512). [ 681.887516][ T9499] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 683.870509][ T78] ntfs3: loop3: ino=1e, ntfs3_write_inode failed, -22. [ 686.194155][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.204580][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 692.434078][T10376] dvmrp1: entered allmulticast mode [ 693.560189][T10380] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1046'. [ 693.580307][T10381] IPVS: sync thread started: state = MASTER, mcast_ifn = vcan0, syncid = 0, id = 0 [ 698.937605][T10433] loop3: detected capacity change from 0 to 32768 [ 699.229576][T10433] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 699.870530][T10433] XFS (loop3): Ending clean mount [ 699.892545][T10433] XFS (loop3): Quotacheck needed: Please wait. [ 700.056159][T10433] XFS (loop3): Quotacheck: Done. [ 700.781519][T10451] dvmrp1: entered allmulticast mode [ 701.220553][ T5774] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 706.769107][T10484] orangefs_mount: mount request failed with -4 [ 736.039021][T10669] IPVS: sync thread started: state = MASTER, mcast_ifn = vcan0, syncid = 0, id = 0 [ 736.050361][T10665] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1092'. [ 743.736475][T10707] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1110'. [ 746.227086][ T5783] Bluetooth: hci2: command 0x0406 tx timeout [ 749.926094][T10728] ip6t_rpfilter: unknown options [ 751.082363][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 751.091522][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 751.649638][T10737] xt_l2tp: v2 sid > 0xffff: 1114112 [ 753.052683][ T8] IPVS: starting estimator thread 0... [ 753.165647][T10744] IPVS: using max 28 ests per chain, 67200 per kthread [ 757.370448][ T786] IPVS: starting estimator thread 0... [ 757.518988][T10777] IPVS: using max 20 ests per chain, 48000 per kthread [ 758.671080][ T23] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 758.895642][ T23] usb 4-1: Using ep0 maxpacket: 16 [ 758.933546][ T23] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 759.311766][ T23] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 23 [ 760.439539][ T23] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 760.481772][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 760.503405][ T23] usb 4-1: SerialNumber: syz [ 761.955218][T10795] overlayfs: missing 'lowerdir' [ 763.165742][ T23] cdc_acm 4-1:1.0: skipping garbage [ 763.171060][ T23] cdc_acm 4-1:1.0: Control and data interfaces are not separated! [ 763.207502][ T23] cdc_acm 4-1:1.0: This needs exactly 3 endpoints [ 763.214171][ T23] cdc_acm: probe of 4-1:1.0 failed with error -22 [ 763.395525][ T23] usb 4-1: USB disconnect, device number 3 [ 770.646453][T10842] wg2 speed is unknown, defaulting to 1000 [ 781.084258][T10876] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1148'. [ 782.715145][ T9499] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 782.726227][ T9499] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 782.734958][ T9499] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 782.745387][ T9499] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 782.757142][ T9499] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 782.764729][ T9499] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 782.827662][T10889] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1151'. [ 782.957439][T10889] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 782.966850][T10889] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 782.975827][T10889] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 782.984702][T10889] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 783.217768][T10889] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1151'. [ 783.267662][T10891] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1151'. [ 783.290264][T10891] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1151'. [ 784.192538][ T8083] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 785.055935][T10899] ip6t_rpfilter: unknown options [ 785.385692][ T9499] Bluetooth: hci4: command tx timeout [ 785.445391][ T8083] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 785.489426][T10886] wg2 speed is unknown, defaulting to 1000 [ 785.501534][T10901] netlink: 'syz.3.1154': attribute type 10 has an invalid length. [ 785.613730][ T8083] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 785.654477][ T8083] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 785.744356][T10901] 8021q: adding VLAN 0 to HW filter on device bond2 [ 785.778691][T10904] bond_slave_0: entered promiscuous mode [ 785.784983][T10904] bond_slave_1: entered promiscuous mode [ 785.790808][T10904] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 785.800793][T10904] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 785.811534][T10904] bond2: (slave macvlan3): Enslaving as a backup interface with an up link [ 785.910218][ T8083] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 785.931545][ T8083] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 786.153717][ T8083] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 786.209808][ T8083] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 787.610561][ T5783] Bluetooth: hci4: command tx timeout [ 791.320009][ T9499] Bluetooth: hci4: command tx timeout [ 793.429084][T10886] chnl_net:caif_netlink_parms(): no params data found [ 793.514285][ T9499] Bluetooth: hci4: command tx timeout [ 794.038135][T10886] bridge0: port 1(bridge_slave_0) entered blocking state [ 794.045381][T10886] bridge0: port 1(bridge_slave_0) entered disabled state [ 794.064593][T10886] bridge_slave_0: entered allmulticast mode [ 794.089356][T10886] bridge_slave_0: entered promiscuous mode [ 794.137448][T10886] bridge0: port 2(bridge_slave_1) entered blocking state [ 794.145019][T10886] bridge0: port 2(bridge_slave_1) entered disabled state [ 794.152293][T10886] bridge_slave_1: entered allmulticast mode [ 794.160201][T10886] bridge_slave_1: entered promiscuous mode [ 798.352106][ T8083] dvmrp1 (unregistering): left allmulticast mode [ 798.402952][T10886] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 798.542020][T10886] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 798.709735][T10886] team0: Port device team_slave_0 added [ 799.497228][T10886] team0: Port device team_slave_1 added [ 799.583555][T10980] infiniband syz2: set active [ 799.670387][ T27] wg2 speed is unknown, defaulting to 1000 [ 800.269104][T10886] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 800.308735][T10886] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 800.404187][T10886] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 800.498530][T10886] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 800.513919][T10886] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 800.599420][T10886] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 800.723622][T10994] loop3: detected capacity change from 0 to 512 [ 800.770952][T10994] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 800.912245][T10994] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 800.979375][T10886] hsr_slave_0: entered promiscuous mode [ 801.000507][T10994] ext4 filesystem being mounted at /261/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 801.056915][T10886] hsr_slave_1: entered promiscuous mode [ 801.166657][T10886] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 801.174360][T10886] Cannot create hsr debugfs directory [ 802.534645][ T8083] dummy0: left promiscuous mode [ 802.562266][ T8083] team0: left promiscuous mode [ 802.575906][ T8083] vxlan0: left promiscuous mode [ 802.675239][ T8083] hsr_slave_0: left promiscuous mode [ 802.681899][ T8083] hsr_slave_1: left promiscuous mode [ 803.708256][ T8083] veth1_macvtap: left promiscuous mode [ 803.718209][ T8083] veth0_macvtap: left promiscuous mode [ 803.726723][ T8083] veth1_vlan: left promiscuous mode [ 803.732878][ T8083] veth0_vlan: left promiscuous mode [ 803.796237][ T8083] infiniband : set down [ 804.581374][ T8083] team0 (unregistering): Port device vxlan0 removed [ 805.206348][T11035] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 805.882372][ T8084] smc: removing ib device  [ 806.338032][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 811.321374][ T8083] bond0 (unregistering): Released all slaves [ 811.633984][ T5819] infiniband : ib_query_port failed (-19) [ 811.848165][T11025] netlink: 'syz.2.1170': attribute type 10 has an invalid length. [ 812.255649][T11025] syz_tun: entered promiscuous mode [ 812.266077][T11025] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 812.312270][T11026] bond1: option mode: unable to set because the bond device has slaves [ 812.364773][T11027] bond1: (slave macvlan3): Error -98 calling set_mac_address [ 814.307821][ T8085] bond1: (slave macvlan2): link status definitely up, 10000 Mbps full duplex [ 814.368211][ T8085] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 814.401875][ T8085] bond1: active interface up! [ 815.865417][T10886] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 815.899161][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 815.916771][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 816.708192][T10886] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 816.938152][T11086] loop3: detected capacity change from 0 to 40427 [ 816.957880][T11086] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 816.966232][T11086] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 816.990286][T11086] F2FS-fs (loop3): invalid crc value [ 817.078323][T11086] F2FS-fs (loop3): Found nat_bits in checkpoint [ 817.256819][T10886] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 817.296431][T11086] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 817.303745][T11086] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 817.651433][T10886] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 818.425308][ T8083] IPVS: stop unused estimator thread 0... [ 818.820974][T10886] 8021q: adding VLAN 0 to HW filter on device bond0 [ 818.873034][T10886] 8021q: adding VLAN 0 to HW filter on device team0 [ 818.893837][ T2928] bridge0: port 1(bridge_slave_0) entered blocking state [ 818.901082][ T2928] bridge0: port 1(bridge_slave_0) entered forwarding state [ 818.937739][ T2928] bridge0: port 2(bridge_slave_1) entered blocking state [ 818.945006][ T2928] bridge0: port 2(bridge_slave_1) entered forwarding state [ 819.090878][T10886] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 819.101650][T10886] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 820.532095][T10886] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 825.833944][T10886] veth0_vlan: entered promiscuous mode [ 826.986971][ T9499] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 826.997257][ T9499] Bluetooth: hci1: Injecting HCI hardware error event [ 827.006800][ T9499] Bluetooth: hci1: hardware error 0x00 [ 827.084781][T10886] veth1_vlan: entered promiscuous mode [ 827.406343][T11164] loop3: detected capacity change from 0 to 32768 [ 827.497119][T10886] veth0_macvtap: entered promiscuous mode [ 827.524018][T10886] veth1_macvtap: entered promiscuous mode [ 827.603115][T10886] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 827.628184][T10886] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 827.664365][T10886] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 827.697392][T10886] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 827.726347][T10886] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 827.753033][T10886] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 827.790141][T10886] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.822134][T10886] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.831497][T10886] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.854278][T10886] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 828.196051][T11133] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 828.225263][T11133] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 828.276537][ T2979] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 828.302514][ T2979] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 829.304180][ T9499] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 832.201308][T11198] wireguard0: entered promiscuous mode [ 832.227997][T11198] wireguard0: entered allmulticast mode [ 832.356961][T11208] tmpfs: Bad value for 'mpol' [ 841.559472][T11288] loop3: detected capacity change from 0 to 512 [ 841.772147][T11288] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 841.866968][T11288] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 842.264011][T11288] ext4 filesystem being mounted at /276/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 844.647339][T11314] overlayfs: failed to clone upperpath [ 845.295574][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 845.703381][T11319] loop4: detected capacity change from 0 to 40427 [ 845.843621][T11319] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 845.851464][T11319] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 845.876767][T11319] F2FS-fs (loop4): invalid crc value [ 845.947605][T11319] F2FS-fs (loop4): Found nat_bits in checkpoint [ 846.007641][T11319] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 846.014875][T11319] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 850.314489][T11351] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1219'. [ 851.949286][T11358] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1219'. [ 855.511609][T11388] netlink: 'syz.4.1226': attribute type 13 has an invalid length. [ 855.522951][T11388] netlink: 'syz.4.1226': attribute type 17 has an invalid length. [ 856.098845][T11388] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 860.219157][T11428] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1233'. [ 866.530121][T11464] Error parsing options; rc = [-22] [ 866.879174][T11464] loop3: detected capacity change from 0 to 64 [ 868.488329][T11469] random: crng reseeded on system resumption [ 876.162041][T11518] smc: net device bond0 applied user defined pnetid SYZ2 [ 876.810397][T11525] loop3: detected capacity change from 0 to 512 [ 876.917801][T11525] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 876.951934][T11528] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1252'. [ 877.020970][T11525] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 877.081754][T11525] ext4 filesystem being mounted at /286/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 877.286128][T11528] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1252'. [ 881.589385][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 881.600873][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 881.754574][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 882.593902][ T9499] Bluetooth: hci2: unexpected event for opcode 0x2006 [ 883.738521][T11601] ceph: No source [ 883.745754][T11601] kAFS: unable to lookup cell '\/' [ 884.318786][T11590] 9pnet_virtio: no channels available for device syz [ 888.108725][T11635] loop3: detected capacity change from 0 to 128 [ 888.664514][T11650] unsupported nlmsg_type 40 [ 889.379943][T11656] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2 [ 889.421731][T11656] netdevsim netdevsim4: Falling back to sysfs fallback for: ./file0 [ 891.731619][T11688] ceph: No source [ 891.737712][T11688] kAFS: unable to lookup cell '\/' [ 895.717008][T11712] loop3: detected capacity change from 0 to 512 [ 895.875671][T11712] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 896.525553][ T5826] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 897.184315][T11712] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 897.321978][ T5826] usb 5-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66 [ 897.666918][T11712] ext4 filesystem being mounted at /295/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 897.679996][ T5826] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 898.883144][ T5826] usb 5-1: Product: syz [ 898.887383][ T5826] usb 5-1: Manufacturer: syz [ 899.081625][ T5826] usb 5-1: SerialNumber: syz [ 899.521551][ T5826] usb 5-1: config 0 descriptor?? [ 899.576582][ T5826] usb 5-1: can't set config #0, error -71 [ 899.690516][ T5826] usb 5-1: USB disconnect, device number 2 [ 899.907343][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 902.635143][T11762] Error parsing options; rc = [-22] [ 905.430704][T11792] loop3: detected capacity change from 0 to 512 [ 905.508990][T11792] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 905.616562][T11792] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 905.649018][T11792] ext4 filesystem being mounted at /299/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 907.507908][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 907.764802][T11812] loop4: detected capacity change from 0 to 32768 [ 907.782195][T11812] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.1303 (11812) [ 907.822561][T11812] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 907.837610][T11812] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 907.846394][T11812] BTRFS info (device loop4): using free space tree [ 908.018928][T11812] BTRFS info (device loop4): enabling ssd optimizations [ 908.025960][T11812] BTRFS info (device loop4): auto enabling async discard [ 911.536118][ T5857] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 911.772356][ T5857] usb 4-1: no configurations [ 911.777048][ T5857] usb 4-1: can't read configurations, error -22 [ 912.446795][ T5857] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 914.055069][T10886] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 914.135200][ T5857] usb 4-1: no configurations [ 914.146117][ T5857] usb 4-1: can't read configurations, error -22 [ 914.163244][ T5857] usb usb4-port1: attempt power cycle [ 914.977764][ T5857] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 915.385699][ T5857] usb 4-1: device not accepting address 6, error -71 [ 915.487808][T11880] loop3: detected capacity change from 0 to 512 [ 915.645346][T11880] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 915.723280][T11880] EXT4-fs (loop3): invalid journal inode [ 915.784756][T11880] EXT4-fs (loop3): can't get journal size [ 916.468633][T11880] EXT4-fs (loop3): 1 truncate cleaned up [ 917.085696][T11871] Bluetooth: hci4: command 0x0406 tx timeout [ 917.446789][T11880] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 918.887048][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 923.079465][T11945] smc: net device bond0 applied user defined pnetid SYZ2 [ 926.218373][T11963] IPVS: wrr: FWM 3 0x00000003 - no destination available [ 926.226992][ C0] IPVS: wrr: FWM 3 0x00000003 - no destination available [ 926.637761][T11966] random: crng reseeded on system resumption [ 928.529532][T11982] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1329'. [ 928.545713][T11982] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1329'. [ 930.649278][T11996] loop4: detected capacity change from 0 to 512 [ 930.699346][T11996] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 930.776621][T11996] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 930.836808][T11996] ext4 filesystem being mounted at /33/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 933.154011][T12021] smc: net device bond0 applied user defined pnetid SYZ2 [ 934.104301][T10886] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 935.561436][T12035] loop4: detected capacity change from 0 to 128 [ 936.608825][T12041] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1341'. [ 936.922567][T12042] nbd0: detected capacity change from 0 to 127 [ 936.996290][T12047] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1340'. [ 937.124162][ T9499] block nbd0: Receive control failed (result -104) [ 937.540223][T12063] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT [ 939.724561][ T28] audit: type=1326 audit(1771017662.900:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12077 comm="syz.4.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe324b9bf79 code=0x7ffc0000 [ 939.957123][ T28] audit: type=1326 audit(1771017662.900:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12077 comm="syz.4.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe324b9bf79 code=0x7ffc0000 [ 939.994410][ T28] audit: type=1326 audit(1771017662.928:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12077 comm="syz.4.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=448 compat=0 ip=0x7fe324b9bf79 code=0x7ffc0000 [ 940.819593][ T28] audit: type=1326 audit(1771017662.928:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12077 comm="syz.4.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe324b9bf79 code=0x7ffc0000 [ 940.867958][ T28] audit: type=1326 audit(1771017662.937:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12077 comm="syz.4.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe324b9bf79 code=0x7ffc0000 [ 941.594958][ T28] audit: type=1326 audit(1771017662.937:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12077 comm="syz.4.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe324b9d807 code=0x7ffc0000 [ 941.741856][ T28] audit: type=1326 audit(1771017662.937:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12077 comm="syz.4.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fe324b5c84e code=0x7ffc0000 [ 941.772967][ T28] audit: type=1326 audit(1771017662.937:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12077 comm="syz.4.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fe324b5c84e code=0x7ffc0000 [ 941.914057][ T28] audit: type=1326 audit(1771017662.937:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12077 comm="syz.4.