last executing test programs: 16.006044386s ago: executing program 3 (id=1595): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000300), 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000980)={0x0, 0x0, 0x0, [0xfffffffffffffffd, 0x1, 0x6, 0x2, 0x7], [0x224, 0x0, 0x8, 0x5, 0x3, 0xd, 0x3, 0x6, 0xa58a, 0x3, 0x5, 0x1, 0x6, 0x3, 0x80000001, 0xd, 0x2, 0xe, 0x9, 0x7, 0x11, 0xffffffff, 0xf1, 0x1, 0x4, 0x7ff, 0x8, 0x8, 0x10, 0x4, 0x1, 0x1, 0x6, 0x3, 0x8, 0x9f, 0x7f, 0xfffffffffffffff7, 0x8, 0x1, 0x7, 0x101, 0xe, 0x5, 0x9, 0x0, 0x8, 0xb, 0x56f2, 0x0, 0x6, 0x0, 0xe8a, 0x6, 0x5, 0x3, 0x1, 0x0, 0x3, 0x714b9494, 0xdd7, 0xc, 0x7, 0x7fffffff, 0x8, 0x6, 0x2, 0xfffffffffffffffe, 0x0, 0xfffffffffffffff7, 0x1, 0x5, 0xf, 0x5, 0xc, 0x1, 0xffff, 0x6, 0x1000, 0xa000000000, 0x81, 0x7, 0x0, 0x0, 0x9, 0x2a2, 0x7fffffff, 0x8, 0x2e9e, 0x40000000000000, 0x200, 0x1, 0x71b, 0xe7b, 0x62df, 0x6, 0x400, 0x8, 0x0, 0xffffffff80000001, 0xae5, 0xe06, 0x10, 0x3, 0x35d, 0x0, 0x9, 0x80000000, 0x2, 0x7, 0x1, 0x7fffffff, 0x5b, 0x5, 0xc, 0x1, 0x25b, 0x0, 0x1, 0xffffffffffff7fff, 0xc31e]}) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x548, 0x0, 0xffffffff, 0xffffffff, 0x1c0, 0xffffffff, 0x478, 0xffffffff, 0xffffffff, 0x478, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x9, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@remote, @private2, [0xffffff00, 0xffffffff, 0x0, 0xffffff00], [0xffffffff, 0xffffff00, 0xffffffff, 0xff000000], 'batadv0\x00', 'bridge_slave_1\x00', {}, {0xff}, 0x2b, 0x2, 0x5, 0x5}, 0x0, 0x298, 0x2b8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x4, 0x1, 0x1, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x6, 0x2, 0x0, 'syz0\x00'}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5a8) 10.10685748s ago: executing program 4 (id=1606): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x100, 0xe}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0xfff5, 0x4}, {}, {0x8, 0xc}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) close(r4) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r5 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r5, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000500)=@xdp={0x2c, 0x0, r3, 0xc}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf", 0x22}, {&(0x7f0000000c00)="4307ed2e", 0x4}], 0x2}, 0x4) 9.981792427s ago: executing program 4 (id=1610): socket(0x1e, 0x1, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x141101) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0) write$dsp(r0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000001540)={0x5c, 0x2, 0x6, 0x201, 0x0, 0x0, {0xc, 0x0, 0x9}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x5c}}, 0x0) write$binfmt_register(0xffffffffffffffff, 0x0, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0xc, &(0x7f00000004c0)=0xa, 0x0, 0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 9.879915553s ago: executing program 2 (id=1611): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$rds(0x15, 0x5, 0x0) bind$rds(r3, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) sendmsg$rds(r3, &(0x7f0000003740)={&(0x7f0000000040)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000bc0)=[@rdma_args={0x48, 0x114, 0x1, {{0x2, 0x2}, {&(0x7f0000000900)=""/230, 0xe6}, &(0x7f0000000b80)=[{&(0x7f0000000a00)=""/43, 0x2b}, {&(0x7f0000000ac0)=""/162, 0xa2}], 0x2, 0x40, 0xd}}], 0x48, 0x90}, 0x0) 8.805406306s ago: executing program 4 (id=1612): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), r3) sendmsg$TIPC_NL_MON_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={0x14, r4, 0x701}, 0x14}}, 0x0) 8.804470136s ago: executing program 0 (id=1622): r0 = memfd_create(&(0x7f0000000280)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93', 0x6) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000003, 0x40013, r0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x103}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = dup(r0) finit_module(r4, 0x0, 0x1) 8.790592346s ago: executing program 2 (id=1614): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x40000, 0x0, r3, 0xfff}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x1c, &(0x7f0000000100)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x4000}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xa, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x8}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 7.725303989s ago: executing program 1 (id=1615): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000080)={0x1, 0x0, [{0x40000000, 0xc4, 0x1, 0x8, 0x9, 0x95, 0xd39}]}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000840), r2) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000240)={0x18, r3, 0x9c2f0f67201acf05, 0x70bd29, 0x25dfdbff, {}, [@HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x20000080) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) fcntl$notify(0xffffffffffffffff, 0x402, 0xc0000001) ioctl$KVM_SET_SREGS2(0xffffffffffffffff, 0x4140aecd, 0x0) socket(0x10, 0x803, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) 7.213160649s ago: executing program 1 (id=1616): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="020d0000100000002f3144e8edffffff03000600ff18000002004909000100000000000000001e0e080012000200010000d200000000000030006c540203009f7eae02000000adb20200000000f52c000000cdff00000001020014bb000001000000002300001300030005000020000002"], 0x80}}, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmmsg(r3, &(0x7f00000000c0), 0x2c8, 0x0) 7.211580879s ago: executing program 0 (id=1617): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r1 = socket$inet6(0xa, 0x3, 0x20) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1}, 0x1c) bind$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1}, 0x18) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0xfffffffffffffffd, &(0x7f0000000340)={0xffffffffffffffff}, 0x13f, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000080)={0xe, 0x18, 0xfa00, @id_tos={0x0, r2, 0x0, 0x3000000}}, 0x20) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r3, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000001240)={0x24, 0x2, 0x1, 0x801, 0x0, 0x0, {0x2, 0x0, 0x9}, [@CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x3}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008844}, 0x20000080) r4 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0) keyctl$describe(0x6, 0x0, 0x0, 0x0) mq_notify(r4, &(0x7f0000000100)={0x0, 0x10}) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r5, &(0x7f0000000040)={0x0, 0xfffffffffffffe38, &(0x7f0000000100)=[{&(0x7f00000006c0)="5c00000012006bcd9e3fe3dc6e48aa31086b8703130000001f03000000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) mq_notify(r4, &(0x7f0000000180)={0x0, 0x2e, 0x0, @thr={0x0, 0x0}}) 7.210917619s ago: executing program 4 (id=1618): openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/wakeup_count', 0x100102, 0x8) sendfile(r3, r3, 0x0, 0x6) 7.156071882s ago: executing program 3 (id=1619): r0 = socket$kcm(0x10, 0x2, 0x4) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x3, {0x42}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) bind$tipc(r2, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43, 0x1}, 0x10) bind$tipc(r1, 0x0, 0x0) close(r1) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$inet(r0, 0x0, 0x40040c4) socket$nl_generic(0x10, 0x3, 0x10) 7.155719063s ago: executing program 2 (id=1620): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000000c0)={{r3, 0xffffffffffffffff}, &(0x7f0000000480), &(0x7f0000000080)='%+9llu \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={r4}, 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x10, &(0x7f0000000640)=@framed={{}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x54}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0x10, 0x10, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 6.009423129s ago: executing program 1 (id=1621): sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) sendmsg$tipc(r2, &(0x7f0000000540)={&(0x7f00000001c0)=@name={0x1e, 0x2, 0x2, {{0x42}, 0x2}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4040000}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NODE_ADDR(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r4, 0x201, 0x400000, 0x0, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 5.802869291s ago: executing program 3 (id=1623): socket$nl_route(0x10, 0x3, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_io_uring_setup(0x10d, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x315}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r5, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x10, 0x4007, @fd_index=0x8000000, 0x2, 0x0}) io_uring_enter(r0, 0x3f70, 0x0, 0x0, 0x0, 0x0) 5.679945159s ago: executing program 2 (id=1624): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = fsopen(&(0x7f0000000040)='bdev\x00', 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)={0x14, 0x0, 0x2, 0x801, 0x0, 0x0, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x24000801}, 0x4) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) 5.667675379s ago: executing program 0 (id=1625): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file2\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r3, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)={0x4c, r5, 0x1, 0x70bd2b, 0x4000, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0xffffffffffffff28, 0xb, 0xfffffffa}, {0x6}}]}, 0x4c}}, 0x4040000) 3.928395341s ago: executing program 0 (id=1626): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000071117500000000008510000002000000850000002e00000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0xd, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe}, 0x94) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4, 0x0, &(0x7f00000001c0)) 3.927726871s ago: executing program 3 (id=1627): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getgroups(0x449a065a, 0xfffffffffffffffe) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r4, 0x8983, &(0x7f0000000040)={0x3, 'sit0\x00', {0x6}, 0x599}) read$FUSE(r0, &(0x7f0000002280)={0x2020}, 0x2020) 3.675483325s ago: executing program 2 (id=1628): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800714, &(0x7f0000000000)={[{@nobarrier}]}, 0xff, 0x4a5, &(0x7f0000000bc0)="$eJzs3E1oHFUcAPD/bJJ+t4m1VltbjVax+JE06Yc9eFBR8KAg6KEeY7KttdtGkgi2BI0i9SgF7+JR8OjJmxdRDyJ4VfAohaJBaOopMl/pNtlNkzTpttnfDzb73szsvvefeW/zdt7OBNC2etM/ScS2iPg9Irrz7I0b9OZPM9OTw9emJ4eTmJ194+8k2+7q9ORwuWn5uq1F5mAlovJpEs8nC8sdP3/hzFCtVh0r8v0TZ9/rHz9/4ZnTZ4dOVU9Vzw0eP37k8MCzxwaPLjumzQ2WpXFd3fvh6L49r7x16bXhE5fe/umbtFq79+fr6+O4qWsNAmqgN91r/8xm5q97fMmF3R2216WTzhZWhGXpiIj0cHVl/b87OuL6weuOlz9paeWANZX+b9rYfPXULLCOJdHqGgCtUf6jT7//lo/bNPS4I1x5IWJDkZ6ZnhyemYu/MyrF8q41LL83Ik5M/fdl+ojlnocAAFiBbGzzdKPxXyV2Z8/5XMeOYg6lJyLuiYidEXFvROyKiPsism3vj4gH8hfPdi+x/N55+YXjn8rlhnVeJen477m6sd9MXfzFU09Hkduexd+VnDxdqx4q9snB6NqY5gcWKeP7l377vNm6+vFf+kjLL8eCRQUud+Yn6MphaowMTQyt1k648nHE3s5G8SdzMwFpC9gTEXuX99Y7ysTpJ7/e12yjm8e/iFWYZ5r9KuKJ/PhPxbz4S0mT+cm0jR8bPNq/KWrVQ/1lq1jo518vvt6s/FuKfxWkx3/Lje1/3hbd/yb5fG1X1GrVsfHll3Hxj8+afqdZRvufk7b/Dcmb2Zz1L+/kyz4YmpgYG4jYkLya5cvOki0fvP7aMl9un8Z/8EDj/r+zeE0a/4MRkTbi/RE7HoqIh4u6PxIRj0bEgUXi//HFx95dJP4kkmjp8R9p+Pk31/57kvr5+hUkOs788F2zGfOlHf8jMZV91uayz7+bWGoFb3H3AQAAwF2hEhHbIqn05enebVGp9PXlv+HfFVsqtdHxiadOjr5/biS/RqAnuirlma7uuvOhA8lU8Y55frA4V1yuP1ycN/6iY3OW7xserY20OHZod1tv7P9R9v/UXx2trh2w5prPoy1yaQCwLszv/5UW1QO4/ZbyOxrfBWB9atD/G91DA1iH3K8F2lej/v/RvPyC8b8RAqwLC/v/nw1uWQesR8b/0L70f2hf+j+0pVu5rn/lifJigZW/z6YlX+HfLonyjhdrWdbmuL4kKi0Pee0TEfHtHVCN6ljaY25voXU3HAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALiL/R8AAP//bDTlOQ==") r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x4000000}, 0x50) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x40000, 0x0, r0, 0xfff}, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x1c, &(0x7f0000000100)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x6}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xa, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x8}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 3.665006246s ago: executing program 1 (id=1629): prlimit64(0x0, 0xe, &(0x7f0000000480)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000c80)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10) sendto$inet(r3, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10) sendto$inet(r3, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) 2.470149146s ago: executing program 3 (id=1630): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r3, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000440)="ea", 0x1}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="14"], 0x18}, 0xc800) setsockopt$sock_int(r4, 0x1, 0x2a, &(0x7f0000000000), 0x4) recvmmsg(r4, &(0x7f0000001140), 0x74e, 0x0, 0x0) 2.026281152s ago: executing program 0 (id=1631): r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) write$binfmt_misc(r0, &(0x7f00000005c0)="b3f90eb564f1b7d3664e0a0eeed0f3547fd8011ee935cd79f6152bfbd553300b530c35177d5e766726f1a0618db3357b5cd09af5c9fc1baa5fbf92e7a2f97185994536f300d19fb1abf2d34b9e0518e7d713a23666e69e6bd53ec2d812c793c5000000000000000000", 0x69) ioctl$TIOCSTI(r0, 0x5412, 0x0) socket$nl_audit(0x10, 0x3, 0x9) r1 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x82) socket$inet_udp(0x2, 0x2, 0x0) fchdir(r2) write$binfmt_elf32(r2, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fchown(r3, 0x0, 0xee01) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x14e174135c0b87af) 1.762109017s ago: executing program 1 (id=1632): add_key$fscrypt_v1(0x0, &(0x7f0000000080)={'fscrypt:', @desc2}, 0x0, 0x0, 0xffffffffffffffff) syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000180)='./file1\x00', 0x8084, &(0x7f00000001c0)=ANY=[@ANYBLOB="616c6c6f775f7574696d653d30303030303030303030303030303030303030303030372c646f74732c646f74732c6e6f636173652c646f74732c636865636b3d72656c617865642c646f74732c6e6f646f74732c646f74732c0032884758edd2e7a17e3c116a014262927783807ed4e210440ddebdf7d64a629cc9e873202c6d1e1d7dbabad279cb290d8a6c81b9ee715a035afdc5af3e15b932174f56cf4f009847fbc0e187d20fe47e50595251e835b306e05bc51afba211073e289eb499be4d726e3efbbeb1eb175e92b262c4ee4cee83e529784e53c874b73bb376876e2f3b2e667330e12c337d3a8b8cacccd9d86bc4c2f3b8971a79fb8f69af7b1d19592bf6a7186f7d4322045a99eaa207c407ab52aeadaaf1d089c278fccfb2138f"], 0x1, 0x16b, &(0x7f0000000600)="$eJzs20GrElEUB/Azab73avPW0WKgTSupVi2LeEE0UBQualVgbTSE3Eyt/BSt+4JBuGrVDZ3QEkWknJHn77fxwB+958rMXO7AfXPzw6A/Gr8fPZ/GaZZF+0Hk8TOL87gSrahMAgC4TH6kFN9TSulkEmdfI6XUdEcAwL5Z/wHg+Gxd/+831BgAsDf2/wBwfF6+ev30YVFcvMjz04hvk7JX9qrPKn/8pLi4k8+dL781Lctea5HfrfL87/xqXPud31ubd+L2rSqfZY+eFSv59ejvf/oAAABwFLr5wtr9fbe7Ka+qP94PrOzf23GjXds0AIAdjD99HrwdDt99rKE4m4+Y1TvobsWXBv6Wgy1acRBtKLYWs0v2f/9yk08loA7Lm77pTgAAAAAAAAAAAAAAgE3+8ahQJyLWRBGdbScLTmqfKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACz8CgAA//9vQEW+") mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) socket(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) ioctl$BLKIOOPT(r0, 0x1279, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x810, &(0x7f0000000000)={[{@errors_remount}, {@grpquota}]}, 0x8, 0x4fe, &(0x7f0000000a40)="$eJzs3c9vG1kdAPDvTOImm3U3XdgDIGDLslDQqs6P7kYrONC9gNBqJcSKE4duSNwoil1HcVKa0ENy5I5EJU7wJ3DjgNQTB27c4MalHJAqqEANUg9GM54mJoljs03iJv58pPHMe+P4+57t957nJc4LYGhdjYjtiLgUEZ9ExGSRnxRb3Gxv2f2ePrm/sPvk/kISrdbH/0jy81ledPxM5tXiMccj4offi/hJcjhuc3NrZb5Wq64V6an1+upUc3Pr+nJa5MzOzcxNv3/jvdkTq+ub9d8+/u7yhz/6/e++9OhP29/8WVas8s8v5+c663GS2lUvRbkjbzQiPjyNYAMyWrx/OH+y1vaZiHgrb/+TMZK/mv05olkDAOdAqzUZrcnONABw0WXX/+VI0koxF1CONK1U2nN4b8REWms019+ZbGzcWYx8DutKlNLby7XqdDFXeCVKSZaeyY/307MH0jci4vWI+MXYK3m6stCoLQ7ygw8ADLFXD4z//x5rj/8AwAU3PugCAABnzvgPAMPH+A8Aw+f/GP/7/3YgAPBSc/0PAMPH+A8Aw6fn+L9zNuUAAM7EDz76KNtau8X/v168u7nx7fLd64vV5kqlvrFQWWisrVaWGo2lWrWy0Gr1erxao7E68+5esrm5dave2Lizfmu5Pr9UvVUtnXJ9AIDeXn/z4V+SiNj+1iv5Fh1rORir4WJLB10AYGBGBl0AYGB8nweGVx/X+KYB4ILrtZZn1z8RemDxVzivrn3e/D8MK/P/MLw+3fz/d068HMDZM/8Pw6vVSqz5DwBDxhw/8EK//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAhVc63JK3ka4FvZ7dppRJxOSKuRCm5vVyrTkfEaxHx57HSWJaeGXShAYAXlP49Kdb/ujb5dvng2UvJf8byfUT89Fcf//Le/Pr62kyW/8+9/PUHRf7spUFUAADodPNwVnucLvYdF/JPn9xfeL6dZREff9BeXDSLu1ts7TOjMZrvx6MUERP/Sop0W/Z5ZeQE4m/vRMTn9ut/ryNCOZ8Daa98ejB+FvvyKcTff/4Pxk//J36an8v2pfy5+OwJlAWGzcMP2v1k0fayJla0vzSu5vuj2/943kO9uOf93+6h/i/d6/9GDsVP8jZ/dS99fEkev/uH7x/KbE22z+1EfGH0qPjJXvykS//7dp91/OsXv/xWt3OtX0dci6Pjt9XzbnZqvb461dzcur5cn1+qLlXvzM7OzcxNv3/jvdmpfI66ffvHAw//rFjm/rWuz81OxESX+OM96v+1Puv/m2ef/Pgrx8T/xlePfv3fOCZ+NiZ+vc/48xM3uy7fncVf7FL/Xq//O33Gf/S3rcU+7woAnIHm5tbKfK1WXetxkH3W7HUfB+fzILYjXoJi9DpIi7fsy1KeC35wTKeRnlHnBJyq/UY/6JIAAAAAAAAAAAAAAADdNDe3VsbidL9ONOg6AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHH9NwAA//8tM9Id") openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000400)={0x0, 0x0}) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) setpriority(0x2, 0x0, 0xffffffffffffffcd) syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file0\x00', 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="6163746976655f6c6f67733d342c6e6f646973636172642c616c6c6f635f6d6f64653d64656661756c742c6163746976655f6c6f67733d362c6e6f666c7573685f6d657267652c64697361626c655f726f6c6c5f666f72776172642c696e6c696e655f646174612c6673796e635f6d6f64653d706f7369782c686561702c6e6f696e6c696e655f646174612c6e6f657874656e745f63616368652c6d6f64653d61646170746976652c6a71666d743d7666736f6c642c757365725f78617474722c00779cd4f02894cf964d909c186aac251e773b07a2a2349d810b3ec41107242d9e37b999afd91d5fe52bdddd57868a70f0b28523203ce742ef793e984a3e5c4fb9fa37eec6c48714f05711f8f7206ba61dcb3d975e8b544ca8aae49633e3cf0d015e32276cf811c1900db5f8e56ba59a7ec100"/320], 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S") openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0) 807.997213ms ago: executing program 3 (id=1633): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x18}, 0x48) syz_clone(0x498144ee5f626949, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000040)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x800, 0x0, 0x2, 0x1, 0x0, 0x6}, 0x20) 203.664498ms ago: executing program 0 (id=1634): syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000000340)='./bus\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYRES16=0x0, @ANYRESHEX, @ANYBLOB="9f04dcff0e3290a8362c00b30069935f66000000005b8aa6823b2badb585fff1d6b6b31f21a64bc21483140600000000000000aa5a95ec", @ANYRES16, @ANYRES64, @ANYRESHEX], 