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fe324b5c84e code=0x7ffc0000 [ 941.936699][ T28] audit: type=1326 audit(1771017662.937:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12077 comm="syz.4.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fe324b5c84e code=0x7ffc0000 [ 944.411761][T12119] random: crng reseeded on system resumption [ 946.084796][T12115] wg2 speed is unknown, defaulting to 1000 [ 947.204195][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 947.211104][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 949.600004][T12159] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 949.609427][T12159] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 949.618380][T12159] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 949.627398][T12159] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 949.636461][T12159] geneve2: entered promiscuous mode [ 949.641868][T12159] geneve2: entered allmulticast mode [ 952.043706][T12180] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1368'. [ 953.882627][T12195] virtio-fs: tag not found [ 954.899948][T12209] smc: net device bond0 applied user defined pnetid SYZ2 [ 955.211430][T12213] SET target dimension over the limit! [ 955.752247][T12220] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1381'. [ 955.790696][T12220] gtp0: entered promiscuous mode [ 955.795816][T12220] gtp0: entered allmulticast mode [ 959.618090][T12227] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 959.627088][T12227] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 959.635935][T12227] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 959.644784][T12227] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 959.653657][T12227] geneve2: entered promiscuous mode [ 959.658917][T12227] geneve2: entered allmulticast mode [ 959.838750][T12233] loop4: detected capacity change from 0 to 8 [ 959.990261][T12233] SQUASHFS error: Failed to read block 0x4de: -5 [ 960.013245][T12233] SQUASHFS error: Failed to read block 0x4de: -5 [ 960.223494][ T28] kauditd_printk_skb: 30 callbacks suppressed [ 960.223552][ T28] audit: type=1800 audit(1771017682.020:105): pid=12233 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1377" name="file1" dev="loop4" ino=5 res=0 errno=0 [ 960.350068][T12235] SQUASHFS error: Failed to read block 0x4de: -5 [ 960.358457][T12235] SQUASHFS error: Failed to read block 0x4de: -5 [ 960.365599][T12235] SQUASHFS error: Failed to read block 0x4de: -5 [ 960.372226][T12235] SQUASHFS error: Failed to read block 0x4de: -5 [ 965.310241][T12263] gtp0: entered promiscuous mode [ 965.315319][T12263] gtp0: entered allmulticast mode [ 970.344839][T12278] mmap: syz.2.1386 (12278) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 970.533966][ T55] block nbd0: Possible stuck request ffff888022518000: control (read@0,1024B). Runtime 30 seconds [ 970.548295][ T55] block nbd0: Possible stuck request ffff888022528000: control (read@1024,3072B). Runtime 30 seconds [ 970.954341][T12275] syz.3.1387 uses old SIOCAX25GETINFO [ 971.996841][T12286] loop4: detected capacity change from 0 to 764 [ 973.804726][T12301] gtp0: entered promiscuous mode [ 973.810103][T12301] gtp0: entered allmulticast mode [ 975.079188][T12317] loop4: detected capacity change from 0 to 32768 [ 975.208028][T12320] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT [ 975.938619][T12324] wg2 speed is unknown, defaulting to 1000 [ 976.721792][T12317] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 976.759494][T12317] XFS (loop4): Ending clean mount [ 976.776970][T12317] XFS (loop4): Quotacheck needed: Please wait. [ 976.930555][T12317] XFS (loop4): Quotacheck: Done. [ 977.256201][T12337] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1398'. [ 977.265443][T12337] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1398'. [ 977.805610][T10886] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 981.257931][T12369] gtp1: entered promiscuous mode [ 981.263374][T12369] gtp1: entered allmulticast mode [ 982.003635][T12368] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1407'. [ 982.059011][T12368] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1407'. [ 982.119976][T12378] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1412'. [ 983.377397][T12386] binder: 12377:12386 ioctl 0 200000000040 returned -22 [ 984.064039][T12379] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1410'. [ 985.026017][T12398] tipc: Can't bind to reserved service type 0 [ 985.653528][T12407] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth0_to_bond, syncid = 0, id = 0 [ 986.396057][T12415] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1420'. [ 986.936895][T12424] SET target dimension over the limit! [ 986.947433][T11161] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 987.071427][T12429] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1424'. [ 988.711369][T11161] usb 4-1: Using ep0 maxpacket: 8 [ 988.735269][T11161] usb 4-1: config 0 has an invalid interface number: 107 but max is 0 [ 988.747212][T11161] usb 4-1: config 0 has no interface number 0 [ 988.753971][T11161] usb 4-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice=54.48 [ 988.779053][T11161] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 988.816878][T11161] usb 4-1: config 0 descriptor?? [ 989.016565][ T27] usb 4-1: USB disconnect, device number 8 [ 994.220376][T12536] (null): rxe_set_mtu: Set mtu to 1024 [ 994.873886][T12536] infiniband !yz!: set down [ 994.878552][T12536] infiniband !yz!: added team_slave_0 [ 995.151621][T12536] RDS/IB: !yz!: added [ 995.155747][T12536] smc: adding ib device !yz! with port count 1 [ 995.162050][T12536] smc: ib device !yz! port 1 has pnetid [ 998.513195][T12563] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1430'. [ 999.278432][T12565] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1438'. [ 1002.098756][T12581] xt_bpf: check failed: parse error [ 1004.070236][ T5140] udevd[5140]: worker [11645] /devices/virtual/block/nbd0 is taking a long time [ 1005.409236][T12580] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 1005.730824][ T55] block nbd0: Possible stuck request ffff888022518000: control (read@0,1024B). Runtime 60 seconds [ 1005.751298][ T55] block nbd0: Possible stuck request ffff888022528000: control (read@1024,3072B). Runtime 60 seconds [ 1007.201976][ T27] libceph: connect (1)[c::]:6789 error -101 [ 1007.208833][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 1008.716110][T12597] ceph: No mds server is up or the cluster is laggy [ 1008.723819][ T27] libceph: connect (1)[c::]:6789 error -101 [ 1008.730038][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 1009.446942][T12617] tipc: Started in network mode [ 1009.452037][T12617] tipc: Node identity 4, cluster identity 4711 [ 1009.458286][T12617] tipc: Node number set to 4 [ 1010.486537][T12624] loop4: detected capacity change from 0 to 2048 [ 1010.534487][T12624] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1012.978272][T12645] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1457'. [ 1012.988006][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 1012.994695][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 1014.640524][T12659] loop4: detected capacity change from 0 to 256 [ 1014.648048][T12659] exfat: Deprecated parameter 'utf8' [ 1014.919348][T12659] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 1016.690387][ T8] libceph: connect (1)[c::]:6789 error -101 [ 1016.698210][ T8] libceph: mon0 (1)[c::]:6789 connect error [ 1016.851849][T12660] ceph: No mds server is up or the cluster is laggy [ 1019.352010][T12689] block device autoloading is deprecated and will be removed. [ 1020.959476][T12709] tty tty29: ldisc open failed (-12), clearing slot 28 [ 1027.444340][T12746] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(10) [ 1027.451602][T12746] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1027.502702][T12746] vhci_hcd vhci_hcd.0: Device attached [ 1027.529116][T12749] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(13) [ 1027.535807][T12749] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1027.566158][T12749] vhci_hcd vhci_hcd.0: Device attached [ 1027.589293][T12752] vhci_hcd vhci_hcd.0: pdev(4) rhport(2) sockfd(12) [ 1027.596427][T12752] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 1027.659444][T12746] vhci_hcd vhci_hcd.0: pdev(4) rhport(3) sockfd(15) [ 1027.666139][T12746] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1027.668606][T12752] vhci_hcd vhci_hcd.0: Device attached [ 1027.703170][T12746] vhci_hcd vhci_hcd.0: Device attached [ 1027.796534][ T8197] usb 41-1: new low-speed USB device number 2 using vhci_hcd [ 1028.216431][T12746] vhci_hcd vhci_hcd.0: pdev(4) rhport(4) sockfd(17) [ 1028.217660][T12752] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 1028.223097][T12746] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1028.278431][T12752] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 1028.298716][T12752] vhci_hcd vhci_hcd.0: pdev(4) rhport(7) sockfd(28) [ 1028.305480][T12752] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1028.336613][T12746] vhci_hcd vhci_hcd.0: Device attached [ 1028.342401][T12749] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(21) [ 1028.349056][T12749] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 1028.379726][T12752] vhci_hcd vhci_hcd.0: Device attached [ 1028.399463][T12765] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 1028.427175][T12749] vhci_hcd vhci_hcd.0: Device attached [ 1028.611364][T12757] vhci_hcd: connection closed [ 1028.613778][T12747] vhci_hcd: connection reset by peer [ 1028.624302][T12755] vhci_hcd: connection closed [ 1028.624500][T12750] vhci_hcd: connection closed [ 1028.629376][T12753] vhci_hcd: connection closed [ 1028.638100][T10576] vhci_hcd: stop threads [ 1028.664200][T10576] vhci_hcd: release socket [ 1028.667614][T12762] vhci_hcd: connection closed [ 1028.694781][T10576] vhci_hcd: disconnect device [ 1028.720943][T12761] vhci_hcd: connection closed [ 1028.730633][T10576] vhci_hcd: stop threads [ 1028.756931][T10576] vhci_hcd: release socket [ 1028.777708][T10576] vhci_hcd: disconnect device [ 1028.801237][T10576] vhci_hcd: stop threads [ 1028.805574][T10576] vhci_hcd: release socket [ 1028.810139][T10576] vhci_hcd: disconnect device [ 1028.823415][T10576] vhci_hcd: stop threads [ 1028.833557][T10576] vhci_hcd: release socket [ 1028.845791][T10576] vhci_hcd: disconnect device [ 1028.861590][T10576] vhci_hcd: stop threads [ 1028.872183][T10576] vhci_hcd: release socket [ 1028.887081][T10576] vhci_hcd: disconnect device [ 1028.903007][T10576] vhci_hcd: stop threads [ 1028.913582][T10576] vhci_hcd: release socket [ 1028.924400][T10576] vhci_hcd: disconnect device [ 1029.247461][T10576] vhci_hcd: stop threads [ 1029.287398][T10576] vhci_hcd: release socket [ 1029.295473][T10576] vhci_hcd: disconnect device [ 1030.583674][T12780] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1482'. [ 1030.597955][T12780] gtp1: entered promiscuous mode [ 1030.603054][T12780] gtp1: entered allmulticast mode [ 1031.917309][T12787] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1491'. [ 1031.953205][T12787] gtp2: entered promiscuous mode [ 1031.958452][T12787] gtp2: entered allmulticast mode [ 1033.438086][T12797] cgroup2: Unknown parameter 'memory_hugetlb_accounting' [ 1034.114429][ T8197] vhci_hcd: vhci_device speed not set [ 1037.037679][T12818] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 1038.421689][ T55] block nbd0: Possible stuck request ffff888022518000: control (read@0,1024B). Runtime 90 seconds [ 1038.443329][ T55] block nbd0: Possible stuck request ffff888022528000: control (read@1024,3072B). Runtime 90 seconds [ 1039.148386][ T5819] usb usb42-port1: attempt power cycle [ 1041.213372][ T5819] usb usb42-port1: unable to enumerate USB device [ 1046.992815][T12878] loop3: detected capacity change from 0 to 2048 [ 1047.091571][T12878] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1053.135005][T12910] netlink: 'syz.3.1512': attribute type 10 has an invalid length. [ 1053.171118][T12910] mac80211_hwsim hwsim7 wlan1: entered promiscuous mode [ 1053.214327][T12910] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1053.495511][T12917] o2cb: This node has not been configured. [ 1053.502416][T12917] o2cb: Cluster check failed. Fix errors before retrying. [ 1053.510210][T12917] (syz.0.1514,12917,0):user_dlm_register:674 ERROR: status = -22 [ 1053.518457][T12917] (syz.0.1514,12917,0):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file0" [ 1053.536807][T12917] o2cb: This node has not been configured. [ 1053.542910][T12917] o2cb: Cluster check failed. Fix errors before retrying. [ 1053.550772][T12917] (syz.0.1514,12917,0):user_dlm_register:674 ERROR: status = -22 [ 1053.558754][T12917] (syz.0.1514,12917,0):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file1" [ 1057.390470][ T8197] libceph: connect (1)[c::]:6789 error -101 [ 1057.768817][T12930] ceph: No mds server is up or the cluster is laggy [ 1057.850536][ T8197] libceph: mon0 (1)[c::]:6789 connect error [ 1059.778733][ T28] audit: type=1326 audit(1771017774.980:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12955 comm="syz.0.1520" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbf2cf9bf79 code=0x0 [ 1063.743384][T12967] futex_wake_op: syz.0.1522 tries to shift op by -1; fix this program [ 1067.240401][T10367] bond0: (slave syz_tun): Releasing backup interface [ 1067.262208][T12520] bond1: (slave macvlan2): speed changed to 0 on port 1 [ 1067.383637][T12520] bond1: (slave macvlan2): link status definitely down, disabling slave [ 1067.441520][T12520] bond1: now running without any active interface! [ 1068.594865][T10576] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1068.613669][ T8011] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 1068.704329][T13000] loop3: detected capacity change from 0 to 64 [ 1069.652764][ T8011] usb 5-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66 [ 1069.665176][T10576] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1069.683513][ T8011] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1069.710975][ T8011] usb 5-1: Product: syz [ 1069.717716][ T8011] usb 5-1: Manufacturer: syz [ 1069.761983][T11871] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1069.773768][T11871] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1069.783265][T11871] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1069.792946][T11871] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1069.802805][T11871] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1069.810432][T11871] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1069.882527][T13003] wg2 speed is unknown, defaulting to 1000 [ 1069.969858][ T8011] usb 5-1: SerialNumber: syz [ 1070.026535][ T8011] usb 5-1: config 0 descriptor?? [ 1070.048664][ T8011] snd-usb-audio: probe of 5-1:0.0 failed with error -22 [ 1070.721242][T10576] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1070.757990][ T8011] usb 5-1: USB disconnect, device number 3 [ 1071.362014][T10576] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1072.858785][T12835] block nbd0: Possible stuck request ffff888022518000: control (read@0,1024B). Runtime 120 seconds [ 1072.876159][T12835] block nbd0: Possible stuck request ffff888022528000: control (read@1024,3072B). Runtime 120 seconds [ 1072.890908][ T9499] Bluetooth: hci0: command tx timeout [ 1075.313421][ T9499] Bluetooth: hci0: command tx timeout [ 1077.741044][ T9499] Bluetooth: hci0: command tx timeout [ 1078.573612][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 1078.592201][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 1079.457769][T13043] ceph: No mds server is up or the cluster is laggy [ 1079.530517][ T8011] libceph: connect (1)[c::]:6789 error -101 [ 1079.648612][ T8011] libceph: mon0 (1)[c::]:6789 connect error [ 1079.945209][T11871] Bluetooth: hci0: command tx timeout [ 1080.483640][T11161] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 1080.891268][T11161] usb 4-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66 [ 1081.006490][T11161] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1081.096409][T11161] usb 4-1: Product: syz [ 1081.103607][T11161] usb 4-1: Manufacturer: syz [ 1081.324092][T11161] usb 4-1: SerialNumber: syz [ 1081.493464][T11161] usb 4-1: config 0 descriptor?? [ 1081.816357][T11161] usb 4-1: can't set config #0, error -71 [ 1081.854777][T11161] usb 4-1: USB disconnect, device number 9 [ 1083.635552][T13069] loop3: detected capacity change from 0 to 128 [ 1084.303428][T11871] Bluetooth: hci4: unexpected event for opcode 0x040d [ 1084.594464][T13069] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 54) [ 1084.603478][T13069] FAT-fs (loop3): Filesystem has been set read-only [ 1085.991825][T10576] bond2: (slave ip6gretap1): Removing an active aggregator [ 1086.005247][T10576] bond2: (slave ip6gretap1): Releasing backup interface [ 1086.096078][T10576] bond2: (slave ip6gretap1): the permanent HWaddr of slave - b6:bb:90:55:65:64 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 1086.950740][ T5774] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 54) [ 1087.030405][T13003] chnl_net:caif_netlink_parms(): no params data found [ 1088.815129][T13106] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1550'. [ 1089.734267][T13111] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1089.771058][T13113] Bluetooth: MGMT ver 1.22 [ 1089.779772][T13113] Bluetooth: hci0: invalid length 0, exp 2 for type 20 [ 1089.791325][T13111] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1089.818589][T13003] bridge0: port 1(bridge_slave_0) entered blocking state [ 1089.832780][T13003] bridge0: port 1(bridge_slave_0) entered disabled state [ 1089.850051][T13003] bridge_slave_0: entered allmulticast mode [ 1089.878454][T13003] bridge_slave_0: entered promiscuous mode [ 1089.944136][T13003] bridge0: port 2(bridge_slave_1) entered blocking state [ 1089.962378][T13003] bridge0: port 2(bridge_slave_1) entered disabled state [ 1089.992065][T13003] bridge_slave_1: entered allmulticast mode [ 1090.021908][T13003] bridge_slave_1: entered promiscuous mode [ 1090.148724][T13116] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1553'. [ 1092.536946][T13003] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1093.420007][T13133] team0 (unregistering): Failed to send port change of device team_slave_0 via netlink (err -105) [ 1093.478292][T13133] team0 (unregistering): Port device team_slave_0 removed [ 1093.572445][T13133] team0 (unregistering): Failed to send options change via netlink (err -105) [ 1093.618122][T13133] team0 (unregistering): Failed to send port change of device team_slave_1 via netlink (err -105) [ 1093.704601][T13133] team0 (unregistering): Port device team_slave_1 removed [ 1093.784720][T13133] bond1: left allmulticast mode [ 1093.828365][T13133] ip6gretap1: left allmulticast mode [ 1093.834461][T13133] bond1: left promiscuous mode [ 1093.844309][T13133] ip6gretap1: left promiscuous mode [ 1093.874720][T13133] team0 (unregistering): Failed to send options change via netlink (err -105) [ 1093.894278][T13133] team0 (unregistering): Failed to send port change of device macvlan2 via netlink (err -105) [ 1093.910271][T13133] team0 (unregistering): Port device macvlan2 removed [ 1094.191648][T13003] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1094.234440][T13003] team0: Port device team_slave_0 added [ 1094.906137][T13160] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1561'. [ 1094.928933][T13003] team0: Port device team_slave_1 added [ 1095.589976][T13003] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1095.607696][T13003] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1095.639532][T13003] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1095.831928][T13003] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1095.839057][T13003] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1097.035806][T13003] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1098.464407][T10576] dvmrp1 (unregistering): left allmulticast mode [ 1098.839026][T10576] IPVS: stopping master sync thread 10381 ... [ 1099.052540][T10576] IPVS: stopping backup sync thread 12407 ... [ 1100.021350][T13193] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 1100.584310][T13003] hsr_slave_0: entered promiscuous mode [ 1100.612655][T13003] hsr_slave_1: entered promiscuous mode [ 1101.897391][T13204] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1571'. [ 1105.261093][T12835] block nbd0: Possible stuck request ffff888022518000: control (read@0,1024B). Runtime 150 seconds [ 1105.274256][T12835] block nbd0: Possible stuck request ffff888022528000: control (read@1024,3072B). Runtime 150 seconds [ 1105.636893][ T27] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 1106.161896][ T27] usb 4-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66 [ 1106.357820][ T27] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1106.550542][ T27] usb 4-1: Product: syz [ 1106.674215][ T27] usb 4-1: Manufacturer: syz [ 1107.610879][ T27] usb 4-1: SerialNumber: syz [ 1108.036925][T13236] loop4: detected capacity change from 0 to 512 [ 1108.489277][T13236] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 1108.539583][T13003] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1108.879863][T13236] EXT4-fs error (device loop4): ext4_orphan_get:1398: inode #15: comm syz.4.1578: iget: bad extended attribute block 851968 [ 1108.903556][T13236] EXT4-fs error (device loop4): ext4_orphan_get:1403: comm syz.4.1578: couldn't read orphan inode 15 (err -117) [ 1109.026528][T13236] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1109.410489][ T27] usb 4-1: config 