0x1, 0x14e8, &(0x7f0000002a80)="$eJzs3AuYjVX7MPB1r7UexjRpN8lhWPe6H3YaLJMkOSTJIUmSJMkpIWmSJCEx5JQ0JCHHSXIYQnKYmBjn8/l8aPJKkiSnkLC+S2/vp/ff+139v+/t+7zfNffvutY1655n3/dea9979n6ePdfM912G1mxcq1pDIhL/Fvj7lxQhRIwQYqAQ4iYhRCCEKBdfLv7q8TwKUv69O2F/rSfSr/cK2PXE/c/ZuP85G/c/Z+P+52zc/5yN+5+zcf9zNu4/YznZlumFbuaRcwd//p+T8ft/zsb9z9m4/zkb9z9n4/7nbNz/nI37n7Nx/3M27j9jOdn1/vz5/5+R+7dH7Hqv468d1/npxxhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsh7jgr9FCiH/Mr/e6GGOMMcYYY4wx9tfxua/3ChhjjDHGGGOMMfZ/m/feS6GEFoHIJXKLGJFHxIobRJy4UeQVN4mIuFnEi1tEPnGryC8KiIKikEgQhUURYQQKK0iEoqgoJqLiNlFc3C4SRQlRUpQSTpQWSeIOUUbcKcqKu0Q5cbcoL+4RFURFUUlUFveKKuI+UVXcL6qJB0R1UUPUFLXEg6K2eEjUEQ+LuuIRUU88KuqLx0QD8bhoKJ4QjcSTorF4SjQRT4umoploLlqIlv9H+a+LHuIN0VP0Eimit+gj3hR9RT/RXwwQA8VbYpB4WwwW74hUMUQMFe+KYeI9MVy8L0aIkWKU+ECMFmPEWDFOjBcTRJr4UEwUH4lJ4mMxWUwRU8U0kS6mixniEzFTzBKzxadijvhMzBXzxHyxQGSIz8VCsUhkii/EYrFEZImlYplYLlaIlWKVWC3WiLVinVgvNoiNYpPYLLaIrWKb2C52iJ1il9gt9oi9Yp/YLw6IL0W2+Op/M//8f8nvCgIESJCgQUMuyAUxEAOxEAtxEAd5IS9EIALxEP+PpwsUhIKQAAlQBIoAAgIBQVEoClGIQnEoDomQCCWhJDhwkARJUAbuhLJQFspBOSgP5aECVISKUBkqQxWoAlWhKlSDalAdqkNNqAkPwoPwENSBOlAX6kI9qAf1oT40gAbQEBpCI2gEjaExNIEm0BSaQnNoDi2hJbSCVtAaWkNbaAvtoB20h/aQDMnQATpAR+gInaATdIbO0AW6QFfoBt3gdXgd3oA3oBdUl72hD/SBvtAX+sMAGABvwSB4G96GdyAVhsBQeBfehfdgOJyDETASRsEoqCLHwFgYByQnQBqkwUSYCJNgEkyGKTAFpkE6TIcZMANmwiyYBZ/CHPgMPoN5MA8WQAZkwEJYBJmQCYvhPGTBUlgGy2EFrIQVsBrWwGpYB+thHWyEjbAZNsNW2ArbYTvshJ2wG3bDXtgL+2E/pEI2ZMNBOAiH4BAchsNwBI7AUTgKx+AYHIfjcAJOwEk4BafhFJyFs3AOzsMFuAAX4SJcglcTvm20u8TaVCGv0lLLXDKXjJExMlbGyjgZJ/PKvDIiIzJexst8Mp/ML/PLgrKgTJAJsogsIlGiJBnKorKojMqoLC6Ly0SZKEvKktJJJ5Nkkiwjy8iysqwsJ++W5eU9soKsKNu4yrKyrCLbuqryfllNVpPVZQ1ZU9aStWRtWVvWkXVkXVlX1pP1ZH35mGwge0N/eEJe7UxjOQSayKHQVDaTzWUL+R48I1vJ4dBatpFt5XNyJIyA9rKVS5Yvyg5yLHSUL8tx8IrsLCdAF/ma7Cq7ye7yddlDtnY9ZS85GXrLPnIa9JX9ZH85QM6EGvJqx2rKd2SqHCKHynflAnhPDpfvyxFypBwlP5Cj5Rg5Vo6T4+UEmSY/lBPlR3KS/FhOllPkVDlNpsvpcob8RM6Us+Rs+amcIz+Tc+U8OV8ukBnyc7lQLpKZ8gu5WC6RWXKpXCaXyxVypVwlV8s1cq1cJ9fLDXKj3CQ3yy1yq9wmt8sdcqfcJXfLPXKv3Cf3ywPyS5ktv5IH5d/kIfm1PCy/kUfkt/Ko/E4ek9/L4/IHeUL+KE/KU/K0PCPPyp/kOYC//xTLX+QleVlekVdf+kFJpZRWgcqlcqsYlUfFqhtUnLpR5VU3qYi6WcWrW1Q+davKrwqogqqQSlCFVRFlFCqrSIWqqCqmouo2VVzdrhJVCVVSlVJOlVZJ6g5VRt2pyqq7VDl1tyqv7lEVVEVVSVVW96oq6j5VVd2vqqkHVHVVQ9VUtdSDqrZ6SNVRD6u66hFVTz2q6qvHVAP1uGqonlCN1JOqsXpKNVFPq6aqmWquWqiW6hnVSj2rWqs2qq16TrVTz6v26gWVrF5UHdRLqqN6WXVSr6jO6lXVRb2muqpuqru6rK4or3qqXipF9VZ91Juqr+qn+qsBaqB6Sw1Sb6vB6h2VqoaooepdNUy9p4ar99UINVKNUh+o0WqMGqvGqfFqgkpTH6qJ6iM1SX2sJqspaqqaptLVdNX/t0qz/xv5H/2L/MG/3vtmtUVtVdvUdrVD7VS71G61R+1R+9Q+dUAdUNkqWx1UB9UhdUgdVofVEXVEHVVH1TF1TB1Xx9UJdUKdVKfUz+qMOqt+UufUeXVe/awuqovq0m+PgdCgpVZa60Dn0rl1jM6jY/UNOk7fqPPqm3RE36zj9S06n75V59cFdEFdSCfowrqINhq11aRDXVQX01F9my6ub9eJuoQuqUtpp0vrJH3Hv53/Z+trqVvqVrqVbq1b67a6rW6n2+n2ur1O1sm6g+6gO+qOupPupDvrzrqL7qK76q66u+6ue+geuqfuqVN0iu6j39R9dT/dXw/QA/VbepAepAfrwTpVp+qheqgepofp4Xq4HqFH6FF6lB6tR+uxeqwer8frNJ2mJ+qJepKepCfryXqqnqrTdbqeoWfomXqmnq1n6zl6jp6r5+r5er7O0Bl6oV6oM3WmXqwX6yy9VC/Vy/VyvVKv1Kv1ar1Wr9Xr9Xq9UW/UWXqL3qK36W16h96hd+ldeo/eo/fpffqAPqCzdbY+qA/qQ/qQPqwP6yP6iD6qj+pj+pg+ro/rE/qEPqlP6tP6tD6rz+pz+py+oC/oi/qivqQv6Sv6ytXTvkAGMtCBDnIFuYKYICaIDWKDuCAuyBvkDSJBJIgP4oN8wa1B/qBAUDAoFCQEhYMigQkwsAEFYVA0KBZEg9uC4sHtQWJQIigZlApcUDpICu4IygR3BmWDu4Jywd1B+eCeoEJQMagUVA7uDaoE9wVVg/uDasEDQfWgRlAzqBU8GNQOHgrqBA8HdYNHgnrBo0H94LGgQfB40DB4ImgUPBk0Dp4KmgRPB02DZkHzoEXQ8i+t7/25As+6nqaXSTG9TR/zpulr+pn+ZoAZaN4yg8zbZrB5x6SaIWaoedcMM++Z4eZ9M8KMNKPMB2a0GWPGmnFmvJlg0syHZqL5yEwyH5vJZoqZaqaZdDPdzDCfmJlmlpltPjVzzGdmrpln5psFJsN8bhaaRSbTfGEWmyUmyyw1y8xys8KsNKvMarPGrDXrzHqzwWw0m8xms8VsNdvMdrPD7DS7zG6zx+w1+8x+c8B8abLNV+ag+ZuR4mtz2HxjjphvzVHznTlmvjfHzQ/mhPnRnDSnzGlzxpw1P5lz5ry5YH42F80v5pK5bK4Yf/Xk/urbO2rUmAtzYQzGYCzGYhzGYV7MixGMYDzGYz7Mh/kxPxbEgpiACVgEi+BVhIRFsShGMYrFsTgmYiKWxJLo0GESJmEZLINlsSyWw3JYHstjBayAlbAS3ov34n14H96P9+MD+ADWwBpYC2thbayNdbAO1sW6WA/rYX2sjw2wATbEhtgIG2FjbIxNsAk2xabYHJtjS2yJrbAVtsbW2BbbYjtsh+2xPSZjMnbADtgRO2In7ISdsTN2wS7YFbtid+yOPbAH9sSemIIp2Af7YF/si/2xPw7EgTgIB+FgHIypmIpDcSgOw2E4HIfjCByJo/ADHI1jcCyOw/E4AdMwDSfiRJyEk3AyTsapOBXTMR1n4AyciTNxNs7GOTgH5+JcnI/zMQMzcCEuxEzMxMW4GLMwC5fhMlyBK3AVrsI1uAbX4TrcgBtwE27CLbgFt+E23IE7cBfuwj24B/fhPjyABzAbs/EgHsRDeAgP42E8gkfwKB7FY3gMj+NxPIEn8CSexNN4Gs/iWTyH5/ACXsCL+Atewst4BT3G2Dw21t5g4+yNNq+9yf7XuKAtZBNsYVvEGpvfFvinGK21ibaELWlLWWdL2yR7xx/iCrairWQr23ttFXufrfqHuLZ9yNaxD9u69hFbyz74T3E9+6itb5+yDezTtqFtZhvZFraxfco2sU/bpraZbW5b2Hb2edvevmCT7Yu2g33pD/FCu8iusWvtOrve7rP77QX7sz1mv7cX7S+2p+1lB9q37CD7th1s37Gpdsgf4lH2AzvajrFj7Tg73k74QzzVTrPpdrqdYT+xM+2sP8QZ9nM7x2bauXaenW8X/BpfXVOm/cIutktsll1ql9nldoVdaVfZ1f9zrcvtRrvJbrZ77F67zW63O+xOu8vu/jW+uo8D9kubbb+yR+139pD92h62x+0R++2v8dX9Hbc/2BP2R3vSnrKn7Rl71v5kz9nzv+7/6t7P2Mv2ivVWEJAkRZoCykW5KYbyUCzdQHF0I+WlmyhCN1M83UL56FbKTwWoIBWiBCpMRcgQkiWikIpSMYrSbVScbqdEKkElqRQ5Kk1JdAeVoTupLN1F5ehuKk/3UAWqSJWoMt1LVeg+qkr3UzV6gKpTDapJtehBqk0PUR16mOrSI1SPHqX69Bg1oMepIT1BjehJakxPURN6mppSM2pOLaglPUOt6FlqTW2oLT1H7eh5ak8vUDK9SB3oJepIL1MneoU606vUhV6jrtSNutPr1IPeoJ7Ui1KoN/WhN6kv9aP+NIAG0ls0iN6mwfQOpdIQGkrv0jB6j4bT+zSCRtIo+oBG0xgaS+NoPE2gNPqQJtJHNIk+psk0habSNEqn6TSDPqGZNItm06c0hz6juTSP5tMCyqDPaSEtokz6ghbTEsqipbSMltMKWkmraDWtobW0jtbTBtpIm2gzbaGttI220w7aSbtoN+2hvbSP9tMB+pKy6Ss6SH+jQ/Q1HaZv6Ah9S0fpOzpG39Nx+oFO0I90kk7RaTpDZ+knOkfn6QL9TBfpF7pEl+kKeRIhhDJUoQ6DMFeYO4wJ84Sx4Q1hXHhjmDe8KYyEN4fx4S1hvvDWMH9YICwYFgoTwsJhkdCEGNqQwjAsGhYLo+FtYfHw9jAxLBGWDEuFLiwdJoV3hGXCO8Oy4V1hufDusHx4T1ghrBg+9Ujl8N6wSnhfWDW8P6wWPhBWD2uENcNa4YNh7fChsE74cFg3fCQsGz4a1g8fCxuEj4cNwyfCRuGTYePwqbBJ+HTYNGwWNg9bhC3DZ8JW4bNh67BN2DZ8LmwXPh+2D18Ik8MXww7hS396PCXsHfYJ3wzfDL1/WM2PLohmRD+PLowuimZGv4guji6JZkWXRpdFl0dXRFdGV0VXR9dE10bXRddHN0Q3RjdFN0e9r5VbOHDSKadd4HK53C7G5XGx7gYX5250ed1NLuJudvHuFpfP3eryuwKuoCvkElxhV8QZh846cqEr6oq5qLvNFXe3u0RXwpV0pZxzpV2Sa+FaupaulXvWtXZtXFv3nHvOPe+edy+4F9yLroN7yXV0L7tO7hXX2b3qXnWvua6um+vuXnc93Buup+vlUlyK6+P6uL6ur+vv+ruBbqAb5Aa5wW6wS3Wpbqgb6oa5YW64G+5GuBFulBvlRrvRbqwb68a78S7NpbmJbqKb5Ca5yW6ym+qmunSX7ma4GW6mm+lmu9luTuIcN9fNdfPdfJfhMtxCt9Bluky32C12WS7LLXPL3Aq3wq1yq9wat8atc+vcBrfBbXKb3Ba3xW1z29wOt8PtcrvcHrfH7XP73AF3wGW7bHfQHXSH3CF32H3jjrhv3VH3nTvmvnfH3Q/uhPvRnXSn3Gl3xp11P7lz7ry74H52F90v7pK77K4479IiH0YmRj6KTIp8HJkcmRKZGpkWSY9Mj8yIfBKZGZkVmR35NDIn8llkbmReZH5kQSQj8nlkYWRRJDPyRWRxZEkkK7I0siyyPLIisjLifeFtoS/qi/mov80X97f7RF/Cl/SlvPOlfZK/w5fxd/qy/i5fzt/ty/t7fAVf0VfyT/umvplv7lv4lv4Z38o/61v7Nr6tf86388/79v4Fn+xf9B38S76jf9l38q/4zv5V38W/5rv6br67f9338G/4nr6XT/G9fR//pu/r+/n+foAf6N/yg/zbfrB/x6f6IX6of9cP8+/54f59P8KP9KP8B360H+PH+nF+vJ/g0/yHfqL/yE/yH/vJfoqf6qf5dD/dz/Cf+Jl+lp/tP/Vz/Gd+rp/n5/sFPsN/7hf6RT7Tf+EX+yU+yy/1y/xyv8Kv9Kv8ar/Gr/Xr/Hq/wW/0m/xmv8Vv9dv8dr/D7/S7/G6/x+/1+/x+f8B/6bP9V/6g/5s/5L/2h/03/oj/1h/13/lj/nt/3P/gT/gf/Ul/yp/2Z/xZ/5M/58/7C/5nf9H/4i/5y/4K/80aY4wxxth/y8A/Od77X3xP/jau6iOEuHF7oSO/P66EEBvy/33eTya0iwghXuzV5Yl/jOrVU1JSfrttlhJBsXlCiMi1/FziWrxUtBXPi2TRRpQR//j11e/1k90u0p/Uj94tROzvcmLEtfha/Tv/5f77yTFz/rT+PCESi13LySOuxdfql/1f1C/Q6k/q5/k6TYjWv8uJE9fia/WTxLPiJZH8T7dkjDHGGGOMMcb+rp+s1OnPrm+vXp8n6Gs5ucW1+PfX54wxxhhjjDHGGPvP9Eq37i88k5zcphNP/hMnu7lNPLk+k+v8wsQYY4wxxhj7y1076b/eK2GMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxnKu/xf/Tux675ExxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhi73v5HAAAA///WVjBL") r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) 191.737489ms ago: executing program 2 (id=1635): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r1 = socket$inet6(0xa, 0x3, 0x20) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1}, 0x1c) bind$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1}, 0x18) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0xfffffffffffffffd, &(0x7f0000000340)={0xffffffffffffffff}, 0x13f, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000080)={0xe, 0x18, 0xfa00, @id_tos={0x0, r2, 0x0, 0x3000000}}, 0x20) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r3, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000001240)={0x24, 0x2, 0x1, 0x801, 0x0, 0x0, {0x2, 0x0, 0x9}, [@CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x3}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008844}, 0x20000080) r4 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0) keyctl$describe(0x6, 0x0, 0x0, 0x0) mq_notify(r4, &(0x7f0000000100)={0x0, 0x10}) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r5, &(0x7f0000000040)={0x0, 0xfffffffffffffe38, &(0x7f0000000100)=[{&(0x7f00000006c0)="5c00000012006bcd9e3fe3dc6e48aa31086b8703130000001f03000000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) mq_notify(r4, &(0x7f0000000180)={0x0, 0x2e, 0x0, @thr={0x0, 0x0}}) 190.014839ms ago: executing program 4 (id=1636): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05000000810000000200000009"], 0x48) bpf$MAP_DELETE_BATCH(0x18, &(0x7f0000000080)={0x0, &(0x7f0000001640)=""/233, &(0x7f0000000740), &(0x7f00000004c0), 0x5, r0}, 0x38) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x101, 0xaec4, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x10000000000, 0x2000000, 0x20000, 0x1c, 0x0, 0x5, 0x1], 0x0, 0x41981}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 82.710515ms ago: executing program 4 (id=1637): prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) madvise(&(0x7f00002e5000/0x400000)=nil, 0x400000, 0xf) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) ptrace$pokeuser(0x6, r3, 0x388, 0x41d9fda7) 0s ago: executing program 1 (id=1638): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000008000000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f) syz_usb_connect(0x2, 0x0, 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) bind$inet6(r2, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c) sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) readv(r2, &(0x7f0000000500)=[{&(0x7f0000000640)=""/4096, 0x19fb8}], 0x1) kernel console output (not intermixed with test programs): ady [ 73.385239][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 73.393986][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 73.402428][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 73.410421][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 73.426988][ T4185] device veth0_macvtap entered promiscuous mode [ 73.440525][ T4193] device veth0_vlan entered promiscuous mode [ 73.455014][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 73.465432][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 73.487556][ T4193] device veth1_vlan entered promiscuous mode [ 73.497011][ T4186] device veth1_vlan entered promiscuous mode [ 73.507698][ T4185] device veth1_macvtap entered promiscuous mode [ 73.519139][ T4187] device veth1_vlan entered promiscuous mode [ 73.528933][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 73.538428][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 73.547781][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 73.558714][ T4191] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.622033][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.633001][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 73.644790][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 73.653910][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 73.664287][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 73.673632][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 73.683118][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 73.703140][ T4193] device veth0_macvtap entered promiscuous mode [ 73.714029][ T4186] device veth0_macvtap entered promiscuous mode [ 73.730806][ T4187] device veth0_macvtap entered promiscuous mode [ 73.747768][ T4187] device veth1_macvtap entered promiscuous mode [ 73.758499][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.767929][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 73.777009][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 73.786235][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 73.796364][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 73.805557][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 73.814823][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 73.824963][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 73.834533][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 73.843748][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 73.852969][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 73.862608][ T4186] device veth1_macvtap entered promiscuous mode [ 73.884874][ T4193] device veth1_macvtap entered promiscuous mode [ 73.905834][ T4185] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.916581][ T4185] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.927200][ T4185] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.936142][ T4185] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.955989][ T4191] device veth0_vlan entered promiscuous mode [ 73.964575][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.976052][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.988294][ T4187] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.006704][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 74.014985][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 74.023443][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 74.032242][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 74.041694][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 74.050571][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.059398][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 74.068660][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 74.099009][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.111534][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.124463][ T4187] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.134209][ T4186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.150090][ T4186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.161955][ T4186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.173082][ T4186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.185808][ T4186] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.197641][ T4186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.208942][ T4186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.220505][ T7] Bluetooth: hci2: command 0x040f tx timeout [ 74.220517][ T4186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.227602][ T7] Bluetooth: hci3: command 0x040f tx timeout [ 74.242452][ T4186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.255545][ T4186] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.267579][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.277168][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.286472][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 74.295752][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.304546][ T7] Bluetooth: hci4: command 0x040f tx timeout [ 74.308567][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.311009][ T7] Bluetooth: hci1: command 0x040f tx timeout [ 74.311239][ T7] Bluetooth: hci0: command 0x040f tx timeout [ 74.332042][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.344108][ T4187] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.353821][ T4187] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.364050][ T4187] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.373143][ T4187] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.386255][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.397215][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.407676][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.419610][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.429721][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.440656][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.452372][ T4193] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.460669][ T4191] device veth1_vlan entered promiscuous mode [ 74.473677][ T4186] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.482989][ T4186] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.492543][ T4186] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.502189][ T4186] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.527154][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 74.535642][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 74.546561][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.557856][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.569153][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.585450][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.596270][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.606235][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.617229][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.629875][ T4193] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.665906][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.675709][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.687653][ T4193] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.698876][ T4193] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.708543][ T4193] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.717581][ T4193] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.854390][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.868241][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 74.878525][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.887720][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.905147][ T4191] device veth0_macvtap entered promiscuous mode [ 74.920855][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 74.929141][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 74.968186][ T4191] device veth1_macvtap entered promiscuous mode [ 75.001625][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.009643][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.034740][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.054340][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.064971][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.075978][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.086826][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.097621][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.109437][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.120405][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.133343][ T4191] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.147321][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.158116][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.161755][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.176701][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.185768][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.197357][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.207705][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.218495][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.228799][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.240183][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.252276][ T4191] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.266351][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 75.282005][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 75.290299][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 75.298380][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 75.307731][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 75.316705][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 75.325685][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 75.363521][ T4191] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.373291][ T4191] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.382542][ T4191] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.392247][ T4191] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.423014][ T3069] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.423251][ T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.442843][ T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.466007][ T3069] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.475489][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 75.487894][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 75.500567][ T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.509889][ T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.546520][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 75.597710][ T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.612050][ T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.638276][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.659749][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.681627][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 75.707798][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 75.754545][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.780937][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.807617][ T26] audit: type=1326 audit(1769393250.110:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4301 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f821f889cb9 code=0x7ffc0000 [ 75.894597][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 75.920481][ T26] audit: type=1326 audit(1769393250.150:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4301 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f821f889cb9 code=0x7ffc0000 [ 75.924969][ T4302] loop1: detected capacity change from 0 to 512 [ 75.992039][ T26] audit: type=1326 audit(1769393250.150:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4301 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f821f889cb9 code=0x7ffc0000 [ 76.015156][ T26] audit: type=1326 audit(1769393250.150:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4301 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f821f889cb9 code=0x7ffc0000 [ 76.049732][ T4305] bridge0: port 3(vxlan0) entered blocking state [ 76.065077][ T26] audit: type=1326 audit(1769393250.150:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4301 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f821f889cb9 code=0x7ffc0000 [ 76.097065][ T4302] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 76.100767][ T4305] bridge0: port 3(vxlan0) entered disabled state [ 76.132691][ T26] audit: type=1326 audit(1769393250.150:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4301 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=104 compat=0 ip=0x7f821f889cb9 code=0x7ffc0000 [ 76.177332][ T4305] device vxlan0 entered promiscuous mode [ 76.234271][ T26] audit: type=1326 audit(1769393250.150:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4301 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f821f889cb9 code=0x7ffc0000 [ 76.300425][ T4174] Bluetooth: hci3: command 0x0419 tx timeout [ 76.307284][ T4174] Bluetooth: hci2: command 0x0419 tx timeout [ 76.352220][ T4302] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3887: comm syz.1.2: Allocating blocks 41-42 which overlap fs metadata [ 76.409357][ T26] audit: type=1326 audit(1769393250.150:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4301 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f821f889cb9 code=0x7ffc0000 [ 76.440179][ T26] audit: type=1326 audit(1769393250.150:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4301 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f821f889cb9 code=0x7ffc0000 [ 76.471502][ T4174] Bluetooth: hci0: command 0x0419 tx timeout [ 76.486957][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.497135][ T4302] Quota error (device loop1): write_blk: dquota write failed [ 77.346112][ T4174] Bluetooth: hci1: command 0x0419 tx timeout [ 77.352411][ T4174] Bluetooth: hci4: command 0x0419 tx timeout [ 77.397686][ T4319] loop4: detected capacity change from 0 to 4096 [ 77.470403][ T4302] EXT4-fs error (device loop1): ext4_acquire_dquot:6234: comm syz.1.2: Failed to acquire dquot type 1 [ 77.475288][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.516523][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 77.534648][ T4302] EXT4-fs error (device loop1): mb_free_blocks:1876: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 77.584005][ T4302] EXT4-fs error (device loop1): ext4_do_update_inode:5222: inode #12: comm syz.1.2: corrupted inode contents [ 77.606477][ T4302] EXT4-fs error (device loop1): ext4_dirty_inode:6058: inode #12: comm syz.1.2: mark_inode_dirty error [ 78.690768][ T4302] EXT4-fs error (device loop1): ext4_do_update_inode:5222: inode #12: comm syz.1.2: corrupted inode contents [ 78.691897][ T4302] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #12: comm syz.1.2: mark_inode_dirty error [ 78.692636][ T4302] EXT4-fs error (device loop1): ext4_do_update_inode:5222: inode #12: comm syz.1.2: corrupted inode contents [ 78.706501][ T4302] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem [ 78.708298][ T4302] EXT4-fs error (device loop1): ext4_do_update_inode:5222: inode #12: comm syz.1.2: corrupted inode contents [ 78.708765][ T4302] EXT4-fs error (device loop1): ext4_truncate:4279: inode #12: comm syz.1.2: mark_inode_dirty error [ 78.709099][ T4302] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem [ 78.718216][ T4302] EXT4-fs (loop1): 1 truncate cleaned up [ 78.718263][ T4302] EXT4-fs (loop1): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000800000,noblock_validity,inode_readahead_blks=0x0000000000200000,resgid=0x0000000000000000,noinit_itable,quota,noauto_da_alloc,sysvgroups,resgid=0x00000000000000002,errors=continue. Quota mode: writeback. [ 78.919641][ T4339] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 81.091154][ T4352] loop1: detected capacity change from 0 to 2048 [ 81.105709][ T4364] netlink: 12 bytes leftover after parsing attributes in process `syz.3.16'. [ 81.287679][ T4352] loop1: p1 < > p4 [ 81.391943][ T4352] loop1: p4 size 8388608 extends beyond EOD, truncated [ 82.594761][ T4298] udevd[4298]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 82.614970][ T4322] udevd[4322]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 82.669877][ T4367] ODEBUG: Out of memory. ODEBUG disabled [ 83.693203][ T4322] udevd[4322]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 83.781527][ T4322] udevd[4322]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 84.079568][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 84.284318][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 84.386791][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 84.591364][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #140!!! [ 85.317577][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 85.873179][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 85.882551][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 85.891677][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 85.916549][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 85.925772][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!! [ 86.230400][ T4414] ip6t_rpfilter: unknown options [ 86.922300][ T13] cfg80211: failed to load regulatory.db [ 87.168941][ T4416] device bond_slave_0 entered promiscuous mode [ 87.175548][ T4416] device bond_slave_1 entered promiscuous mode [ 87.361613][ T4416] device vlan2 entered promiscuous mode [ 87.367231][ T4416] device bond0 entered promiscuous mode [ 89.872199][ T4436] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 91.297797][ T4461] netlink: 'syz.2.44': attribute type 6 has an invalid length. [ 92.286189][ T4468] batman_adv: batadv0: Adding interface: dummy0 [ 92.294023][ T4468] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.325171][ T4468] batman_adv: batadv0: Interface activated: dummy0 [ 93.169856][ T4468] batadv0: mtu less than device minimum [ 93.243540][ T4468] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 93.256500][ T4468] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 93.269123][ T4468] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 93.281718][ T4468] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 93.294239][ T4468] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 93.306766][ T4468] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 93.319272][ T4468] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 93.331831][ T4468] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 93.344336][ T4468] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 95.161859][ T4498] Illegal XDP return value 4294967294, expect packet loss! [ 95.407839][ T4504] "syz.4.58" (4504) uses obsolete ecb(arc4) skcipher [ 95.469106][ T4478] loop2: detected capacity change from 0 to 512 [ 95.534006][ T4478] ======================================================= [ 95.534006][ T4478] WARNING: The mand mount option has been deprecated and [ 95.534006][ T4478] and is ignored by this kernel. Remove the mand [ 95.534006][ T4478] option from the mount to silence this warning. [ 95.534006][ T4478] ======================================================= [ 95.823751][ T4512] kvm: pic: level sensitive irq not supported [ 95.824096][ T4512] kvm: pic: non byte write [ 95.840682][ T4512] kvm: pic: single mode not supported [ 95.858126][ T4478] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 95.875652][ T4515] loop0: detected capacity change from 0 to 1024 [ 95.904698][ T4515] hfsplus: unable to find HFS+ superblock [ 95.929277][ T4478] ext4 filesystem being mounted at /9/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 95.951717][ T4506] loop1: detected capacity change from 0 to 8192 [ 96.125825][ T4506] tipc: Started in network mode [ 96.173803][ T4506] tipc: Node identity 4, cluster identity 4711 [ 96.226011][ T4506] tipc: Node number set to 4 [ 100.235804][ T4576] netlink: 8 bytes leftover after parsing attributes in process `syz.2.77'. [ 100.399035][ T4567] loop4: detected capacity change from 0 to 32768 [ 101.378195][ T4590] netlink: 4 bytes leftover after parsing attributes in process `syz.1.83'. [ 101.593027][ T4594] loop4: detected capacity change from 0 to 256 [ 101.609145][ T4597] loop3: detected capacity change from 0 to 256 [ 101.615929][ T21] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 101.679310][ T4599] process 'syz.0.88' launched './file0' with NULL argv: empty string added [ 101.701155][ T4594] FAT-fs (loop4): Unrecognized mount option "shor†name=mixed" or missing value [ 101.715502][ T4597] FAT-fs (loop3): Directory bread(block 64) failed [ 101.727859][ T4597] FAT-fs (loop3): Directory bread(block 65) failed [ 101.744490][ T4597] FAT-fs (loop3): Directory bread(block 66) failed [ 101.761183][ T4597] FAT-fs (loop3): Directory bread(block 67) failed [ 101.774392][ T4597] FAT-fs (loop3): Directory bread(block 68) failed [ 101.781741][ T4597] FAT-fs (loop3): Directory bread(block 69) failed [ 101.788596][ T4597] FAT-fs (loop3): Directory bread(block 70) failed [ 101.812800][ T4597] FAT-fs (loop3): Directory bread(block 71) failed [ 101.827099][ T4597] FAT-fs (loop3): Directory bread(block 72) failed [ 101.843807][ T4597] FAT-fs (loop3): Directory bread(block 73) failed [ 101.890767][ T21] usb 3-1: Using ep0 maxpacket: 8 [ 103.591960][ T21] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 103.609163][ T21] usb 3-1: config 0 has no interfaces? [ 103.630038][ T21] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 103.667973][ T21] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.825599][ T21] usb 3-1: config 0 descriptor?? [ 104.581380][ T21] usb 3-1: USB disconnect, device number 2 [ 106.114022][ T4647] loop0: detected capacity change from 0 to 16 [ 106.152961][ T4647] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 106.359952][ C0] sched: RT throttling activated [ 107.712495][ T4670] Zero length message leads to an empty skb [ 111.729433][ T4706] netlink: 4 bytes leftover after parsing attributes in process `syz.2.120'. [ 111.960139][ T4242] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 112.157419][ T4726] netlink: 'syz.3.126': attribute type 21 has an invalid length. [ 112.174299][ T4726] netlink: 132 bytes leftover after parsing attributes in process `syz.3.126'. [ 112.193303][ T4726] netlink: 'syz.3.126': attribute type 1 has an invalid length. [ 112.204975][ T4726] netlink: 12 bytes leftover after parsing attributes in process `syz.3.126'. [ 112.223285][ T4726] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add() [ 112.350351][ T4242] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 112.364141][ T4242] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 112.379038][ T4242] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 112.388749][ T4242] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.407980][ T4242] usb 2-1: config 0 descriptor?? [ 112.441246][ T4733] loop3: detected capacity change from 0 to 64 [ 112.459669][ T4242] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 112.964522][ T26] kauditd_printk_skb: 12 callbacks suppressed [ 112.964538][ T26] audit: type=1326 audit(1769393287.270:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4739 comm="syz.0.131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 113.028491][ T26] audit: type=1326 audit(1769393287.270:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4739 comm="syz.0.131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 113.083366][ T26] audit: type=1326 audit(1769393287.270:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4739 comm="syz.0.131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 113.114477][ T26] audit: type=1326 audit(1769393287.270:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4739 comm="syz.0.131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 113.145854][ T26] audit: type=1326 audit(1769393287.270:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4739 comm="syz.0.131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 113.180172][ T26] audit: type=1326 audit(1769393287.270:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4739 comm="syz.0.131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 113.238930][ T26] audit: type=1326 audit(1769393287.270:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4739 comm="syz.0.131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 113.268819][ T26] audit: type=1326 audit(1769393287.270:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4739 comm="syz.0.131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 113.359178][ T26] audit: type=1326 audit(1769393287.270:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4739 comm="syz.0.131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 113.499640][ T26] audit: type=1326 audit(1769393287.270:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4739 comm="syz.0.131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 114.090391][ T4303] usb 2-1: USB disconnect, device number 2 [ 118.196951][ T4778] loop1: detected capacity change from 0 to 4096 [ 118.289670][ T4778] NILFS (loop1): unrecognized mount option "01777777777777777777777" [ 119.390218][ T4196] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 119.840053][ T4196] usb 2-1: Using ep0 maxpacket: 32 [ 120.200836][ T4196] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 120.258029][ T4196] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 120.767649][ T4796] orangefs_mount: mount request failed with -4 [ 120.856819][ T26] kauditd_printk_skb: 8 callbacks suppressed [ 120.856834][ T26] audit: type=1326 audit(1769393295.160:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4797 comm="syz.2.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f628fd9bcb9 code=0x7ffc0000 [ 120.936996][ T4196] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 120.951021][ T4196] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.960399][ T26] audit: type=1326 audit(1769393295.160:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4797 comm="syz.2.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f628fd9bcb9 code=0x7ffc0000 [ 121.006936][ T4196] usb 2-1: config 0 descriptor?? [ 121.064236][ T26] audit: type=1326 audit(1769393295.200:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4797 comm="syz.2.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f628fd9bcb9 code=0x7ffc0000 [ 121.089567][ T4196] hub 2-1:0.0: USB hub found [ 121.160913][ T26] audit: type=1326 audit(1769393295.200:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4797 comm="syz.2.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f628fd9bcb9 code=0x7ffc0000 [ 121.190884][ T26] audit: type=1326 audit(1769393295.200:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4797 comm="syz.2.