0 descriptor?? [ 1109.429836][ T27] usb 4-1: can't set config #0, error -71 [ 1109.824896][T13003] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1109.846174][T10886] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1109.856875][ T27] usb 4-1: USB disconnect, device number 10 [ 1111.013021][T13248] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1580'. [ 1111.921275][T10576] hsr_slave_0: left promiscuous mode [ 1111.942902][T10576] hsr_slave_1: left promiscuous mode [ 1114.275798][T10576] veth1_macvtap: left promiscuous mode [ 1114.292748][T10576] veth0_macvtap: left promiscuous mode [ 1114.309178][T10576] veth1_vlan: left promiscuous mode [ 1114.314633][T10576] veth0_vlan: left promiscuous mode [ 1117.503491][T10576] bond3 (unregistering): (slave bridge1): Releasing active interface [ 1118.109659][T10576] bond3 (unregistering): Released all slaves [ 1118.341144][T10576] bond2 (unregistering): (slave veth3): Releasing backup interface [ 1118.848992][T10576] bond2 (unregistering): Released all slaves [ 1118.911376][T10576] bond1 (unregistering): (slave macvlan2): Releasing backup interface [ 1119.219028][T10576] bond1 (unregistering): Released all slaves [ 1121.472131][ T8197] !yz!: rxe_query_port: returned err = -19 [ 1121.478899][T12524] smc: removing ib device !yz! [ 1122.574824][T10576] smc: removing net device bond0 with user defined pnetid SYZ2 [ 1122.583900][T10576] bond0 (unregistering): Released all slaves [ 1122.716324][T13003] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1122.727552][T13003] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1122.810522][T13286] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1122.828033][T13303] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1591'. [ 1124.227249][T13003] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1124.922334][T10576] IPVS: stop unused estimator thread 0... [ 1124.928941][T13003] 8021q: adding VLAN 0 to HW filter on device team0 [ 1124.997332][T12525] bridge0: port 1(bridge_slave_0) entered blocking state [ 1125.004575][T12525] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1125.056260][ T985] bridge0: port 2(bridge_slave_1) entered blocking state [ 1125.063512][ T985] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1125.260356][T13331] loop3: detected capacity change from 0 to 512 [ 1126.094090][T13331] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 1126.104317][T13331] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 1126.114581][T13331] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 1126.166715][T13331] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 1126.175162][T13331] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=e040e01c, mo2=0000] [ 1126.183394][T13331] EXT4-fs (loop3): failed to initialize system zone (-117) [ 1126.190911][T13331] EXT4-fs (loop3): mount failed [ 1126.429260][T13338] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 1126.602666][T13345] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1598'. [ 1127.377940][T13003] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1127.952686][T13375] loop4: detected capacity change from 0 to 128 [ 1128.093365][T13375] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1129.270633][T13375] ext4 filesystem being mounted at /112/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1129.375595][T13379] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1602'. [ 1134.201943][T10886] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1135.385801][T13400] syz.0.1606 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1136.235143][T13406] loop3: detected capacity change from 0 to 512 [ 1136.476507][T13409] bridge0: port 1(bridge_slave_0) entered disabled state [ 1136.485834][T13409] bridge0: port 2(bridge_slave_1) entered disabled state [ 1136.544222][T13409] geneve2: left promiscuous mode [ 1136.551602][T13409] gtp0: left promiscuous mode [ 1136.559959][T13409] gtp1: left promiscuous mode [ 1136.567435][T13409] gtp2: left promiscuous mode [ 1137.220013][T13406] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1137.455789][ T9499] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1137.469065][ T9499] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1137.488868][ T9499] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1137.497996][T12835] block nbd0: Possible stuck request ffff888022518000: control (read@0,1024B). Runtime 180 seconds [ 1137.508879][T12835] block nbd0: Possible stuck request ffff888022528000: control (read@1024,3072B). Runtime 180 seconds [ 1137.548424][ T9499] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1137.565512][ T9499] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1137.573206][ T9499] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1138.173924][T13406] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1138.272924][T13413] wg2 speed is unknown, defaulting to 1000 [ 1138.308407][T13406] ext4 filesystem being mounted at /377/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1140.613340][T11871] Bluetooth: hci2: command tx timeout [ 1140.701638][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1142.677119][T13457] nbd1: detected capacity change from 0 to 8589934655 [ 1142.699277][T13413] chnl_net:caif_netlink_parms(): no params data found [ 1142.795405][ T9499] Bluetooth: hci2: command tx timeout [ 1143.999460][T13470] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1616'. [ 1144.008686][T13470] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1616'. [ 1144.017911][T13470] netlink: 'syz.0.1616': attribute type 13 has an invalid length. [ 1144.025949][T13470] netlink: 'syz.0.1616': attribute type 12 has an invalid length. [ 1144.255201][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 1144.281434][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 1145.115623][ T9499] Bluetooth: hci2: command tx timeout [ 1145.398545][T13413] bridge0: port 1(bridge_slave_0) entered blocking state [ 1145.635210][T13413] bridge0: port 1(bridge_slave_0) entered disabled state [ 1145.637040][T11871] block nbd1: Receive control failed (result -104) [ 1146.007967][T13413] bridge_slave_0: entered allmulticast mode [ 1146.025902][T13413] bridge_slave_0: entered promiscuous mode [ 1146.053357][T13413] bridge0: port 2(bridge_slave_1) entered blocking state [ 1146.313752][T13413] bridge0: port 2(bridge_slave_1) entered disabled state [ 1146.321087][T13413] bridge_slave_1: entered allmulticast mode [ 1146.336635][T13413] bridge_slave_1: entered promiscuous mode [ 1146.808411][T13413] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1146.835808][T13413] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1146.997508][ T23] libceph: connect (1)[c::]:6789 error -101 [ 1147.010969][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 1147.313230][T13413] team0: Port device team_slave_0 added [ 1147.416757][T11871] Bluetooth: hci2: command tx timeout [ 1148.483835][ T23] libceph: connect (1)[c::]:6789 error -101 [ 1148.491441][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 1148.511926][T13487] ceph: No mds server is up or the cluster is laggy [ 1149.042667][ T23] libceph: connect (1)[c::]:6789 error -101 [ 1149.051981][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 1149.201280][T13413] team0: Port device team_slave_1 added [ 1149.729324][T13506] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 1149.819714][T13413] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1149.826733][T13413] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1149.866972][T13506] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1149.940347][T13413] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1149.943758][T13413] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1149.943775][T13413] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1149.943802][T13413] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1150.378714][T13521] usb usb9: usbfs: process 13521 (syz.3.1624) did not claim interface 0 before use [ 1151.204432][T13413] hsr_slave_0: entered promiscuous mode [ 1151.226777][T13413] hsr_slave_1: entered promiscuous mode [ 1151.251690][T13413] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1151.251824][T13413] Cannot create hsr debugfs directory [ 1154.108935][T13539] loop3: detected capacity change from 0 to 1024 [ 1156.520913][ T78] hsr_slave_0: left promiscuous mode [ 1156.536806][ T78] hsr_slave_1: left promiscuous mode [ 1156.557906][ T78] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1156.593037][ T78] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1156.621211][ T78] bridge_slave_1: left allmulticast mode [ 1156.627045][ T78] bridge_slave_1: left promiscuous mode [ 1156.647692][ T78] bridge0: port 2(bridge_slave_1) entered disabled state [ 1156.689402][ T78] bridge_slave_0: left allmulticast mode [ 1156.695440][ T78] bridge_slave_0: left promiscuous mode [ 1156.706485][ T78] bridge0: port 1(bridge_slave_0) entered disabled state [ 1158.701623][T13583] Device name cannot be null; rc = [-22] [ 1158.748910][T13583] loop3: detected capacity change from 0 to 64 [ 1160.108215][T13595] loop4: detected capacity change from 0 to 764 [ 1160.490033][ T78] team0 (unregistering): Port device team_slave_1 removed [ 1161.092213][ T78] team0 (unregistering): Port device team_slave_0 removed [ 1161.368857][ T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1163.599131][ T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1164.753956][ T5140] udevd[5140]: worker [11645] /devices/virtual/block/nbd0 timeout; kill it [ 1164.772444][ T5140] udevd[5140]: seq 12036 '/devices/virtual/block/nbd0' killed [ 1164.941739][ T78] bond0 (unregistering): Released all slaves [ 1165.272829][T13610] lo speed is unknown, defaulting to 1000 [ 1165.380388][T13413] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1165.399385][T13413] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1165.419992][T13413] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1165.436393][T13413] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1165.563083][T13610] lo speed is unknown, defaulting to 1000 [ 1165.573044][T13610] lo speed is unknown, defaulting to 1000 [ 1165.584399][T13610] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 1165.604080][T13610] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 1165.643604][T13610] lo speed is unknown, defaulting to 1000 [ 1165.657113][T13610] lo speed is unknown, defaulting to 1000 [ 1165.686106][T13610] lo speed is unknown, defaulting to 1000 [ 1165.693558][T13610] lo speed is unknown, defaulting to 1000 [ 1165.877955][T13413] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1166.198887][T13413] 8021q: adding VLAN 0 to HW filter on device team0 [ 1167.301222][ T2928] bridge0: port 1(bridge_slave_0) entered blocking state [ 1167.308506][ T2928] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1167.367779][ T2928] bridge0: port 2(bridge_slave_1) entered blocking state [ 1167.375129][ T2928] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1170.747001][T13668] ip6t_rpfilter: only valid in 'raw' or 'mangle' table, not '' [ 1171.684986][T12835] block nbd0: Possible stuck request ffff888022518000: control (read@0,1024B). Runtime 210 seconds [ 1171.695869][T12835] block nbd0: Possible stuck request ffff888022528000: control (read@1024,3072B). Runtime 210 seconds [ 1172.043782][T13413] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1174.142647][T13413] veth0_vlan: entered promiscuous mode [ 1174.182031][T13413] veth1_vlan: entered promiscuous mode [ 1174.334831][T13413] veth0_macvtap: entered promiscuous mode [ 1174.363995][T13413] veth1_macvtap: entered promiscuous mode [ 1174.422173][T13413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1174.465576][T13413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1174.501038][T13413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1174.546457][T13413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1174.601837][T13413] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1174.657108][T13413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1174.685182][T13413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1174.711950][T13413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1174.738743][T13413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1174.784919][T13413] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1174.854551][T13413] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1174.933943][T13413] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1174.973969][T13413] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1175.038264][ T7683] block nbd1: Possible stuck request ffff888022550000: control (read@0,1024B). Runtime 30 seconds [ 1175.049659][ T7683] block nbd1: Possible stuck request ffff888022550200: control (read@1024,1024B). Runtime 30 seconds [ 1175.061628][ T7683] block nbd1: Possible stuck request ffff888022550400: control (read@2048,1024B). Runtime 30 seconds [ 1175.072902][ T7683] block nbd1: Possible stuck request ffff888022550600: control (read@3072,1024B). Runtime 30 seconds [ 1175.091236][T13696] loop4: detected capacity change from 0 to 40427 [ 1175.101808][T13413] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1176.818291][T13696] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x7ffff [ 1176.829641][T13696] F2FS-fs (loop4): invalid crc value [ 1176.851653][T13696] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1176.881116][T13700] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1648'. [ 1176.890589][T13700] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1648'. [ 1177.024860][T13696] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1177.538507][T13707] IPVS: dh: FWM 3 0x00000003 - no destination available [ 1177.560015][ T8] IPVS: starting estimator thread 0... [ 1177.715593][T13710] IPVS: using max 17 ests per chain, 40800 per kthread [ 1178.068491][T10886] syz-executor: attempt to access beyond end of device [ 1178.068491][T10886] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 1178.087592][T10886] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 1178.162311][ T2979] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1178.170221][ T2979] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1178.317697][ T2979] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1178.359010][ T2979] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1178.722406][T13723] loop5: detected capacity change from 0 to 47 [ 1179.476845][T13735] MINIX-fs: deleted inode referenced: 9 [ 1179.484006][T13735] MINIX-fs: deleted inode referenced: 9 [ 1181.169712][T13752] loop3: detected capacity change from 0 to 256 [ 1181.177416][T13752] exfat: Deprecated parameter 'utf8' [ 1181.229946][T13752] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 1183.518498][T13760] loop5: detected capacity change from 0 to 1024 [ 1184.982548][T13772] genirq: Flags mismatch irq 4. 00000000 (pcl812) vs. 00000000 (ttyS0) [ 1186.134635][T13778] tipc: Failed to remove unknown binding: 66,1,1/0:1637293990/1637293992 [ 1186.143463][T13778] tipc: Failed to remove unknown binding: 66,1,1/0:1637293990/1637293992 [ 1189.340931][T13795] random: crng reseeded on system resumption [ 1195.104488][ T8011] usb 6-1: new low-speed USB device number 2 using dummy_hcd [ 1195.947816][ T8197] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 1196.113078][T13831] loop4: detected capacity change from 0 to 16 [ 1196.123593][T13831] erofs: (device loop4): mounted with root inode @ nid 36. [ 1196.141484][ T28] audit: type=1800 audit(1771017902.746:107): pid=13831 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1669" name="file1" dev="loop4" ino=86 res=0 errno=0 [ 1196.217370][T13817] syz_tun: entered allmulticast mode [ 1197.090417][T13843] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1670'. [ 1197.167699][ T8197] usb 4-1: Using ep0 maxpacket: 16 [ 1197.497844][ T8197] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 1197.509015][ T8197] usb 4-1: can't read configurations, error -71 [ 1197.604352][ T8011] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1197.633799][ T8011] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 1197.684974][ T8011] usb 6-1: can't read configurations, error -71 [ 1198.189325][T13851] xt_NFQUEUE: number of queues (51632) out of range (got 109621) [ 1201.093763][T13847] netlink: 'syz.4.1672': attribute type 10 has an invalid length. [ 1201.109611][T13847] team0: Port device dummy0 added [ 1201.145833][T13857] binder: 13856:13857 ioctl 4018620d 0 returned -22 [ 1201.294540][T13857] bridge0: port 2(bridge_slave_1) entered disabled state [ 1201.302149][T13857] bridge0: port 1(bridge_slave_0) entered disabled state [ 1201.687102][T13875] loop5: detected capacity change from 0 to 512 [ 1201.863613][T13875] EXT4-fs error (device loop5): ext4_quota_enable:7140: comm syz.5.1679: inode #50331648: comm syz.5.1679: iget: illegal inode # [ 1201.886130][T13884] sd 0:0:1:0: device reset [ 1202.149205][T13875] EXT4-fs (loop5): Remounting filesystem read-only [ 1202.438209][T13875] EXT4-fs warning (device loop5): ext4_enable_quotas:7184: Failed to enable quota tracking (type=2, err=-117, ino=50331648). Please run e2fsck to fix. [ 1202.527586][T13875] EXT4-fs (loop5): mount failed [ 1204.587149][T12835] block nbd0: Possible stuck request ffff888022518000: control (read@0,1024B). Runtime 240 seconds [ 1204.598156][T12835] block nbd0: Possible stuck request ffff888022528000: control (read@1024,3072B). Runtime 240 seconds [ 1204.711862][T13897] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7) [ 1204.718477][T13897] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1204.726761][T13897] vhci_hcd vhci_hcd.0: Device attached [ 1205.224638][ T786] usb 43-1: new low-speed USB device number 2 using vhci_hcd [ 1205.509430][T13899] vhci_hcd: connection reset by peer [ 1205.612823][T10576] vhci_hcd: stop threads [ 1205.681695][T10576] vhci_hcd: release socket [ 1205.763419][T10576] vhci_hcd: disconnect device [ 1206.082187][T13904] loop3: detected capacity change from 0 to 1024 [ 1207.197989][ T7683] block nbd1: Possible stuck request ffff888022550000: control (read@0,1024B). Runtime 60 seconds [ 1207.209753][ T7683] block nbd1: Possible stuck request ffff888022550200: control (read@1024,1024B). Runtime 60 seconds [ 1207.221188][ T7683] block nbd1: Possible stuck request ffff888022550400: control (read@2048,1024B). Runtime 60 seconds [ 1207.233086][ T7683] block nbd1: Possible stuck request ffff888022550600: control (read@3072,1024B). Runtime 60 seconds [ 1209.937674][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 1209.944368][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 1211.365254][ T786] vhci_hcd: vhci_device speed not set [ 1211.542076][T13953] loop4: detected capacity change from 0 to 128 [ 1212.941377][T13953] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1212.962488][T13953] ext4 filesystem being mounted at /134/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 1214.086958][T10886] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1217.977935][T14005] loop5: detected capacity change from 0 to 4096 [ 1218.357932][T14005] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1218.389390][T14005] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 4096) [ 1218.399430][T14005] NILFS (loop5): mounting unchecked fs [ 1218.573456][T14005] NILFS (loop5): invalid segment: Checksum error in segment payload [ 1218.582639][T14005] NILFS (loop5): unable to fall back to spare super block [ 1218.590204][T14005] NILFS (loop5): error -22 while searching super root [ 1220.043452][T14021] capability: warning: `syz.0.1699' uses 32-bit capabilities (legacy support in use) [ 1221.927146][ T5140] udevd[5140]: worker [13245] /devices/virtual/block/nbd1 is taking a long time [ 1223.001907][T14031] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1702'. [ 1225.623043][T14051] loop3: detected capacity change from 0 to 2048 [ 1225.640388][T14051] UDF-fs: bad mount option "noadinicb@&°"w¤8¬êˆx7" or missing value [ 1226.549523][T14052] syz_tun: entered allmulticast mode [ 1226.848791][T14052] syz_tun: left allmulticast mode [ 1230.176446][T14083] ptrace attach of "./syz-executor exec"[5774] was attempted by ""[14083] [ 1230.201592][T14083] loop3: detected capacity change from 0 to 1024 [ 1230.234754][ T28] audit: type=1326 audit(1771017934.606:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14077 comm="syz.3.1712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8da579bf79 code=0x7ffc0000 [ 1230.349287][ T28] audit: type=1326 audit(1771017934.606:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14077 comm="syz.3.1712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8da579bf79 code=0x7ffc0000 [ 1230.384739][T14083] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 1231.121761][ T28] audit: type=1326 audit(1771017934.606:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14077 comm="syz.3.1712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8da579bf79 code=0x7ffc0000 [ 1231.122989][T14083] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 1231.155751][T14083] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (31873!