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f628fd9bcb9 code=0x7ffc0000 [ 121.239473][ T26] audit: type=1326 audit(1769393295.200:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4797 comm="syz.2.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f628fd9bcb9 code=0x7ffc0000 [ 121.298380][ T4791] netlink: 5 bytes leftover after parsing attributes in process `syz.1.146'. [ 121.350273][ T4196] hub 2-1:0.0: config failed, can't read hub descriptor (err -90) [ 121.472309][ T26] audit: type=1326 audit(1769393295.200:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4797 comm="syz.2.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f628fd9bcb9 code=0x7ffc0000 [ 121.507585][ T26] audit: type=1326 audit(1769393295.200:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4797 comm="syz.2.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f628fd9bcb9 code=0x7ffc0000 [ 121.535173][ T26] audit: type=1326 audit(1769393295.200:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4797 comm="syz.2.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f628fd9bcb9 code=0x7ffc0000 [ 122.472453][ T26] audit: type=1326 audit(1769393295.200:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4797 comm="syz.2.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f628fd9bcb9 code=0x7ffc0000 [ 122.658383][ T4817] syz.1.153 uses obsolete (PF_INET,SOCK_PACKET) [ 123.310140][ T4196] usbhid 2-1:0.0: can't add hid device: -71 [ 123.390989][ T4196] usbhid: probe of 2-1:0.0 failed with error -71 [ 123.509507][ T4831] netlink: 'syz.2.159': attribute type 1 has an invalid length. [ 123.612061][ T4196] usb 2-1: USB disconnect, device number 3 [ 123.727367][ T4831] device bond1 entered promiscuous mode [ 123.832609][ T4833] bond1: (slave ip6gretap1): making interface the new active one [ 123.842734][ T4833] device ip6gretap1 entered promiscuous mode [ 123.870018][ T4833] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 123.879898][ T4838] netlink: 28 bytes leftover after parsing attributes in process `syz.2.159'. [ 124.011185][ T4838] device bond1 left promiscuous mode [ 124.041617][ T4847] loop0: detected capacity change from 0 to 2048 [ 124.050090][ T4838] device ip6gretap1 left promiscuous mode [ 124.057744][ T4838] 8021q: adding VLAN 0 to HW filter on device bond1 [ 124.084686][ T4849] device geneve2 entered promiscuous mode [ 124.136477][ T4322] Alternate GPT is invalid, using primary GPT. [ 124.148755][ T4322] loop0: p2 p3 p7 [ 125.035830][ T4854] 9pnet: p9_errstr2errno: server reported unknown error 0x000000000000000a [ 125.126672][ T4847] Alternate GPT is invalid, using primary GPT. [ 125.141103][ T4847] loop0: p2 p3 p7 [ 125.279276][ T4861] block device autoloading is deprecated and will be removed. [ 125.294455][ T4322] udevd[4322]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 125.311949][ T4298] udevd[4298]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 125.325300][ T4321] udevd[4321]: inotify_add_watch(7, /dev/loop0p7, 10) failed: No such file or directory [ 125.435980][ T4298] udevd[4298]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 125.449548][ T4321] udevd[4321]: inotify_add_watch(7, /dev/loop0p7, 10) failed: No such file or directory [ 125.462604][ T4322] udevd[4322]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 125.525611][ T4863] 8021q: adding VLAN 0 to HW filter on device bond1 [ 125.642665][ T4871] 8021q: adding VLAN 0 to HW filter on device bond1 [ 125.653337][ T4871] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 125.672256][ T4871] bond1: (slave vxcan3): Error -22 calling dev_set_mtu [ 126.350144][ T4863] device macvlan2 entered promiscuous mode [ 126.395439][ T4863] device bond1 entered promiscuous mode [ 126.407989][ T4863] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 126.416978][ T4863] device bond1 left promiscuous mode [ 126.427903][ T4888] loop0: detected capacity change from 0 to 16 [ 126.458426][ T4888] erofs: (device loop0): mounted with root inode @ nid 36. [ 126.483651][ T4878] net_ratelimit: 11 callbacks suppressed [ 126.483662][ T4878] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 126.557480][ T4892] erofs: (device loop0): init_inode_xattrs: xattr_isize 12 of nid 46 is not supported yet [ 126.746440][ T4903] sctp: [Deprecated]: syz.4.178 (pid 4903) Use of struct sctp_assoc_value in delayed_ack socket option. [ 126.746440][ T4903] Use struct sctp_sack_info instead [ 126.766874][ T26] kauditd_printk_skb: 120 callbacks suppressed [ 126.766890][ T26] audit: type=1804 audit(1769393301.070:169): pid=4901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.177" name="bus" dev="ramfs" ino=34691 res=1 errno=0 [ 126.836751][ T4905] device vlan2 entered promiscuous mode [ 126.850238][ T26] audit: type=1804 audit(1769393301.080:170): pid=4901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.177" name="bus" dev="ramfs" ino=34691 res=1 errno=0 [ 126.871390][ T4905] netlink: 4 bytes leftover after parsing attributes in process `syz.3.180'. [ 128.322742][ T4924] netlink: 4 bytes leftover after parsing attributes in process `syz.1.184'. [ 128.480207][ T4924] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 128.487878][ T4924] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 128.561996][ T4924] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 129.541343][ T4924] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 130.240039][ T4303] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 130.322979][ T4992] netlink: 'syz.2.192': attribute type 27 has an invalid length. [ 131.040421][ T4303] usb 5-1: Using ep0 maxpacket: 32 [ 131.192969][ T4303] usb 5-1: config 4 has an invalid descriptor of length 49, skipping remainder of the config [ 131.243799][ T4303] usb 5-1: config 4 has 0 interfaces, different from the descriptor's value: 9 [ 131.470722][ T4303] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 131.493484][ T4303] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 131.536125][ T4303] usb 5-1: Product: syz [ 131.589604][ T4303] usb 5-1: Manufacturer: syz [ 131.613916][ T4303] usb 5-1: SerialNumber: syz [ 132.246211][ T4992] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.254948][ T4992] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.786984][ T5016] binder: 5015:5016 ioctl c0306201 0 returned -14 [ 132.865657][ T5018] sctp: [Deprecated]: syz.0.198 (pid 5018) Use of int in max_burst socket option. [ 132.865657][ T5018] Use struct sctp_assoc_value instead [ 132.921551][ T4303] usb 5-1: USB disconnect, device number 2 [ 132.944675][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.951389][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.165083][ T4992] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 133.219544][ T4992] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 134.592572][ T4992] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.601976][ T4992] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.611385][ T4992] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.620697][ T4992] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.854114][ T4995] netlink: 20 bytes leftover after parsing attributes in process `syz.2.192'. [ 134.904735][ T4999] 8021q: adding VLAN 0 to HW filter on device bond0 [ 134.913373][ T4999] 8021q: adding VLAN 0 to HW filter on device team0 [ 134.923936][ T4999] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 134.940525][ T5012] tipc: Enabling of bearer rejected, failed to enable media [ 135.173352][ T4999] syz.2.192 (4999) used greatest stack depth: 19632 bytes left [ 135.928295][ T5042] netlink: 4 bytes leftover after parsing attributes in process `syz.3.208'. [ 136.088636][ T5022] team0: Port device team_slave_0 removed [ 138.256402][ T5086] loop2: detected capacity change from 0 to 16 [ 138.350845][ T5086] erofs: (device loop2): mounted with root inode @ nid 36. [ 138.590894][ T5097] netlink: 'syz.2.227': attribute type 10 has an invalid length. [ 138.624853][ T5097] device bridge_slave_1 left promiscuous mode [ 138.671949][ T5097] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.740378][ T5097] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 139.894644][ T5094] VFS: Mount too revealing [ 139.900934][ T5094] VFS: Mount too revealing [ 139.972703][ T5103] Set syz0 is full, maxelem 0 reached [ 142.583033][ T5131] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 142.626537][ T5131] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 142.643649][ T5135] sock: sock_set_timeout: `syz.2.237' (pid 5135) tries to set negative timeout [ 142.721964][ T5131] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 142.743443][ T5140] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 143.913654][ T5151] netlink: 16 bytes leftover after parsing attributes in process `syz.4.241'. [ 143.958587][ T5148] af_packet: tpacket_rcv: packet too big, clamped from 120 to 4294967272. macoff=96 [ 143.965678][ T5151] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 143.977565][ T5151] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 143.987288][ T5151] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 143.996282][ T5151] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.026127][ T5148] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 144.380062][ T23] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 144.571790][ T5167] Context (ID=0x4d5) not attached to queue pair (handle=0x2:0x2) [ 145.421879][ T5177] device syzkaller0 entered promiscuous mode [ 145.434410][ T5177] netlink: 'syz.4.250': attribute type 10 has an invalid length. [ 145.447959][ T5177] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 146.920466][ T5194] netlink: 'syz.4.256': attribute type 10 has an invalid length. [ 146.975502][ T5198] loop2: detected capacity change from 0 to 164 [ 147.000077][ T23] usb 1-1: unable to read config index 0 descriptor/all [ 147.016231][ T23] usb 1-1: can't read configurations, error -71 [ 147.086579][ T5203] loop0: detected capacity change from 0 to 512 [ 147.107565][ T5202] netlink: 12 bytes leftover after parsing attributes in process `syz.3.257'. [ 147.173414][ T5203] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [ 147.194790][ T5202] netlink: 'syz.3.257': attribute type 5 has an invalid length. [ 147.241747][ T5202] netlink: 4 bytes leftover after parsing attributes in process `syz.3.257'. [ 147.555606][ T5228] tipc: Started in network mode [ 147.561122][ T5228] tipc: Node identity 4, cluster identity 4711 [ 147.568429][ T5228] tipc: Node number set to 4 [ 147.842960][ T5233] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 148.126302][ T5238] loop0: detected capacity change from 0 to 1024 [ 148.208590][ T5238] EXT4-fs (loop0): Ignoring removed bh option [ 148.230044][ T5238] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 148.287409][ T5238] EXT4-fs (loop0): mounted filesystem without journal. Opts: discard,bh,nomblk_io_submit,,errors=continue. Quota mode: writeback. [ 148.440100][ T5238] netlink: 96 bytes leftover after parsing attributes in process `syz.0.272'. [ 148.606109][ T5252] netlink: 'syz.1.276': attribute type 27 has an invalid length. [ 148.628601][ T5252] netlink: 'syz.1.276': attribute type 4 has an invalid length. [ 148.661322][ T5252] netlink: 144 bytes leftover after parsing attributes in process `syz.1.276'. [ 149.741129][ T5264] netlink: 12 bytes leftover after parsing attributes in process `syz.0.279'. [ 151.520930][ T5292] loop1: detected capacity change from 0 to 256 [ 151.580800][ T5292] exfat: Deprecated parameter 'utf8' [ 152.550654][ T5292] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 152.622473][ T5308] loop4: detected capacity change from 0 to 128 [ 152.762618][ T5308] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 152.772452][ T5292] 9pnet: p9_fd_create_unix (5292): problem connecting socket: ./file0: -111 [ 152.822792][ T5312] netlink: 4 bytes leftover after parsing attributes in process `syz.3.297'. [ 152.854927][ T5308] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 152.866427][ T5312] netlink: 2 bytes leftover after parsing attributes in process `syz.3.297'. [ 152.920153][ T5308] ext2 filesystem being mounted at /65/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 154.383935][ T5333] x_tables: ip_tables: osf match: only valid for protocol 6 [ 155.033504][ T5349] fuse: Bad value for 'fd' [ 155.275780][ T5324] loop0: detected capacity change from 0 to 40427 [ 155.357647][ T5324] F2FS-fs (loop0): invalid crc value [ 155.598520][ T5324] F2FS-fs (loop0): Found nat_bits in checkpoint [ 156.393978][ T5324] F2FS-fs (loop0): Inconsistent segment (8) type [1, 0] in SSA and SIT [ 160.017622][ T5412] netlink: 8 bytes leftover after parsing attributes in process `syz.0.331'. [ 160.123364][ T5418] netlink: 182 bytes leftover after parsing attributes in process `syz.3.334'. [ 161.885451][ T5466] device team_slave_0 entered promiscuous mode [ 161.892210][ T5466] device team_slave_1 entered promiscuous mode [ 161.929682][ T5466] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 161.958803][ T5467] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 162.476290][ T5464] loop1: detected capacity change from 0 to 131072 [ 163.011616][ T5464] F2FS-fs (loop1): invalid crc value [ 163.360831][ T5474] overlayfs: failed to clone upperpath [ 163.472815][ T5464] F2FS-fs (loop1): Found nat_bits in checkpoint [ 163.523018][ T5464] F2FS-fs (loop1): Cannot turn on quotas: -2 on 2 [ 163.540586][ T5464] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 163.651569][ T5483] 8021q: adding VLAN 0 to HW filter on device bond2 [ 163.909543][ T5485] bond2: (slave macvlan2): Enslaving as an active interface with a down link [ 170.392603][ T26] audit: type=1326 audit(2000000029.210:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5542 comm="syz.4.374" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6cb41ebcb9 code=0x0 [ 170.758262][ T5587] bond2: (slave ip6gretap1): making interface the new active one [ 170.768344][ T5587] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link [ 171.024792][ T5597] device bridge1 entered promiscuous mode [ 171.046942][ T5597] team0: Port device bridge1 added [ 171.053127][ T5599] netlink: 24 bytes leftover after parsing attributes in process `syz.2.390'. [ 171.089743][ T5597] bridge0: port 3(team0) entered blocking state [ 171.096829][ T5597] bridge0: port 3(team0) entered disabled state [ 171.117840][ T5597] device team0 entered promiscuous mode [ 171.124460][ T5597] device team_slave_1 entered promiscuous mode [ 171.136977][ T5597] bridge0: port 3(team0) entered blocking state [ 171.143999][ T5597] bridge0: port 3(team0) entered forwarding state [ 175.952468][ T5664] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 177.711451][ T5641] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.719215][ T5641] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.182130][ T5641] device team_slave_0 left promiscuous mode [ 178.199215][ T5641] device team_slave_1 left promiscuous mode [ 178.741995][ T5641] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 178.816708][ T5641] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 180.020610][ T5703] loop4: detected capacity change from 0 to 8 [ 180.116545][ T5703] SQUASHFS error: lzo decompression failed, data probably corrupt [ 180.145570][ T5703] SQUASHFS error: Failed to read block 0x91: -5 [ 180.182405][ T5703] SQUASHFS error: Unable to read metadata cache entry [8f] [ 180.215772][ T5703] SQUASHFS error: Unable to read inode 0x11f [ 181.253310][ T5711] loop2: detected capacity change from 0 to 164 [ 181.348781][ T5641] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.376787][ T5641] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.390367][ T5641] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.406552][ T5641] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.674417][ T5645] netlink: 16 bytes leftover after parsing attributes in process `syz.0.405'. [ 181.717540][ T5698] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 181.756339][ T5698] device batadv_slave_0 entered promiscuous mode [ 181.783315][ T5707] netlink: 'syz.4.419': attribute type 4 has an invalid length. [ 181.880036][ T5708] netlink: 'syz.4.419': attribute type 4 has an invalid length. [ 181.962725][ T5722] xt_CT: You must specify a L4 protocol and not use inversions on it [ 183.237691][ T5723] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.325350][ T5727] netlink: 12 bytes leftover after parsing attributes in process `syz.0.425'. [ 183.374878][ T5727] 8021q: VLANs not supported on ip6gre0 [ 185.088879][ T5723] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.261035][ T5723] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.319151][ T5723] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.474920][ T5723] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.496809][ T5723] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.519524][ T5723] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.556083][ T5723] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.676530][ T5781] loop1: detected capacity change from 0 to 8 [ 188.035128][ T5781] SQUASHFS error: lzo decompression failed, data probably corrupt [ 188.090666][ T5781] SQUASHFS error: Failed to read block 0x91: -5 [ 188.096973][ T5781] SQUASHFS error: Unable to read metadata cache entry [8f] [ 188.299369][ T5791] xt_CT: You must specify a L4 protocol and not use inversions on it [ 188.493625][ T5781] SQUASHFS error: Unable to read inode 0x11f [ 189.672765][ T5793] team0 (unregistering): Port device team_slave_0 removed [ 189.747449][ T5793] team0 (unregistering): Failed to send options change via netlink (err -105) [ 189.794850][ T5793] team0 (unregistering): Failed to send port change of device team_slave_1 via netlink (err -105) [ 189.806521][ T5793] team0 (unregistering): Port device team_slave_1 removed [ 190.328777][ T5798] netlink: 'syz.1.438': attribute type 4 has an invalid length. [ 190.516047][ T5799] netlink: 'syz.1.438': attribute type 4 has an invalid length. [ 190.714799][ T5807] netlink: 96 bytes leftover after parsing attributes in process `syz.3.447'. [ 191.340786][ T1109] Bluetooth: hci2: command 0x0406 tx timeout [ 191.353408][ T1109] Bluetooth: hci4: command 0x0406 tx timeout [ 191.483835][ T1109] Bluetooth: hci3: command 0x0406 tx timeout [ 191.667416][ T1109] Bluetooth: hci1: command 0x0406 tx timeout [ 193.998607][ T5834] loop2: detected capacity change from 0 to 1024 [ 194.398334][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.405769][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.568059][ T5834] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only. [ 195.237391][ T5846] team0 (unregistering): Port device team_slave_0 removed [ 195.262726][ T5846] team0 (unregistering): Failed to send options change via netlink (err -105) [ 195.284288][ T5846] team0 (unregistering): Failed to send port change of device team_slave_1 via netlink (err -105) [ 195.312867][ T5846] team0 (unregistering): Port device team_slave_1 removed [ 198.304548][ T5884] netlink: 'syz.0.470': attribute type 10 has an invalid length. [ 198.312581][ T5884] netlink: 40 bytes leftover after parsing attributes in process `syz.0.470'. [ 198.324354][ T5884] batman_adv: batadv0: Adding interface: virt_wifi0 [ 198.331334][ T5884] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.357785][ T5884] batman_adv: batadv0: Interface activated: virt_wifi0 [ 200.557970][ T5891] bridge0: port 3(team0) entered disabled state [ 200.633125][ T5891] device team0 left promiscuous mode [ 200.638493][ T5891] device team_slave_1 left promiscuous mode [ 200.857639][ T5891] bridge0: port 3(team0) entered disabled state [ 201.628136][ T5891] team0 (unregistering): Port device team_slave_1 removed [ 201.650800][ T5891] team0 (unregistering): Port device bridge1 removed [ 201.718879][ T5901] netlink: 12 bytes leftover after parsing attributes in process `syz.0.476'. [ 201.913574][ T5695] Process accounting resumed [ 202.034611][ T5922] loop2: detected capacity change from 0 to 2048 [ 203.554502][ T5922] Alternate GPT is invalid, using primary GPT. [ 203.616493][ T5922] loop2: p2 p3 p7 [ 204.347307][ T5959] loop4: detected capacity change from 0 to 512 [ 204.490052][ T5959] EXT4-fs (loop4): Ignoring removed bh option [ 205.452363][ T5959] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 205.579706][ T5964] team0 (unregistering): Port device team_slave_0 removed [ 205.608933][ T5959] EXT4-fs (loop4): 1 truncate cleaned up [ 205.616052][ T5959] EXT4-fs (loop4): mounted filesystem without journal. Opts: data_err=abort,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none. [ 205.638542][ T5964] team0 (unregistering): Port device team_slave_1 removed [ 205.726757][ T4321] udevd[4321]: inotify_add_watch(7, /dev/loop2p7, 10) failed: No such file or directory [ 205.747774][ T4322] udevd[4322]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 205.767209][ T4298] udevd[4298]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 206.978163][ T5977] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 207.025213][ T5977] 8021q: adding VLAN 0 to HW filter on device bond0 [ 207.104572][ T5977] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 208.918793][ T6058] device bridge3 entered promiscuous mode [ 209.124762][ T1112] Process accounting resumed [ 210.436310][ T26] audit: type=1326 audit(2000000069.250:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6080 comm="syz.0.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 210.458543][ C0] vkms_vblank_simulate: vblank timer overrun [ 210.546634][ T26] audit: type=1326 audit(2000000069.290:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6080 comm="syz.0.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 210.653465][ T26] audit: type=1326 audit(2000000069.290:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6080 comm="syz.0.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 210.777138][ T6070] netlink: 12 bytes leftover after parsing attributes in process `syz.3.514'. [ 210.790585][ T26] audit: type=1326 audit(2000000069.290:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6080 comm="syz.0.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 210.841106][ T6088] binder: 6087:6088 ioctl c0306201 0 returned -14 [ 210.878700][ T26] audit: type=1326 audit(2000000069.290:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6080 comm="syz.0.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 211.016671][ T26] audit: type=1326 audit(2000000069.290:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6080 comm="syz.0.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 211.124417][ T26] audit: type=1326 audit(2000000069.290:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6080 comm="syz.0.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 211.222544][ T26] audit: type=1326 audit(2000000069.290:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6080 comm="syz.0.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 211.320507][ T26] audit: type=1326 audit(2000000069.290:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6080 comm="syz.0.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 211.400011][ T26] audit: type=1326 audit(2000000069.290:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6080 comm="syz.0.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 211.594644][ T6103] loop1: detected capacity change from 0 to 512 [ 211.944165][ T6114] device bridge1 entered promiscuous mode [ 211.978051][ T6103] EXT4-fs (loop1): Ignoring removed bh option [ 212.020018][ T6103] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 212.050779][ T6103] EXT4-fs (loop1): 1 truncate cleaned up [ 212.056488][ T6103] EXT4-fs (loop1): mounted filesystem without journal. Opts: data_err=abort,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none. [ 216.755072][ T6149] loop1: detected capacity change from 0 to 4096 [ 216.887534][ T6149] netlink: 12 bytes leftover after parsing attributes in process `syz.1.531'. [ 217.090291][ T6192] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.097742][ T6192] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.173149][ T6194] netlink: 4 bytes leftover after parsing attributes in process `syz.1.540'. [ 217.369661][ T6199] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.376834][ T6199] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.384395][ T6199] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.391549][ T6199] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.451637][ T6199] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 217.471074][ T6199] IPv6: ADDRCONF(NETDEV_CHANGE): dummy0: link becomes ready [ 217.524718][ T6199] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 218.140709][ T6047] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 218.750315][ T6212] netlink: 4 bytes leftover after parsing attributes in process `syz.3.545'. [ 218.894885][ T6212] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 218.939480][ T6212] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 218.947305][ T6212] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 220.192116][ T6236] netlink: 'syz.0.554': attribute type 4 has an invalid length. [ 220.417344][ T6239] netlink: 'syz.0.554': attribute type 4 has an invalid length. [ 223.550437][ T6268] xt_hashlimit: max too large, truncated to 1048576 [ 223.557746][ T6268] xt_hashlimit: overflow, try lower: 0/0 [ 223.571122][ T6270] netlink: 4 bytes leftover after parsing attributes in process `syz.0.564'. [ 223.580064][ T6270] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 223.610487][ T6270] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 223.628665][ T6270] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 223.648448][ T6270] batman_adv: batadv0: Removing interface: virt_wifi0 [ 224.025759][ T6281] loop4: detected capacity change from 0 to 16 [ 224.104222][ T6281] erofs: (device loop4): mounted with root inode @ nid 36. [ 224.155908][ T6281] attempt to access beyond end of device [ 224.155908][ T6281] loop4: rw=0, want=304, limit=16 [ 224.208430][ T6281] erofs: (device loop4): erofs_readdir: fail to readdir of logical block 0 of nid 36 [ 224.291895][ T6284] erofs: (device loop4): find_target_block_classic: corrupted dir block 8200 @ nid 36 [ 224.294903][ T6286] sch_tbf: burst 4398 is lower than device lo mtu (11337746) ! [ 226.442418][ T6304] loop2: detected capacity change from 0 to 128 [ 228.204245][ T6304] FAT-fs (loop2): bogus number of FAT sectors [ 228.298070][ T6304] FAT-fs (loop2): Can't find a valid FAT filesystem [ 228.853838][ T6327] loop1: detected capacity change from 0 to 512 [ 228.969525][ T6327] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 228.992822][ T6327] UDF-fs: Scanning with blocksize 512 failed [ 229.041477][ T6327] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 229.065932][ T6327] UDF-fs: Scanning with blocksize 1024 failed [ 229.103914][ T6327] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 229.162702][ T6327] UDF-fs: Scanning with blocksize 2048 failed [ 229.170180][ T6327] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 229.184337][ T6327] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 234.616159][ T6394] netlink: 24 bytes leftover after parsing attributes in process `syz.0.601'. [ 235.894765][ T6414] overlayfs: failed to clone upperpath [ 236.953702][ T6423] 9pnet: Insufficient options for proto=fd [ 237.951198][ T6443] fuse: root generation should be zero [ 238.049768][ T6450] netlink: 'syz.0.619': attribute type 1 has an invalid length. [ 238.090663][ T6450] 8021q: adding VLAN 0 to HW filter on device bond2 [ 238.120142][ T6456] loop2: detected capacity change from 0 to 512 [ 238.155801][ T6456] EXT4-fs (loop2): Ignoring removed bh option [ 238.170200][ T6456] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 238.191728][ T6456] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 238.201120][ T6456] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 238.257743][ T6456] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 238.296583][ T6455] bond2: (slave gretap1): making interface the new active one [ 238.358200][ T6456] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 238.406044][ T6455] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 238.480879][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 238.501843][ T6456] EXT4-fs (loop2): mounted filesystem without journal. Opts: discard,bh,noblock_validity,,errors=continue. Quota mode: none. [ 238.517901][ T6463] overlayfs: failed to clone upperpath [ 238.754069][ T6456] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 3: comm syz.2.622: path /122/file0: bad entry in directory: inode out of bounds - offset=24, inode=134217739, rec_len=20, size=2048 fake=0 [ 239.020388][ T6465] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 353: padding at end of block bitmap is not set [ 239.330111][ T6473] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.357389][ T6475] ipt_REJECT: ECHOREPLY no longer supported. [ 239.505090][ T6473] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.262026][ T6481] netlink: 4 bytes leftover after parsing attributes in process `syz.3.631'. [ 240.305689][ T6473] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.499086][ T6473] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.762498][ T6473] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.848151][ T6473] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.952835][ T6473] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.047672][ T6473] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.083007][ T6508] netlink: 'syz.3.640': attribute type 1 has an invalid length. [ 242.771009][ T6534] overlayfs: failed to clone upperpath [ 242.870080][ T5695] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 242.882136][ T6539] netlink: 84 bytes leftover after parsing attributes in process `syz.4.652'. [ 244.791017][ T5695] usb 3-1: Using ep0 maxpacket: 32 [ 245.052274][ T6568] xt_NFQUEUE: number of total queues is 0 [ 246.750441][ T5695] usb 3-1: device descriptor read/all, error -71 [ 247.421234][ T6575] No such timeout policy "syz1" [ 249.335433][ T6591] loop2: detected capacity change from 0 to 512 [ 249.369199][ T6593] loop1: detected capacity change from 0 to 2048 [ 249.488559][ T6593] UDF-fs: error (device loop1): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 249.505901][ T6593] UDF-fs: error (device loop1): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 249.521008][ T6593] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 249.528994][ T6593] UDF-fs: Scanning with blocksize 512 failed [ 249.542438][ T6593] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 249.567984][ T6591] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 249.657493][ T6591] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #16: comm syz.2.668: invalid indirect mapped block 4294967295 (level 0) [ 249.835587][ T6591] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #16: comm syz.2.668: invalid indirect mapped block 4294967295 (level 1) [ 250.276122][ T6591] EXT4-fs (loop2): 1 orphan inode deleted [ 250.303774][ T6591] EXT4-fs (loop2): 1 truncate cleaned up [ 250.321740][ T6591] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 252.446866][ T6636] xt_TCPMSS: Only works on TCP SYN packets [ 253.213700][ T6647] netlink: 'syz.2.681': attribute type 21 has an invalid length. [ 253.221627][ T6647] IPv6: NLM_F_CREATE should be specified when creating new route [ 255.456101][ T6675] loop1: detected capacity change from 0 to 512 [ 255.494276][ T6675] EXT4-fs (loop1): Ignoring removed bh option [ 255.540024][ T6675] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 255.549385][ T6675] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 255.751256][ T6675] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 255.791222][ T6675] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 255.823646][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.830071][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.189091][ T6684] fuse: Bad value for 'fd' [ 256.265175][ T6675] EXT4-fs (loop1): mounted filesystem without journal. Opts: discard,bh,noblock_validity,,errors=continue. Quota mode: none. [ 261.367948][ T6754] capability: warning: `syz.3.720' uses deprecated v2 capabilities in a way that may be insecure [ 265.068432][ T6771] bridge0: port 3(netdevsim0) entered blocking state [ 265.099581][ T6771] bridge0: port 3(netdevsim0) entered disabled state [ 265.147411][ T6771] device netdevsim0 entered promiscuous mode [ 269.063569][ T6823] IPVS: sync thread started: state = MASTER, mcast_ifn = bond_slave_0, syncid = 1, id = 0 [ 274.747564][ T6885] fuse: Bad value for 'fd' [ 276.984006][ T6917] netlink: 4 bytes leftover after parsing attributes in process `syz.4.772'. [ 278.457138][ T6948] netlink: 8 bytes leftover after parsing attributes in process `syz.1.782'. [ 284.456920][ T7007] xt_hashlimit: size too large, truncated to 1048576 [ 284.503488][ T7007] xt_hashlimit: invalid rate [ 287.984946][ T7039] netlink: 4 bytes leftover after parsing attributes in process `syz.0.807'. [ 289.217151][ T7060] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 290.204861][ T7077] netlink: 24 bytes leftover after parsing attributes in process `syz.4.820'. [ 290.391765][ T7077] device sit1 entered promiscuous mode [ 290.670803][ T7080] IPVS: sync thread started: state = MASTER, mcast_ifn = bond_slave_0, syncid = 1, id = 0 [ 292.225084][ T7112] netlink: 12 bytes leftover after parsing attributes in process `syz.3.829'. [ 292.284800][ T7112] 8021q: adding VLAN 0 to HW filter on device bond1 [ 292.311280][ T7114] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 292.335900][ T7116] loop2: detected capacity change from 0 to 512 [ 292.360633][ T7112] device macvlan2 entered promiscuous mode [ 292.426200][ T7116] EXT4-fs (loop2): Unrecognized mount option "smackfsroot=$#})[" or missing value [ 292.793386][ T7128] IPVS: Error connecting to the multicast addr [ 293.716570][ T7137] device batadv_slave_0 entered promiscuous mode [ 294.858895][ T7155] netlink: 4 bytes leftover after parsing attributes in process `syz.1.842'. [ 297.369909][ T9] bond1: (slave ip6gretap1): Releasing active interface [ 297.387030][ T7184] sch_tbf: burst 2 is lower than device lo mtu (1550) ! [ 297.475495][ T7187] sch_tbf: burst 2 is lower than device lo mtu (1550) ! [ 297.496033][ T7185] device ip6gre1 entered promiscuous mode [ 297.565686][ T7187] sch_tbf: burst 2 is lower than device lo mtu (1550) ! [ 297.770604][ T5695] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 297.778977][ T5695] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 297.818538][ T26] kauditd_printk_skb: 58 callbacks suppressed [ 297.818553][ T26] audit: type=1326 audit(2000000008.910:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7204 comm="syz.4.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cb41ebcb9 code=0x7ffc0000 [ 297.855733][ T5689] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 297.899505][ T7175] chnl_net:caif_netlink_parms(): no params data found [ 297.975683][ T26] audit: type=1326 audit(2000000008.910:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7204 comm="syz.4.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cb41ebcb9 code=0x7ffc0000 [ 298.213706][ T5689] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 298.395679][ T4234] Bluetooth: hci3: command 0x0409 tx timeout [ 298.683877][ T26] audit: type=1326 audit(2000000008.940:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7204 comm="syz.4.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=191 compat=0 ip=0x7f6cb41ebcb9 code=0x7ffc0000 [ 298.706419][ C0] vkms_vblank_simulate: vblank timer overrun [ 299.266065][ T5695] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 299.370047][ T26] audit: type=1326 audit(2000000008.940:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7204 comm="syz.4.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cb41ebcb9 code=0x7ffc0000 [ 299.431770][ T7175] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.470194][ T7175] bridge0: port 1(bridge_slave_0) entered disabled state [ 299.477417][ T26] audit: type=1326 audit(2000000008.940:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7204 comm="syz.4.