=20869) [ 1231.156234][ T28] audit: type=1326 audit(1771017934.606:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14077 comm="syz.3.1712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8da579bf79 code=0x7ffc0000 [ 1231.167169][T14083] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 1231.199279][T14083] EXT4-fs (loop3): filesystem has both journal inode and journal device! [ 1231.245529][ T28] audit: type=1326 audit(1771017934.606:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14077 comm="syz.3.1712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8da579bf79 code=0x7ffc0000 [ 1231.270401][ T28] audit: type=1326 audit(1771017934.606:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14077 comm="syz.3.1712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8da579bf79 code=0x7ffc0000 [ 1231.300194][ T28] audit: type=1326 audit(1771017934.606:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14077 comm="syz.3.1712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8da579bf79 code=0x7ffc0000 [ 1231.356146][ T28] audit: type=1326 audit(1771017934.606:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14077 comm="syz.3.1712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8da579bf79 code=0x7ffc0000 [ 1231.656654][ T28] audit: type=1326 audit(1771017934.606:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14077 comm="syz.3.1712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8da579bf79 code=0x7ffc0000 [ 1231.729949][T14091] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 1232.268683][ T28] audit: type=1326 audit(1771017934.606:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14077 comm="syz.3.1712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8da579bf79 code=0x7ffc0000 [ 1235.386742][T11161] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 1235.703241][T11161] usb 6-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66 [ 1236.458731][T11161] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1236.640409][T11161] usb 6-1: Product: syz [ 1236.710299][T11161] usb 6-1: Manufacturer: syz [ 1237.130574][T11161] usb 6-1: SerialNumber: syz [ 1237.861626][T11161] usb 6-1: config 0 descriptor?? [ 1238.261055][T11161] usb 6-1: can't set config #0, error -71 [ 1238.298807][T11161] usb 6-1: USB disconnect, device number 4 [ 1238.603849][T12835] block nbd0: Possible stuck request ffff888022518000: control (read@0,1024B). Runtime 270 seconds [ 1238.616455][T12835] block nbd0: Possible stuck request ffff888022528000: control (read@1024,3072B). Runtime 270 seconds [ 1239.359596][ T7683] block nbd1: Possible stuck request ffff888022550000: control (read@0,1024B). Runtime 90 seconds [ 1239.370559][ T7683] block nbd1: Possible stuck request ffff888022550200: control (read@1024,1024B). Runtime 90 seconds [ 1239.383057][ T7683] block nbd1: Possible stuck request ffff888022550400: control (read@2048,1024B). Runtime 90 seconds [ 1239.395886][ T7683] block nbd1: Possible stuck request ffff888022550600: control (read@3072,1024B). Runtime 90 seconds [ 1239.437401][T14131] loop4: detected capacity change from 0 to 256 [ 1239.718634][T14131] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1239.955369][T14136] sd 0:0:1:0: device reset [ 1240.881883][T14140] tipc: Failed to remove unknown binding: 66,1,1/0:1638348064/1638348066 [ 1240.890443][T14140] tipc: Failed to remove unknown binding: 66,1,1/0:1638348064/1638348066 [ 1241.757445][T14143] IPVS: dh: FWM 3 0x00000003 - no destination available [ 1243.911146][T14161] loop4: detected capacity change from 0 to 16 [ 1243.953457][T14161] erofs: (device loop4): erofs_read_inode: unsupported i_format 32 of nid 36 [ 1245.680615][T14173] tmpfs: Unknown parameter '*' [ 1245.759676][T14175] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth0_to_bond, syncid = 0, id = 0 [ 1247.724149][ T8011] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 1248.897196][ T8011] usb 5-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66 [ 1249.082945][ T8011] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1249.240516][ T8011] usb 5-1: Product: syz [ 1249.325204][ T8011] usb 5-1: Manufacturer: syz [ 1249.409333][ T8011] usb 5-1: SerialNumber: syz [ 1249.712984][ T8011] usb 5-1: config 0 descriptor?? [ 1249.731153][ T8011] usb 5-1: can't set config #0, error -71 [ 1250.651685][ T8011] usb 5-1: USB disconnect, device number 4 [ 1250.815783][T14203] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1735'. [ 1251.572704][T14210] IPv6: Can't replace route, no match found [ 1258.090751][T14251] tipc: Started in network mode [ 1258.096026][T14251] tipc: Node identity 4, cluster identity 4711 [ 1258.102293][T14251] tipc: Node number set to 4 [ 1261.267392][ T5819] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 1262.757601][ T5819] usb 4-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66 [ 1262.776827][ T5819] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1262.818598][ T5819] usb 4-1: Product: syz [ 1263.049060][ T5819] usb 4-1: Manufacturer: syz [ 1263.056441][ T5819] usb 4-1: SerialNumber: syz [ 1263.097978][ T5819] usb 4-1: config 0 descriptor?? [ 1263.148323][ T5819] snd-usb-audio: probe of 4-1:0.0 failed with error -22 [ 1264.233206][ T5819] usb 4-1: USB disconnect, device number 13 [ 1265.055549][T14292] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1754'. [ 1270.826935][T14326] loop5: detected capacity change from 0 to 1024 [ 1270.837202][T14326] ext4: Bad value for 'max_batch_time' [ 1270.847598][T12835] block nbd0: Possible stuck request ffff888022518000: control (read@0,1024B). Runtime 300 seconds [ 1270.861080][T12835] block nbd0: Possible stuck request ffff888022528000: control (read@1024,3072B). Runtime 300 seconds [ 1271.511121][ T7683] block nbd1: Possible stuck request ffff888022550000: control (read@0,1024B). Runtime 120 seconds [ 1271.522655][ T7683] block nbd1: Possible stuck request ffff888022550200: control (read@1024,1024B). Runtime 120 seconds [ 1271.534541][ T7683] block nbd1: Possible stuck request ffff888022550400: control (read@2048,1024B). Runtime 120 seconds [ 1271.549365][ T7683] block nbd1: Possible stuck request ffff888022550600: control (read@3072,1024B). Runtime 120 seconds [ 1272.711306][T11871] Bluetooth: hci2: command 0x0406 tx timeout [ 1273.395774][T14353] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1765'. [ 1274.643276][T14355] hub 8-0:1.0: USB hub found [ 1274.653264][T14355] hub 8-0:1.0: 1 port detected [ 1275.673372][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 1275.702171][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 1277.637877][T14359] loop3: detected capacity change from 0 to 2048 [ 1277.869357][T14375] loop5: detected capacity change from 0 to 128 [ 1278.791281][T14359] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1279.313050][T14375] FAT-fs (loop5): error, fat_free: invalid cluster chain (i_pos 54) [ 1279.323944][T14375] FAT-fs (loop5): Filesystem has been set read-only [ 1279.575226][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1280.169408][ C0] hrtimer: interrupt took 69011 ns [ 1280.500670][T14385] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 1281.684651][T13413] FAT-fs (loop5): error, fat_free: invalid cluster chain (i_pos 54) [ 1294.792129][T14449] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1793'. [ 1294.815805][T14449] input input8: cannot allocate more than FF_MAX_EFFECTS effects [ 1296.703628][T14458] netlink: 'syz.4.1787': attribute type 3 has an invalid length. [ 1296.714073][T14458] netlink: 'syz.4.1787': attribute type 1 has an invalid length. [ 1296.724270][T14458] netlink: 199820 bytes leftover after parsing attributes in process `syz.4.1787'. [ 1296.744413][T14458] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1787'. [ 1296.786322][T14458] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1787'. [ 1298.315013][T14464] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 1298.324031][ C1] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 1298.861962][T14470] loop4: detected capacity change from 0 to 128 [ 1298.877299][T14470] EXT4-fs: Ignoring removed nobh option [ 1298.946895][T14470] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1298.959818][T14470] ext4 filesystem being mounted at /159/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1299.062016][T11871] Bluetooth: hci4: unexpected cc 0x2039 length: 9 > 1 [ 1299.071163][T11871] Bluetooth: hci4: unexpected event for opcode 0x2039 [ 1299.320729][T10886] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1303.026539][T12835] block nbd0: Possible stuck request ffff888022518000: control (read@0,1024B). Runtime 330 seconds [ 1303.038291][T12835] block nbd0: Possible stuck request ffff888022528000: control (read@1024,3072B). Runtime 330 seconds [ 1303.260339][T14496] loop5: detected capacity change from 0 to 512 [ 1303.523653][T11871] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 1303.532556][T11871] Bluetooth: hci4: Injecting HCI hardware error event [ 1303.542306][T14332] Bluetooth: hci4: hardware error 0x00 [ 1303.683516][T14502] loop3: detected capacity change from 0 to 512 [ 1303.695094][T14502] EXT4-fs: Ignoring removed mblk_io_submit option [ 1304.469680][T14502] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1304.480266][ T7683] block nbd1: Possible stuck request ffff888022550000: control (read@0,1024B). Runtime 150 seconds [ 1304.492798][ T7683] block nbd1: Possible stuck request ffff888022550200: control (read@1024,1024B). Runtime 150 seconds [ 1304.503974][ T7683] block nbd1: Possible stuck request ffff888022550400: control (read@2048,1024B). Runtime 150 seconds [ 1304.515960][T14502] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2802e12c, mo2=0102] [ 1304.517981][ T7683] block nbd1: Possible stuck request ffff888022550600: control (read@3072,1024B). Runtime 150 seconds [ 1304.524270][T14502] System zones: 1-12 [ 1304.525048][T14502] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1304.552608][T14502] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.1801: invalid indirect mapped block 12 (level 1) [ 1304.573702][T14502] EXT4-fs (loop3): Remounting filesystem read-only [ 1304.580876][T14502] EXT4-fs (loop3): 1 truncate cleaned up [ 1304.588812][T14502] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 1304.899121][T14496] EXT4-fs (loop5): 1 orphan inode deleted [ 1304.951929][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 1304.982500][T14496] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1305.014904][T14496] ext4 filesystem being mounted at /41/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1305.560388][T14510] EXT4-fs warning (device loop5): ext4_resize_fs:2025: can't read last block, resize aborted [ 1306.110140][T13413] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1306.876636][T14332] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1315.591148][T14561] loop3: detected capacity change from 0 to 40427 [ 1315.654579][T14561] F2FS-fs (loop3): invalid crc value [ 1315.708880][T14561] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1315.750851][T14561] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1316.038301][T14576] netlink: 'syz.0.1814': attribute type 1 has an invalid length. [ 1316.377553][T14576] bond2: entered promiscuous mode [ 1316.523222][T14576] bond2: entered allmulticast mode [ 