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cb41ebcb9 code=0x7ffc0000 [ 299.524875][ T7175] device bridge_slave_0 entered promiscuous mode [ 299.563032][ T7232] loop1: detected capacity change from 0 to 64 [ 299.674629][ T26] audit: type=1326 audit(2000000008.940:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7204 comm="syz.4.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6cb41ac58e code=0x7ffc0000 [ 299.697309][ T26] audit: type=1326 audit(2000000008.950:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7204 comm="syz.4.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6cb41ac58e code=0x7ffc0000 [ 299.719525][ C0] vkms_vblank_simulate: vblank timer overrun [ 299.725694][ T26] audit: type=1326 audit(2000000008.950:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7204 comm="syz.4.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cb41ebcb9 code=0x7ffc0000 [ 299.748371][ T26] audit: type=1326 audit(2000000008.950:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7204 comm="syz.4.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cb41ebcb9 code=0x7ffc0000 [ 299.770699][ C0] vkms_vblank_simulate: vblank timer overrun [ 299.776857][ T26] audit: type=1326 audit(2000000008.950:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7204 comm="syz.4.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f6cb41ebcb9 code=0x7ffc0000 [ 299.813318][ T7175] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.830169][ T7175] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.838718][ T7232] hfs: unable to locate alternate MDB [ 299.874758][ T7175] device bridge_slave_1 entered promiscuous mode [ 299.938085][ T7175] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 299.964625][ T7175] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 300.044125][ T7232] hfs: continuing without an alternate MDB [ 300.107634][ T7235] netlink: 4 bytes leftover after parsing attributes in process `syz.3.858'. [ 301.170292][ T5696] Bluetooth: hci3: command 0x041b tx timeout [ 301.703255][ T7175] team0: Port device team_slave_0 added [ 301.801512][ T7175] team0: Port device team_slave_1 added [ 301.910133][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 302.808111][ T7175] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 302.823526][ T7175] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 302.899195][ T7175] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 302.912454][ T7175] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 302.919565][ T7175] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 302.945681][ T7175] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 303.010997][ T7175] device hsr_slave_0 entered promiscuous mode [ 303.093785][ T7272] loop1: detected capacity change from 0 to 8 [ 303.140217][ T7175] device hsr_slave_1 entered promiscuous mode [ 303.195504][ T4251] Bluetooth: hci3: command 0x040f tx timeout [ 303.254703][ T7272] SQUASHFS error: xz decompression failed, data probably corrupt [ 303.262805][ T7272] SQUASHFS error: Failed to read block 0x108: -5 [ 303.269223][ T7272] SQUASHFS error: Unable to read metadata cache entry [106] [ 303.276699][ T7272] SQUASHFS error: Unable to read inode 0x11f [ 303.959561][ T7175] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 303.984537][ T7175] Cannot create hsr debugfs directory [ 304.799733][ T9] device hsr_slave_0 left promiscuous mode [ 305.340129][ T9] device hsr_slave_1 left promiscuous mode [ 305.411142][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 305.425139][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 305.430222][ T5695] Bluetooth: hci3: command 0x0419 tx timeout [ 305.450575][ T9] device vxlan0 left promiscuous mode [ 305.467321][ T9] bridge0: port 3(vxlan0) entered disabled state [ 305.509726][ T9] device bridge_slave_0 left promiscuous mode [ 305.533964][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 305.714436][ T9] bond2 (unregistering): (slave macvlan2): Releasing active interface [ 305.752383][ T9] bond2 (unregistering): Released all slaves [ 305.816073][ T9] bond1 (unregistering): Released all slaves [ 306.231116][ T9] team0 (unregistering): Port device team_slave_1 removed [ 306.260452][ T9] team0 (unregistering): Port device team_slave_0 removed [ 306.285462][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 306.325809][ T7315] Set syz1 is full, maxelem 6117 reached [ 306.341313][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 306.374377][ T9] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface [ 306.563177][ T9] bond0 (unregistering): Released all slaves [ 306.667077][ T7300] netlink: 40 bytes leftover after parsing attributes in process `syz.3.879'. [ 306.703898][ T7300] netlink: 40 bytes leftover after parsing attributes in process `syz.3.879'. [ 306.731370][ T7300] netlink: 40 bytes leftover after parsing attributes in process `syz.3.879'. [ 306.756991][ T7300] A link change request failed with some changes committed already. Interface ip6tnl0 may have been left with an inconsistent configuration, please check. [ 306.919538][ T26] kauditd_printk_skb: 20 callbacks suppressed [ 306.919573][ T26] audit: type=1326 audit(2000000018.010:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7327 comm="syz.0.886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 307.071261][ T26] audit: type=1326 audit(2000000018.050:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7327 comm="syz.0.886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 307.167901][ T26] audit: type=1326 audit(2000000018.050:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7327 comm="syz.0.886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 307.190220][ C0] vkms_vblank_simulate: vblank timer overrun [ 307.245628][ T26] audit: type=1326 audit(2000000018.050:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7327 comm="syz.0.886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 307.338645][ T26] audit: type=1326 audit(2000000018.050:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7327 comm="syz.0.886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 307.379160][ T26] audit: type=1326 audit(2000000018.050:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7327 comm="syz.0.886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 307.444578][ T26] audit: type=1326 audit(2000000018.050:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7327 comm="syz.0.886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 308.988701][ T7175] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 309.027397][ T7175] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 309.143548][ T7175] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 309.184773][ T7175] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 310.230032][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 310.310837][ T26] audit: type=1326 audit(2000000021.400:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7385 comm="syz.4.897" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6cb41ebcb9 code=0x0 [ 311.018222][ T7175] 8021q: adding VLAN 0 to HW filter on device bond0 [ 312.193771][ T4956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 312.214237][ T4956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 312.264505][ T7175] 8021q: adding VLAN 0 to HW filter on device team0 [ 312.312547][ T4956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 312.353792][ T4956] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 312.411266][ T4956] bridge0: port 1(bridge_slave_0) entered blocking state [ 312.418453][ T4956] bridge0: port 1(bridge_slave_0) entered forwarding state [ 312.503129][ T4956] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 312.552139][ T4956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 312.603148][ T4956] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 312.646527][ T4956] bridge0: port 2(bridge_slave_1) entered blocking state [ 312.653755][ T4956] bridge0: port 2(bridge_slave_1) entered forwarding state [ 312.727052][ T4956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 312.767196][ T4956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 312.880092][ T4956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 312.910097][ T4956] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 312.963240][ T4956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 313.003052][ T4956] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 313.034119][ T4956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 313.054866][ T26] audit: type=1326 audit(2000000024.150:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7417 comm="syz.0.904" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6911a59cb9 code=0x0 [ 313.080386][ T4956] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 313.108310][ T7175] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 313.214326][ T26] audit: type=1800 audit(2000000024.310:279): pid=7425 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.906" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0 [ 313.242274][ T7175] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 313.330744][ T4956] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 313.339271][ T4956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 313.360636][ T4956] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 314.295502][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 314.312470][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 314.346543][ T7175] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 314.413437][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 314.437242][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 314.488020][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 314.511959][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 314.534229][ T7175] device veth0_vlan entered promiscuous mode [ 314.543672][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 314.561886][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 314.578483][ T7412] loop1: detected capacity change from 0 to 32768 [ 314.594954][ T7175] device veth1_vlan entered promiscuous mode [ 314.648516][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 314.673436][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 314.717902][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 314.782129][ T7412] XFS (loop1): Mounting V5 Filesystem [ 314.813676][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 314.900819][ T7175] device veth0_macvtap entered promiscuous mode [ 314.963165][ T7454] netlink: 'syz.4.909': attribute type 4 has an invalid length. [ 314.998112][ T7412] XFS (loop1): Ending clean mount [ 315.062577][ T7459] netlink: 'syz.4.909': attribute type 4 has an invalid length. [ 315.130213][ T7412] XFS (loop1): Metadata CRC error detected at xfs_rmapbt_read_verify+0x3a/0xd0, xfs_rmapbt block 0x14 [ 315.144397][ T7175] device veth1_macvtap entered promiscuous mode [ 315.181871][ T7412] XFS (loop1): Unmount and run xfs_repair [ 315.187696][ T7412] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 315.252518][ T7175] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.292133][ T7175] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.297422][ T7412] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff RMB3............ [ 315.334627][ T7175] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 315.367879][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 315.382820][ T7412] 00000010: 00 00 00 00 00 00 00 14 00 00 00 01 00 00 00 80 ................ [ 315.392138][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 315.415988][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 315.423737][ T7412] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 315.452375][ T7412] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01 ....[.;......... [ 315.463459][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 315.484963][ T7175] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 315.496502][ T7412] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00 ................ [ 315.519933][ T7175] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.532387][ T7412] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb ................ [ 315.548529][ T7175] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 315.580391][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 315.589302][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 315.600238][ T7412] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02 ................ [ 315.627961][ T7175] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.635747][ T7412] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00 ................ [ 315.662437][ T7175] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.677191][ T7175] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.698886][ T7175] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.731419][ T7412] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x1db/0x2d0" at daddr 0x14 len 4 error 74 [ 315.873887][ T7412] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0x156f/0x1b80 (fs/xfs/libxfs/xfs_defer.c:504). Shutting down filesystem. [ 316.116210][ T7412] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 317.418406][ T7502] ptrace attach of "./syz-executor exec"[4191] was attempted by ""[7502] [ 318.229984][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.236345][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.247239][ T4185] XFS (loop1): Unmounting Filesystem [ 318.311895][ T4324] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 318.352080][ T4324] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 318.403034][ T4956] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 318.540135][ T3069] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 318.549862][ T3069] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 318.586607][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 318.628698][ T7517] netlink: 'syz.3.921': attribute type 1 has an invalid length. [ 318.690860][ T7520] netlink: 'syz.0.922': attribute type 16 has an invalid length. [ 318.751893][ T7523] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 318.760391][ T7520] netlink: 'syz.0.922': attribute type 17 has an invalid length. [ 318.802827][ T7520] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 318.810692][ T7520] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 318.851874][ T7523] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 318.870637][ T4251] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 319.650924][ T7541] xt_policy: neither incoming nor outgoing policy selected [ 320.414285][ T7548] loop2: detected capacity change from 0 to 64 [ 320.512539][ T4251] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 320.526049][ T7548] hfs: invalid btree extent records [ 320.580288][ T7548] hfs: unable to open extent tree [ 320.585538][ T7548] hfs: can't find a HFS filesystem on dev loop2 [ 321.440115][ T7570] netlink: 12 bytes leftover after parsing attributes in process `syz.4.932'. [ 321.616685][ T7570] 8021q: adding VLAN 0 to HW filter on device bond1 [ 321.678661][ T7570] device macvlan2 entered promiscuous mode [ 321.818262][ T7583] CIFS: iocharset name too long [ 323.045068][ T7598] loop1: detected capacity change from 0 to 512 [ 323.072141][ T7598] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 323.124020][ T7598] EXT4-fs (loop1): Unrecognized mount option "dax=inode.." or missing value [ 323.441517][ T7608] loop1: detected capacity change from 0 to 4096 [ 323.469321][ T7608] EXT4-fs (loop1): Test dummy encryption mode enabled [ 323.477800][ T7608] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 323.539184][ T7608] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0002] [ 323.553861][ T7608] System zones: 0-5 [ 323.572313][ T7608] EXT4-fs (loop1): mounted filesystem without journal. Opts: debug,stripe=0x0000000000000061,journal_ioprio=0x0000000000000002,test_dummy_encryption=v1,nodiscard,nomblk_io_submit,acl,journal_ioprio=0x0000000000000000,resuid=0x0000000000000000,,errors=continue. Quota mode: writeback. [ 326.256339][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 326.405824][ T7646] netlink: 'syz.1.952': attribute type 1 has an invalid length. [ 326.619319][ T7652] sctp: [Deprecated]: syz.2.954 (pid 7652) Use of struct sctp_assoc_value in delayed_ack socket option. [ 326.619319][ T7652] Use struct sctp_sack_info instead [ 333.760233][ T7700] gfs2: gfs2 mount does not exist [ 337.255233][ T4174] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 337.403163][ T7732] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 337.670742][ T4174] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 337.721501][ T4174] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 337.900104][ T4174] usb 2-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 337.918216][ T4174] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 337.944433][ T4174] usb 2-1: Product: syz [ 337.961354][ T4174] usb 2-1: Manufacturer: syz [ 337.975837][ T4174] usb 2-1: SerialNumber: syz [ 338.007759][ T4174] usb 2-1: config 0 descriptor?? [ 338.061990][ T4174] ums-isd200 2-1:0.0: USB Mass Storage device detected [ 338.416684][ T4174] scsi host1: usb-storage 2-1:0.0 [ 338.447631][ T4174] usb 2-1: USB disconnect, device number 4 [ 342.080962][ T7791] loop2: detected capacity change from 0 to 2048 [ 343.240804][ T7791] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 352.831621][ T7905] netlink: 'syz.4.1026': attribute type 1 has an invalid length. [ 353.062195][ T7909] bond2: (slave bridge2): making interface the new active one [ 353.165713][ T7909] bond2: (slave bridge2): Enslaving as an active interface with an up link [ 353.202798][ T7913] device macvlan3 entered promiscuous mode [ 353.221185][ T7913] device bond2 entered promiscuous mode [ 353.229241][ T7913] device bridge2 entered promiscuous mode [ 353.249701][ T7913] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 353.279305][ T7913] bond2: (slave macvlan3): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 353.317619][ T7913] device bond2 left promiscuous mode [ 353.757534][ T7913] device bridge2 left promiscuous mode [ 356.246664][ T7967] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 