1316.652468][T14576] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1317.182049][T14580] erspan1: entered allmulticast mode [ 1317.210494][T14580] bond2: (slave erspan1): making interface the new active one [ 1317.220978][T14580] erspan1: entered promiscuous mode [ 1317.240691][T14580] bond2: (slave erspan1): Enslaving as an active interface with an up link [ 1321.978924][T14609] loop3: detected capacity change from 0 to 128 [ 1322.025893][T14609] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1322.066637][T14609] ext4 filesystem being mounted at /429/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 1323.219776][ T5774] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1323.255408][T14621] syz_tun: entered allmulticast mode [ 1323.313637][T14621] syz_tun: left allmulticast mode [ 1324.182069][T14630] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1825'. [ 1325.761470][T14643] loop5: detected capacity change from 0 to 128 [ 1325.886359][T14643] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1325.911863][T14643] ext4 filesystem being mounted at /47/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1326.941867][ T29] INFO: task udevd:11645 blocked for more than 144 seconds. [ 1327.937925][ T29] Not tainted syzkaller #0 [ 1327.967806][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1327.985973][ T29] task:udevd state:D stack:23496 pid:11645 ppid:5140 flags:0x00004006 [ 1328.003677][ T29] Call Trace: [ 1328.007427][ T29] [ 1328.011254][ T29] __schedule+0x1553/0x45a0 [ 1328.015866][ T29] ? asan.module_dtor+0x20/0x20 [ 1328.038554][ T29] ? mark_lock+0x94/0x320 [ 1328.051595][ T29] ? lock_chain_count+0x20/0x20 [ 1328.224661][ T29] ? _raw_spin_lock_irq+0xbb/0xf0 [ 1328.242903][ T29] ? _raw_spin_lock_irqsave+0x100/0x100 [ 1328.254645][ T29] schedule+0xbd/0x170 [ 1328.268730][ T29] io_schedule+0x80/0xd0 [ 1328.276211][ T29] folio_wait_bit_common+0x714/0xfa0 [ 1328.314689][ T29] ? folio_wait_bit+0x30/0x30 [ 1328.319576][ T29] ? _compound_head+0x120/0x120 [ 1328.324899][ T29] ? filemap_add_folio+0x192/0x3c0 [ 1328.330171][ T29] ? __filemap_get_folio+0x704/0xbb0 [ 1328.340757][ T29] ? blkdev_writepage+0x30/0x30 [ 1328.534535][ T29] do_read_cache_folio+0x1c0/0x7d0 [ 1328.540020][ T29] ? blkdev_writepage+0x30/0x30 [ 1328.943209][ T29] read_part_sector+0xd2/0x340 [ 1328.948177][ T29] adfspart_check_POWERTEC+0x93/0xed0 [ 1328.955928][ T29] ? adfspart_check_ADFS+0x620/0x620 [ 1328.965342][ T29] ? put_partition+0x370/0x370 [ 1328.971008][ T29] ? alloc_pages+0x4dc/0x740 [ 1328.977608][ T29] bdev_disk_changed+0x740/0x1420 [ 1328.987272][ T29] ? bdev_resize_partition+0xf0/0xf0 [ 1328.992799][ T29] ? iput+0x343/0x920 [ 1328.998948][ T29] blkdev_get_whole+0x30d/0x390 [ 1329.003979][ T29] blkdev_get_by_dev+0x279/0x600 [ 1329.013112][ T29] blkdev_open+0x152/0x360 [ 1329.019375][ T29] ? blkdev_mmap+0x1b0/0x1b0 [ 1329.024248][ T29] do_dentry_open+0x8c6/0x1500 [ 1329.033072][ T29] path_openat+0x27f1/0x3230 [ 1329.039044][ T29] ? do_sys_openat2+0xda/0x1d0 [ 1329.043867][ T29] ? verify_lock_unused+0x140/0x140 [ 1329.054507][ T29] ? do_filp_open+0x430/0x430 [ 1329.059771][ T29] ? __virt_addr_valid+0x18c/0x540 [ 1329.065094][ T29] do_filp_open+0x1f5/0x430 [ 1329.071178][ T29] ? vfs_tmpfile+0x490/0x490 [ 1329.076569][ T29] ? _raw_spin_unlock+0x28/0x40 [ 1329.082004][ T29] ? alloc_fd+0x58f/0x630 [ 1329.086513][ T29] do_sys_openat2+0x134/0x1d0 [ 1329.093111][ T29] ? do_sys_open+0xe0/0xe0 [ 1329.097598][ T29] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1329.106834][ T29] ? lock_chain_count+0x20/0x20 [ 1329.114590][ T29] __x64_sys_openat+0x139/0x160 [ 1329.119803][ T29] do_syscall_64+0x55/0xa0 [ 1329.127155][ T29] ? clear_bhb_loop+0x40/0x90 [ 1329.132185][ T29] ? clear_bhb_loop+0x40/0x90 [ 1329.139700][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1329.148690][ T29] RIP: 0033:0x7f59830a7407 [ 1329.153273][ T29] RSP: 002b:00007ffc132ee3a0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 1329.178838][ T29] RAX: ffffffffffffffda RBX: 00007f5983749880 RCX: 00007f59830a7407 [ 1329.192061][ T29] RDX: 00000000000a0800 RSI: 00005581aa28f920 RDI: ffffffffffffff9c [ 1329.201207][ T29] RBP: 00005581aa267910 R08: 0000000000000000 R09: 0000000000000000 [ 1329.214615][ T29] R10: 0000000000000000 R11: 0000000000000202 R12: 00005581aa27aad0 [ 1329.223330][ T29] R13: 00005581aa27f410 R14: 0000000000000000 R15: 00005581aa27aad0 [ 1329.232998][ T29] [ 1329.241947][ T29] [ 1329.241947][ T29] Showing all locks held in the system: [ 1329.255022][T13413] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1329.268652][ T29] 1 lock held by khungtaskd/29: [ 1329.281197][ T29] #0: ffffffff8d131fa0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 [ 1329.301296][ T29] 2 locks held by getty/5532: [ 1329.373507][ T29] #0: ffff88814c7e50a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1329.387488][ T29] #1: ffffc9000326e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x433/0x1390 [ 1329.418400][ T29] 3 locks held by udevd/11456: [ 1329.437942][ T29] 1 lock held by udevd/11645: [ 1329.452811][ T29] #0: ffff888140b6a4c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600 [ 1329.463678][ T29] 2 locks held by kworker/0:1/12773: [ 1329.474015][ T29] #0: ffff888017c72538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 1329.490817][ T29] #1: ffffc900032b7d00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 1329.503528][ T29] 1 lock held by udevd/13245: [ 1329.522559][ T29] #0: ffff8880224da4c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600 [ 1329.539939][ T29] 1 lock held by syz.4.1819/14660: [ 1329.545736][ T29] [ 1329.548182][ T29] ============================================= [ 1329.548182][ T29] [ 1329.566390][ T29] NMI backtrace for cpu 0 [ 1329.570792][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 1329.578023][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1329.588118][ T29] Call Trace: [ 1329.591469][ T29] [ 1329.594436][ T29] dump_stack_lvl+0x18c/0x250 [ 1329.599171][ T29] ? show_regs_print_info+0x20/0x20 [ 1329.604430][ T29] ? load_image+0x400/0x400 [ 1329.608992][ T29] nmi_cpu_backtrace+0x3a6/0x3e0 [ 1329.613988][ T29] ? nmi_trigger_cpumask_backtrace+0x2f0/0x2f0 [ 1329.620187][ T29] ? _printk+0xde/0x130 [ 1329.624391][ T29] ? load_image+0x400/0x400 [ 1329.628943][ T29] ? load_image+0x400/0x400 [ 1329.633578][ T29] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 1329.639694][ T29] nmi_trigger_cpumask_backtrace+0x17a/0x2f0 [ 1329.645727][ T29] watchdog+0xf3d/0xf80 [ 1329.649944][ T29] ? watchdog+0x1e1/0xf80 [ 1329.654358][ T29] kthread+0x2fa/0x390 [ 1329.658469][ T29] ? hungtask_pm_notify+0x90/0x90 [ 1329.663546][ T29] ? kthread_blkcg+0xd0/0xd0 [ 1329.668352][ T29] ret_from_fork+0x48/0x80 [ 1329.672812][ T29] ? kthread_blkcg+0xd0/0xd0 [ 1329.677445][ T29] ret_from_fork_asm+0x11/0x20 [ 1329.682271][ T29] [ 1329.686255][ T29] Sending NMI from CPU 0 to CPUs 1: [ 1329.691568][ C1] NMI backtrace for cpu 1 [ 1329.691578][ C1] CPU: 1 PID: 14660 Comm: syz.4.1819 Not tainted syzkaller #0 [ 1329.691595][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1329.691605][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x60 [ 1329.691631][ C1] Code: 00 00 f3 0f 1e fa 53 48 89 fb e8 13 00 00 00 48 8b 3d 3c cc 03 0d 48 89 de 5b e9 53 59 57 00 cc cc cc f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0d 10 a2 7c 7e 65 8b 15 11 a2 7c 7e 81 e2 00 01 ff 00 74 [ 1329.691646][ C1] RSP: 0018:ffffc9000f4bf9b8 EFLAGS: 00000246 [ 1329.691661][ C1] RAX: ffffffff842801e0 RBX: 0000000000000008 RCX: 0000000000000002 [ 1329.691672][ C1] RDX: ffff888028ba5a00 RSI: 0000000000000000 RDI: 0000000000000000 [ 1329.691683][ C1] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffc9000f4bfd30 [ 1329.691699][ C1] R10: ffffc9000f4bfd70 R11: fffff52001e97fb0 R12: 0000000000000000 [ 1329.691711][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc9000f4bfb40 [ 1329.691723][ C1] FS: 00007fe3259af6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 1329.691737][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1329.691749][ C1] CR2: 000000110c40d7c0 CR3: 000000002ed05000 CR4: 00000000003506e0 [ 1329.691763][ C1] Call Trace: [ 1329.691769][ C1] [ 1329.691773][ C1] __import_iovec+0x320/0x850 [ 1329.691804][ C1] ? __might_fault+0xaa/0x120 [ 1329.691822][ C1] import_iovec+0x73/0xa0 [ 1329.691850][ C1] ___sys_recvmsg+0x4ba/0x590 [ 1329.691870][ C1] ? __sys_recvmsg+0x2a0/0x2a0 [ 1329.691895][ C1] ? __lock_acquire+0x7d40/0x7d40 [ 1329.691918][ C1] ? __might_fault+0xc6/0x120 [ 1329.691933][ C1] ? __might_fault+0xaa/0x120 [ 1329.691950][ C1] do_recvmmsg+0x39a/0x870 [ 1329.691970][ C1] ? __sys_recvmmsg+0x290/0x290 [ 1329.691992][ C1] ? __ia32_sys_get_robust_list+0x110/0x110 [ 1329.692018][ C1] __x64_sys_recvmmsg+0x199/0x250 [ 1329.692035][ C1] ? do_recvmmsg+0x870/0x870 [ 1329.692053][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 1329.692072][ C1] do_syscall_64+0x55/0xa0 [ 1329.692095][ C1] ? clear_bhb_loop+0x40/0x90 [ 1329.692113][ C1] ? clear_bhb_loop+0x40/0x90 [ 1329.692132][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1329.692149][ C1] RIP: 0033:0x7fe324b9bf79 [ 1329.692163][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1329.692177][ C1] RSP: 002b:00007fe3259af028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1329.692193][ C1] RAX: ffffffffffffffda RBX: 00007fe324e16090 RCX: 00007fe324b9bf79 [ 1329.692205][ C1] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003 [ 1329.692215][ C1] RBP: 00007fe324c327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1329.692226][ C1] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 1329.692235][ C1] R13: 00007fe324e16128 R14: 00007fe324e16090 R15: 00007fff3c6fd538 [ 1329.692255][ C1] [ 1330.003508][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 1330.010430][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 1330.017669][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1330.027758][ T29] Call Trace: [ 1330.031070][ T29] [ 1330.034030][ T29] dump_stack_lvl+0x18c/0x250 [ 1330.038769][ T29] ? show_regs_print_info+0x20/0x20 [ 1330.044011][ T29] ? load_image+0x400/0x400 [ 1330.048565][ T29] panic+0x2dc/0x730 [ 1330.052508][ T29] ? schedule_preempt_disabled+0x20/0x20 [ 1330.058195][ T29] ? bpf_jit_dump+0xd0/0xd0 [ 1330.062743][ T29] ? __irq_work_queue_local+0x13a/0x3b0 [ 1330.068688][ T29] ? nmi_trigger_cpumask_backtrace+0x2a4/0x2f0 [ 1330.074895][ T29] watchdog+0xf7c/0xf80 [ 1330.079095][ T29] ? watchdog+0x1e1/0xf80 [ 1330.083497][ T29] kthread+0x2fa/0x390 [ 1330.087610][ T29] ? hungtask_pm_notify+0x90/0x90 [ 1330.092685][ T29] ? kthread_blkcg+0xd0/0xd0 [ 1330.097405][ T29] ret_from_fork+0x48/0x80 [ 1330.101851][ T29] ? kthread_blkcg+0xd0/0xd0 [ 1330.106471][ T29] ret_from_fork_asm+0x11/0x20 [ 1330.111279][ T29] [ 1330.114908][ T29] Kernel Offset: disabled [ 1330.119250][ T29] Rebooting in 86400 seconds..