356.986027][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 357.065619][ T7968] batman_adv: batadv0: Interface deactivated: dummy0 [ 357.096888][ T7968] batman_adv: batadv0: Removing interface: dummy0 [ 358.114597][ T7968] IPv6: ADDRCONF(NETDEV_CHANGE): dummy0: link becomes ready [ 358.134318][ T7968] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 358.170213][ T7968] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 358.188663][ T7968] device bridge_slave_0 left promiscuous mode [ 358.195388][ T7968] bridge0: port 1(bridge_slave_0) entered disabled state [ 359.607757][ T7968] device bridge_slave_1 left promiscuous mode [ 359.623667][ T7968] bridge0: port 2(bridge_slave_1) entered disabled state [ 359.666318][ T7968] bond0: (slave bond_slave_0): Releasing backup interface [ 360.566584][ T7996] loop1: detected capacity change from 0 to 131072 [ 360.628652][ T7968] bond0: (slave bond_slave_1): Releasing backup interface [ 360.665007][ T7996] F2FS-fs (loop1): Found nat_bits in checkpoint [ 360.671743][ T7968] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 360.688150][ T7968] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 360.729440][ T7968] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 360.741147][ T7968] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 360.749935][ T7996] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 360.778291][ T7996] F2FS-fs (loop1): inode (7) has corrupted xattr [ 360.798847][ T26] audit: type=1804 audit(2000000071.890:280): pid=7996 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1046" name="/newroot/191/file1/bus" dev="loop1" ino=10 res=1 errno=0 [ 360.855740][ T7968] bond0: (slave wlan1): Releasing backup interface [ 360.958346][ T7968] bond2: (slave bridge2): Releasing active interface [ 361.536757][ T8029] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1054'. [ 361.584732][ T8029] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1054'. [ 362.321433][ T8039] loop2: detected capacity change from 0 to 2048 [ 362.445555][ T8039] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 363.543890][ T8050] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 363.622448][ T8054] netlink: zone id is out of range [ 363.647815][ T8054] netlink: zone id is out of range [ 363.659010][ T8054] netlink: zone id is out of range [ 363.663091][ T8056] loop2: detected capacity change from 0 to 1024 [ 363.671674][ T8054] netlink: zone id is out of range [ 363.683279][ T8054] netlink: zone id is out of range [ 363.696521][ T8054] netlink: zone id is out of range [ 363.711418][ T8054] netlink: zone id is out of range [ 363.722202][ T8054] netlink: zone id is out of range [ 363.735015][ T8054] netlink: zone id is out of range [ 363.747061][ T8054] netlink: zone id is out of range [ 363.757556][ T8056] EXT4-fs (loop2): Ignoring removed orlov option [ 363.797392][ T8056] EXT4-fs (loop2): mounted filesystem without journal. Opts: nojournal_checksum,grpquota,grpquota,nobarrier,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 363.868355][ T8062] device batadv_slave_1 entered promiscuous mode [ 363.897291][ T8062] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1063'. [ 364.014943][ T8062] device batadv_slave_1 left promiscuous mode [ 364.152953][ T8058] loop1: detected capacity change from 0 to 32768 [ 364.234487][ T8058] XFS (loop1): Mounting V5 Filesystem [ 365.466929][ T8058] XFS (loop1): Ending clean mount [ 367.061791][ T8058] XFS (loop1): Quotacheck needed: Please wait. [ 367.205910][ T8112] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1074'. [ 367.496724][ T8058] XFS (loop1): Quotacheck: Done. [ 367.524841][ T4185] XFS (loop1): Unmounting Filesystem [ 368.338566][ T8128] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1079'. [ 368.370107][ T8128] netlink: 'syz.2.1079': attribute type 7 has an invalid length. [ 368.377910][ T8128] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1079'. [ 368.389065][ C0] vkms_vblank_simulate: vblank timer overrun [ 369.230000][ T8128] device ip6gretap0 entered promiscuous mode [ 369.250862][ T8128] device syz_tun entered promiscuous mode [ 369.348811][ T4326] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 369.697667][ T8144] loop2: detected capacity change from 0 to 256 [ 374.077863][ T8173] device syzkaller0 entered promiscuous mode [ 375.532054][ T8180] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 378.610711][ T8211] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1099'. [ 378.705996][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.748863][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.756585][ T8211] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1099'. [ 381.288410][ T8245] loop1: detected capacity change from 0 to 2048 [ 381.500766][ T8245] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 382.407355][ T3069] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 382.482720][ T8260] overlayfs: failed to clone upperpath [ 382.518215][ T3069] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 382.552354][ T3069] EXT4-fs (loop1): This should not happen!! Data will be lost [ 382.552354][ T3069] [ 382.562531][ T3069] EXT4-fs (loop1): Total free blocks count 0 [ 382.569015][ T3069] EXT4-fs (loop1): Free/Dirty block details [ 382.605489][ T3069] EXT4-fs (loop1): free_blocks=4096 [ 382.641753][ T3069] EXT4-fs (loop1): dirty_blocks=496 [ 382.647378][ T3069] EXT4-fs (loop1): Block reservation details [ 382.704575][ T3069] EXT4-fs (loop1): i_reserved_data_blocks=31 [ 382.784450][ T4487] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 474 with error 28 [ 382.821406][ T4487] EXT4-fs (loop1): This should not happen!! Data will be lost [ 382.821406][ T4487] [ 384.438236][ T8268] 9pnet: p9_errstr2errno: server reported unknown error 0x00000000 [ 386.251770][ T8318] Error parsing options; rc = [-22] [ 390.805293][ T8352] loop1: detected capacity change from 0 to 1024 [ 390.822791][ T8356] overlayfs: failed to clone upperpath [ 390.930273][ T8358] device syz_tun entered promiscuous mode [ 390.949499][ T8352] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 392.184080][ T8352] EXT4-fs warning (device loop1): ext4_rename_delete:3792: inode #18: comm syz.1.1142: Deleting old file: nlink 2, error=-2 [ 392.279442][ T8372] device batadv_slave_1 entered promiscuous mode [ 392.349901][ T8372] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1145'. [ 392.384406][ T8372] device batadv_slave_1 left promiscuous mode [ 395.017078][ T8401] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1156'. [ 397.957811][ T6823] IPVS: ip_vs_send_async error -101 [ 398.683787][ T8428] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1163'. [ 398.753314][ T8428] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 400.019415][ T8428] netlink: 1032 bytes leftover after parsing attributes in process `syz.0.1163'. [ 400.170944][ T8439] device ip6gre1 entered promiscuous mode [ 400.552831][ T8442] device syzkaller0 entered promiscuous mode [ 403.840459][ T26] audit: type=1326 audit(2000000113.729:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8481 comm="syz.0.1182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 403.877163][ T26] audit: type=1326 audit(2000000113.766:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8481 comm="syz.0.1182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6911a53ad7 code=0x7ffc0000 [ 403.900409][ T26] audit: type=1326 audit(2000000113.766:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8481 comm="syz.0.1182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f69119fb0d9 code=0x7ffc0000 [ 403.923302][ T26] audit: type=1326 audit(2000000113.766:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8481 comm="syz.0.1182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=71 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 403.945490][ C0] vkms_vblank_simulate: vblank timer overrun [ 403.974936][ T26] audit: type=1326 audit(2000000113.766:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8481 comm="syz.0.1182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 404.059147][ T26] audit: type=1326 audit(2000000113.766:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8481 comm="syz.0.1182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 404.092785][ T26] audit: type=1326 audit(2000000113.766:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8481 comm="syz.0.1182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 404.269877][ T26] audit: type=1326 audit(2000000113.766:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8481 comm="syz.0.1182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 404.300658][ T26] audit: type=1326 audit(2000000113.766:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8481 comm="syz.0.1182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 404.748008][ T26] audit: type=1326 audit(2000000113.766:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8481 comm="syz.0.1182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f6911a59cb9 code=0x7ffc0000 [ 405.613921][ T5695] Bluetooth: hci3: command 0x0405 tx timeout [ 405.806520][ T8509] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1192'. [ 410.008632][ T8544] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1202'. [ 410.784097][ T8561] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1207'. [ 413.118911][ T8584] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1215'. [ 413.155083][ T8584] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 413.164357][ T8584] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 413.173152][ T8584] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 413.181935][ T8584] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 418.985328][ T8634] capability: warning: `syz.4.1230' uses 32-bit capabilities (legacy support in use) [ 422.766042][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 424.932395][ T1112] Bluetooth: hci3: command 0x0406 tx timeout [ 425.673263][ T8684] overlayfs: failed to clone upperpath [ 425.807823][ T8688] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1246'. [ 425.867146][ T8693] 9pnet: Insufficient options for proto=fd [ 427.592797][ T8708] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1252'. [ 427.680302][ T8708] bridge2: port 1(veth3) entered blocking state [ 427.687416][ T8708] bridge2: port 1(veth3) entered disabled state [ 427.699745][ T8708] device veth3 entered promiscuous mode [ 429.069933][ T8704] xt_hashlimit: overflow, try lower: 18446744073709551615/255 [ 429.185563][ T8712] bridge2: port 2(veth5) entered blocking state [ 429.212935][ T8712] bridge2: port 2(veth5) entered disabled state [ 429.241376][ T8712] device veth5 entered promiscuous mode [ 432.846743][ T8767] 8021q: adding VLAN 0 to HW filter on device bond3 [ 432.874069][ T8767] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 432.903696][ T8767] bond3: (slave macvlan5): Enslaving as an active interface with a down link [ 433.617077][ T8767] bond0 speed is unknown, defaulting to 1000 [ 433.856724][ T8785] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1275'. [ 433.873075][ T8767] __ib_cache_gid_add: unable to add gid fe80:0000:0000:0000:00a7:a1ff:fe59:51a4 error=-28 [ 435.440482][ T8781] set match dimension is over the limit! [ 435.559734][ T8767] bond0 speed is unknown, defaulting to 1000 [ 435.614111][ T8767] bond0 speed is unknown, defaulting to 1000 [ 436.871623][ T1112] bond0 speed is unknown, defaulting to 1000 [ 436.878985][ T8767] infiniband syz0: set down [ 437.567147][ T8767] infiniband syz0: added bond0 [ 437.615561][ T8767] infiniband syz0: Couldn't open port 1 [ 437.627045][ T8824] netlink: 'syz.2.1286': attribute type 1 has an invalid length. [ 437.683004][ T8767] RDS/IB: syz0: added [ 437.688235][ T8767] smc: adding ib device syz0 with port count 1 [ 437.695096][ T8767] smc: ib device syz0 port 1 has pnetid [ 437.830228][ T8824] 8021q: adding VLAN 0 to HW filter on device bond1 [ 437.846712][ T8827] bond1: (slave geneve2): making interface the new active one [ 437.857784][ T8827] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 437.869507][ T1112] bond0 speed is unknown, defaulting to 1000 [ 437.878986][ T8767] bond0 speed is unknown, defaulting to 1000 [ 437.888722][ T4972] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 438.760412][ T8767] bond0 speed is unknown, defaulting to 1000 [ 438.962006][ T8767] bond0 speed is unknown, defaulting to 1000 [ 441.201100][ T8767] bond0 speed is unknown, defaulting to 1000 [ 441.796241][ T8767] bond0 speed is unknown, defaulting to 1000 [ 442.830638][ T8885] syz.4.1305 sent an empty control message without MSG_MORE. [ 443.784947][ T8903] loop2: detected capacity change from 0 to 4096 [ 444.103481][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 444.118260][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 444.330309][ T26] kauditd_printk_skb: 14 callbacks suppressed [ 444.330348][ T26] audit: type=1107 audit(2000000151.617:305): pid=8906 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 444.627646][ T8903] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 444.652820][ T8903] ntfs3: loop2: Failed to load $BadClus. [ 444.689750][ T8915] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1311'. [ 444.718718][ T8915] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1311'. [ 445.242420][ T5680] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 445.530722][ T5680] usb 3-1: Using ep0 maxpacket: 16 [ 445.658977][ T5680] usb 3-1: config 1 has an invalid descriptor of length 249, skipping remainder of the config [ 445.693243][ T5680] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 446.957108][ T5680] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 446.957174][ T5680] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 446.957208][ T5680] usb 3-1: Product: syz [ 446.957223][ T5680] usb 3-1: Manufacturer: syz [ 446.957237][ T5680] usb 3-1: SerialNumber: syz [ 447.457340][ T5680] usb 3-1: can't set config #1, error -71 [ 447.601763][ T5680] usb 3-1: USB disconnect, device number 5 [ 448.122975][ T8947] netlink: 'syz.1.1323': attribute type 4 has an invalid length. [ 448.433872][ T8954] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1324'. [ 453.381328][ T8994] 9pnet: p9_errstr2errno: server reported unknown error 0x000000000000 [ 454.062572][ T9005] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1337'. [ 456.439353][ T9014] netlink: 'syz.1.1341': attribute type 1 has an invalid length. [ 456.536679][ T9014] device bond3 entered promiscuous mode [ 456.545556][ T9014] 8021q: adding VLAN 0 to HW filter on device bond3 [ 456.562635][ T9023] netlink: 'syz.0.1343': attribute type 4 has an invalid length. [ 456.719647][ T9014] bond3: (slave bridge3): making interface the new active one [ 456.740240][ T9014] device bridge3 entered promiscuous mode [ 456.760079][ T9014] bond3: (slave bridge3): Enslaving as an active interface with an up link [ 456.965246][ T4487] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready [ 459.665264][ T9075] loop1: detected capacity change from 0 to 256 [ 459.697151][ T26] audit: type=1326 audit(2000000165.987:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9069 comm="syz.0.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6911a59cb9 code=0x7fc00000 [ 459.735977][ T9078] netlink: 'syz.2.1358': attribute type 4 has an invalid length. [ 459.805661][ T26] audit: type=1326 audit(2000000165.996:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9069 comm="syz.0.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6911a59cb9 code=0x7fc00000 [ 460.664741][ T26] audit: type=1326 audit(2000000166.024:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9069 comm="syz.0.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6911a59cb9 code=0x7fc00000 [ 460.687319][ C0] vkms_vblank_simulate: vblank timer overrun [ 460.710458][ T9082] netlink: 'syz.0.1359': attribute type 1 has an invalid length. [ 460.753471][ T26] audit: type=1326 audit(2000000166.707:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9065 comm="syz.4.1354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cb41ebcb9 code=0x7fc00000 [ 460.775849][ C0] vkms_vblank_simulate: vblank timer overrun [ 460.785785][ T9082] device bond3 entered promiscuous mode [ 460.791691][ T9082] 8021q: adding VLAN 0 to HW filter on device bond3 [ 461.009916][ T9082] bond3: (slave bridge3): making interface the new active one [ 461.024884][ T9093] loop2: detected capacity change from 0 to 1024 [ 461.041330][ T9090] xt_l2tp: missing protocol rule (udp|l2tpip) [ 461.048017][ T9082] device bridge3 entered promiscuous mode [ 461.066734][ T9082] bond3: (slave bridge3): Enslaving as an active interface with an up link [ 461.118260][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready [ 461.203470][ T9099] loop1: detected capacity change from 0 to 128 [ 461.353775][ T9099] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 461.400042][ T9099] ext4 filesystem being mounted at /255/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 462.168521][ T9099] overlayfs: upper fs needs to support d_type. [ 462.199131][ T9099] overlayfs: upper fs does not support tmpfile. [ 463.214103][ T6823] IPVS: ip_vs_send_async error -101 [ 464.509283][ T9140] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1376'. [ 465.465433][ T9142] netlink: 'syz.1.1378': attribute type 1 has an invalid length. [ 465.663494][ T9142] 8021q: adding VLAN 0 to HW filter on device bond4 [ 465.698307][ T9149] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1378'. [ 465.735515][ T9153] netlink: 'syz.2.1382': attribute type 1 has an invalid length. [ 465.901206][ T9153] bond2: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 465.960619][ T9153] device veth3 entered promiscuous mode [ 465.987819][ T9153] bond2: (slave veth3): Enslaving as a backup interface with a down link [ 467.041416][ T9142] bond4: (slave dummy0): making interface the new active one [ 467.300631][ T9142] bond4: (slave dummy0): Enslaving as an active interface with an up link [ 470.394749][ T9212] loop2: detected capacity change from 0 to 1024 [ 470.569638][ T9212] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 470.590462][ T9212] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 470.593438][ T4251] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 470.609143][ T9212] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 471.683153][ T9212] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodioread_nolock,nolazytime,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,nobarrier,,errors=continue. Quota mode: writeback. [ 471.742185][ T4251] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 473.627136][ T9228] fido_id[9228]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 473.746359][ T9245] loop2: detected capacity change from 0 to 512 [ 473.769911][ T9245] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 473.797598][ T9245] EXT4-fs (loop2): 1 truncate cleaned up [ 473.804370][ T9245] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 475.275178][ T9194] rdma_rxe: ignoring netdev event = 10 for bond0 [ 475.339928][ T9194] infiniband syz0: set down [ 475.491271][ T9264] overlayfs: failed to clone upperpath [ 477.938034][ T9194] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.947324][ T9194] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.956645][ T9194] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.965898][ T9194] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.984842][ T9194] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 477.993868][ T9194] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 478.002792][ T9194] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 478.012023][ T9194] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 478.118675][ T9241] bridge0: port 2(bridge_slave_1) entered disabled state [ 478.126885][ T9241] bridge0: port 1(bridge_slave_0) entered disabled state [ 478.207651][ T4234] bond0 speed is unknown, defaulting to 1000 [ 478.213890][ T5680] bond0 speed is unknown, defaulting to 1000 [ 478.361861][ T9278] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1417'. [ 479.551391][ T9303] loop1: detected capacity change from 0 to 2048 [ 479.826895][ T9303] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 482.235352][ T9347] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1435'. [ 482.540692][ T9354] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1437'. [ 483.575259][ T9358] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1440'. [ 483.838525][ T9375] loop1: detected capacity change from 0 to 4096 [ 484.147500][ T9375] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 485.583865][ T9397] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 485.592147][ T9397] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 485.601019][ T9397] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 485.609298][ T9397] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 485.731828][ T9397] bond0: (slave vxlan0): Enslaving as an active interface with an up link [ 486.593220][ T9410] xt_policy: output policy not valid in PREROUTING and INPUT [ 487.135591][ T9412] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1455'. [ 487.281779][ T9412] device hsr_slave_0 left promiscuous mode [ 495.557820][ T9498] loop1: detected capacity change from 0 to 2048 [ 495.703872][ T9498] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 497.558930][ T26] audit: type=1326 audit(2000000201.415:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9537 comm="syz.3.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaf5ec1cb9 code=0x7ffc0000 [ 497.581706][ C0] vkms_vblank_simulate: vblank timer overrun [ 497.725047][ T26] audit: type=1326 audit(2000000201.471:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9537 comm="syz.3.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaf5ec1cb9 code=0x7ffc0000 [ 497.804474][ T26] audit: type=1326 audit(2000000201.471:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9537 comm="syz.3.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaf5ec1cb9 code=0x7ffc0000 [ 497.832975][ T26] audit: type=1326 audit(2000000201.471:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9537 comm="syz.3.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaf5ec1cb9 code=0x7ffc0000 [ 498.093246][ T26] audit: type=1326 audit(2000000201.471:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9537 comm="syz.3.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7fdaf5ec1cb9 code=0x7ffc0000 [ 498.115627][ C0] vkms_vblank_simulate: vblank timer overrun [ 498.702234][ T9549] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1493'. [ 498.777499][ T26] audit: type=1326 audit(2000000201.471:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9537 comm="syz.3.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaf5ec1cb9 code=0x7ffc0000 [ 498.839026][ T26] audit: type=1326 audit(2000000201.471:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9537 comm="syz.3.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaf5ec1cb9 code=0x7ffc0000 [ 498.861557][ T26] audit: type=1326 audit(2000000201.471:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9537 comm="syz.3.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaf5ec1cb9 code=0x7ffc0000 [ 498.890889][ T26] audit: type=1326 audit(2000000201.471:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9537 comm="syz.3.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaf5ec1cb9 code=0x7ffc0000 [ 498.933004][ T26] audit: type=1326 audit(2000000201.471:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9537 comm="syz.3.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdaf5ec194b code=0x7ffc0000 [ 499.049639][ T9553] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1496'. [ 499.182779][ T4487] bridge0: port 2(bridge_slave_1) entered disabled state [ 499.622413][ T9573] loop1: detected capacity change from 0 to 512 [ 499.681425][ T9573] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 499.783926][ T9573] EXT4-fs (loop1): 1 orphan inode deleted [ 499.789906][ T9573] EXT4-fs (loop1): 1 truncate cleaned up [ 499.795879][ T9573] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000004000000,jqfmt=vfsv0,quota,. Quota mode: writeback. [ 499.897657][ T9573] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 499.918965][ T9573] EXT4-fs (loop1): Remounting filesystem read-only [ 499.942405][ T9573] overlayfs: failed to verify upper (/file0, ino=12, err=-28) [ 499.950187][ T9573] overlayfs: failed to verify index dir 'upper' xattr [ 499.957245][ T9573] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 500.751608][ T9582] netlink: 277 bytes leftover after parsing attributes in process `syz.2.1504'. [ 501.753363][ T9595] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1509'. [ 501.786520][ T9590] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1508'. [ 503.819457][ T9611] 9pnet: p9_fd_create_tcp (9611): problem connecting socket to 127.0.0.1 [ 503.891226][ T9619] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 503.908138][ T9621] MPTCP: kernel_bind error, err=-98 [ 503.933246][ T9619] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1515'. [ 508.503136][ T9683] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 508.554391][ T9683] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1530'. [ 509.602748][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 509.614533][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 510.404326][ T9709] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1539'. [ 513.468008][ T9727] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1545'. [ 514.501510][ T9727] 9pnet: Insufficient options for proto=fd [ 517.835098][ T9763] blk_update_request: I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 517.846944][ T9763] FAT-fs (loop9): unable to read boot sector [ 529.088470][ T6823] IPVS: ip_vs_send_async error -101 [ 529.458507][ T9860] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1581'. [ 529.610962][ C1] Unknown status report in ack skb [ 529.840917][ T9860] netlink: 'syz.2.1581': attribute type 12 has an invalid length. [ 531.488486][ T9888] ptrace attach of "./syz-executor exec"[4187] was attempted by " [ 532.453961][ T9904] loop1: detected capacity change from 0 to 512 [ 532.812059][ T9904] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 532.842902][ T9904] ext4 filesystem being mounted at /304/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 533.670452][ T9919] xt_addrtype: output interface limitation not valid in PREROUTING and INPUT [ 538.275363][ T9947] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1605'. [ 538.324899][ T9947] chnl_net:caif_netlink_parms(): no params data found [ 539.403949][ T9963] rdma_op ffff8880796349f0 conn xmit_rdma 0000000000000000 [ 540.263378][ T9971] Invalid ELF header magic: != ELF [ 542.204719][ T9996] tipc: Failed to remove unknown binding: 66,0,0/4:2334542383/2334542384 [ 542.387484][ T9984] netlink: 'syz.0.1617': attribute type 10 has an invalid length. [ 542.400362][ T9999] tipc: Failed to remove unknown binding: 66,0,0/4:2334542383/2334542384 [ 542.442452][ T9984] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1617'. [ 542.491412][ T9984] netlink: 'syz.0.1617': attribute type 10 has an invalid length. [ 542.529106][ T9984] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1617'. [ 543.127372][T10011] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1625'. [ 547.989522][T10037] loop1: detected capacity change from 0 to 128 [ 549.216792][ C1] ------------[ cut here ]------------ [ 549.222331][ C1] WARNING: CPU: 1 PID: 10045 at net/mac80211/tx.c:4859 __ieee80211_beacon_get+0x179f/0x2000 [ 549.232534][ C1] Modules linked in: [ 549.236490][ C1] CPU: 1 PID: 10045 Comm: syz.3.1633 Not tainted syzkaller #0 [ 549.244013][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 549.254230][ C1] RIP: 0010:__ieee80211_beacon_get+0x179f/0x2000 [ 549.260642][ C1] Code: 2a f8 0f 0b 4f 89 64 2f 04 4f 89 64 2f 0c 43 c6 44 2f 14 f8 e9 19 fe ff ff e8 0d c0 2a f8 0f 0b e9 03 ef ff ff e8 01 c0 2a f8 <0f> 0b e9 76 f2 ff ff e8 15 89 6d 00 89 d9 80 e1 07 80 c1 03 38 c1 [ 549.280332][ C1] RSP: 0018:ffffc90000dd08e0 EFLAGS: 00010246 [ 549.286460][ C1] RAX: ffffffff894e5f9f RBX: ffff888060a86298 RCX: ffff888057388000 [ 549.294641][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 549.302820][ C1] RBP: ffffc90000dd0b08 R08: ffff888057388000 R09: 0000000000000003 [ 549.310867][ C1] R10: 0000000000000007 R11: 0000000000000100 R12: ffff888020444200 [ 549.318910][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff920001ba12c [ 549.326961][ C1] FS: 00007fdaf40fc6c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 549.335963][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 549.342647][ C1] CR2: 000000110c433426 CR3: 0000000055ec4000 CR4: 00000000003506e0 [ 549.350737][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 549.358811][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 549.366872][ C1] Call Trace: [ 549.370200][ C1] [ 549.373116][ C1] ? ieee80211_beacon_get_template+0x30/0x30 [ 549.379174][ C1] ? verify_lock_unused+0x140/0x140 [ 549.384423][ C1] ? __lock_acquire+0x13bc/0x7d10 [ 549.389529][ C1] ? verify_lock_unused+0x140/0x140 [ 549.394788][ C1] ieee80211_beacon_get_tim+0x48/0x840 [ 549.400343][ C1] mac80211_hwsim_beacon_tx+0xf4/0x920 [ 549.405861][ C1] __iterate_interfaces+0x243/0x500 [ 549.411179][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 549.417502][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 549.423823][ C1] ieee80211_iterate_active_interfaces_atomic+0xb3/0x140 [ 549.430930][ C1] mac80211_hwsim_beacon+0x9b/0x180 [ 549.436173][ C1] ? hw_scan_work+0xed0/0xed0 [ 549.440917][ C1] __hrtimer_run_queues+0x4eb/0xb70 [ 549.446182][ C1] ? hrtimer_interrupt+0x8d0/0x8d0 [ 549.451381][ C1] hrtimer_run_softirq+0x176/0x240 [ 549.456549][ C1] handle_softirqs+0x339/0x830 [ 549.461375][ C1] ? __irq_exit_rcu+0x13b/0x230 [ 549.466307][ C1] ? do_softirq+0x210/0x210 [ 549.470868][ C1] __irq_exit_rcu+0x13b/0x230 [ 549.475614][ C1] ? irq_exit_rcu+0x20/0x20 [ 549.480182][ C1] irq_exit_rcu+0x5/0x20 [ 549.484484][ C1] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 549.490160][ C1] [ 549.493112][ C1] [ 549.496108][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 549.502215][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 [ 549.508357][ C1] Code: 66 2e 0f 1f 84 00 00 00 00 00 53 48 89 fb e8 17 00 00 00 48 8b 3d 40 bb 10 0c 48 89 de 5b e9 77 3a 44 00 00 00 cc cc 00 00 cc <48> 8b 04 24 65 48 8b 0d 14 50 89 7e 65 8b 15 15 50 89 7e 81 e2 00 [ 549.528059][ C1] RSP: 0018:ffffc9000344fa98 EFLAGS: 00000283 [ 549.534177][ C1] RAX: ffffffff87da247e RBX: 0000000000000000 RCX: ffff888057388000 [ 549.542217][ C1] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000080 [ 549.550260][ C1] RBP: ffffc9000344fc90 R08: 0000000000000000 R09: 1ffff92000689f66 [ 549.558297][ C1] R10: dffffc0000000000 R11: fffff52000689f67 R12: ffffc9000344fd40 [ 549.566303][ C1] R13: 1ffff92000689f5c R14: 1ffff92000689fa9 R15: dffffc0000000000 [ 549.574372][ C1] ? ___sys_recvmsg+0x30e/0x5c0 [ 549.579292][ C1] ___sys_recvmsg+0x3dc/0x5c0 [ 549.584051][ C1] ? __sys_recvmsg+0x280/0x280 [ 549.588876][ C1] ? __lock_acquire+0x7d10/0x7d10 [ 549.593977][ C1] ? __might_fault+0xb3/0x110 [ 549.598901][ C1] do_recvmmsg+0x382/0x850 [ 549.603421][ C1] ? __sys_recvmmsg+0x290/0x290 [ 549.608342][ C1] ? __lock_acquire+0x7d10/0x7d10 [ 549.613454][ C1] __x64_sys_recvmmsg+0x195/0x250 [ 549.618528][ C1] ? do_recvmmsg+0x850/0x850 [ 549.623199][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 549.628450][ C1] do_syscall_64+0x4c/0xa0 [ 549.632929][ C1] ? clear_bhb_loop+0x30/0x80 [ 549.637706][ C1] ? clear_bhb_loop+0x30/0x80 [ 549.642456][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 549.648505][ C1] RIP: 0033:0x7fdaf5ec1cb9 [ 549.653031][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 549.672841][ C1] RSP: 002b:00007fdaf40fc028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 549.681435][ C1] RAX: ffffffffffffffda RBX: 00007fdaf613d090 RCX: 00007fdaf5ec1cb9 [ 549.689513][ C1] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003 [ 549.697663][ C1] RBP: 00007fdaf5f2fbf7 R08: 0000000000000000 R09: 0000000000000000 [ 549.705785][ C1] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 549.713833][ C1] R13: 00007fdaf613d128 R14: 00007fdaf613d090 R15: 00007ffec555f4d8 [ 549.722070][ C1] [ 549.725133][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 549.732489][ C1] CPU: 1 PID: 10045 Comm: syz.3.1633 Not tainted syzkaller #0 [ 549.739982][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 549.750070][ C1] Call Trace: [ 549.753378][ C1] [ 549.756252][ C1] dump_stack_lvl+0x188/0x250 [ 549.761056][ C1] ? show_regs_print_info+0x20/0x20 [ 549.766556][ C1] ? load_image+0x400/0x400 [ 549.771110][ C1] panic+0x2e5/0x810 [ 549.775056][ C1] ? bpf_jit_dump+0xd0/0xd0 [ 549.779705][ C1] ? __ieee80211_beacon_get+0x179f/0x2000 [ 549.785457][ C1] __warn+0x248/0x2b0 [ 549.789475][ C1] ? __ieee80211_beacon_get+0x179f/0x2000 [ 549.795232][ C1] report_bug+0x1b7/0x2e0 [ 549.799603][ C1] handle_bug+0x3a/0x70 [ 549.803788][ C1] exc_invalid_op+0x16/0x40 [ 549.808321][ C1] asm_exc_invalid_op+0x16/0x20 [ 549.813202][ C1] RIP: 0010:__ieee80211_beacon_get+0x179f/0x2000 [ 549.819570][ C1] Code: 2a f8 0f 0b 4f 89 64 2f 04 4f 89 64 2f 0c 43 c6 44 2f 14 f8 e9 19 fe ff ff e8 0d c0 2a f8 0f 0b e9 03 ef ff ff e8 01 c0 2a f8 <0f> 0b e9 76 f2 ff ff e8 15 89 6d 00 89 d9 80 e1 07 80 c1 03 38 c1 [ 549.839210][ C1] RSP: 0018:ffffc90000dd08e0 EFLAGS: 00010246 [ 549.845322][ C1] RAX: ffffffff894e5f9f RBX: ffff888060a86298 RCX: ffff888057388000 [ 549.853327][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 549.861331][ C1] RBP: ffffc90000dd0b08 R08: ffff888057388000 R09: 0000000000000003 [ 549.869344][ C1] R10: 0000000000000007 R11: 0000000000000100 R12: ffff888020444200 [ 549.877355][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff920001ba12c [ 549.885369][ C1] ? __ieee80211_beacon_get+0x179f/0x2000 [ 549.891296][ C1] ? ieee80211_beacon_get_template+0x30/0x30 [ 549.897327][ C1] ? verify_lock_unused+0x140/0x140 [ 549.902577][ C1] ? __lock_acquire+0x13bc/0x7d10 [ 549.907644][ C1] ? verify_lock_unused+0x140/0x140 [ 549.912901][ C1] ieee80211_beacon_get_tim+0x48/0x840 [ 549.918415][ C1] mac80211_hwsim_beacon_tx+0xf4/0x920 [ 549.923953][ C1] __iterate_interfaces+0x243/0x500 [ 549.929189][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 549.935465][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 549.941750][ C1] ieee80211_iterate_active_interfaces_atomic+0xb3/0x140 [ 549.948810][ C1] mac80211_hwsim_beacon+0x9b/0x180 [ 549.954049][ C1] ? hw_scan_work+0xed0/0xed0 [ 549.958764][ C1] __hrtimer_run_queues+0x4eb/0xb70 [ 549.964013][ C1] ? hrtimer_interrupt+0x8d0/0x8d0 [ 549.969172][ C1] hrtimer_run_softirq+0x176/0x240 [ 549.974332][ C1] handle_softirqs+0x339/0x830 [ 549.979148][ C1] ? __irq_exit_rcu+0x13b/0x230 [ 549.984050][ C1] ? do_softirq+0x210/0x210 [ 549.988594][ C1] __irq_exit_rcu+0x13b/0x230 [ 549.993413][ C1] ? irq_exit_rcu+0x20/0x20 [ 549.997979][ C1] irq_exit_rcu+0x5/0x20 [ 550.002367][ C1] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 550.008053][ C1] [ 550.011015][ C1] [ 550.013984][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 550.020002][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 [ 550.026108][ C1] Code: 66 2e 0f 1f 84 00 00 00 00 00 53 48 89 fb e8 17 00 00 00 48 8b 3d 40 bb 10 0c 48 89 de 5b e9 77 3a 44 00 00 00 cc cc 00 00 cc <48> 8b 04 24 65 48 8b 0d 14 50 89 7e 65 8b 15 15 50 89 7e 81 e2 00 [ 550.045756][ C1] RSP: 0018:ffffc9000344fa98 EFLAGS: 00000283 [ 550.051866][ C1] RAX: ffffffff87da247e RBX: 0000000000000000 RCX: ffff888057388000 [ 550.059874][ C1] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000080 [ 550.067894][ C1] RBP: ffffc9000344fc90 R08: 0000000000000000 R09: 1ffff92000689f66 [ 550.076002][ C1] R10: dffffc0000000000 R11: fffff52000689f67 R12: ffffc9000344fd40 [ 550.084028][ C1] R13: 1ffff92000689f5c R14: 1ffff92000689fa9 R15: dffffc0000000000 [ 550.092045][ C1] ? ___sys_recvmsg+0x30e/0x5c0 [ 550.096954][ C1] ___sys_recvmsg+0x3dc/0x5c0 [ 550.101708][ C1] ? __sys_recvmsg+0x280/0x280 [ 550.106641][ C1] ? __lock_acquire+0x7d10/0x7d10 [ 550.111715][ C1] ? __might_fault+0xb3/0x110 [ 550.116446][ C1] do_recvmmsg+0x382/0x850 [ 550.120922][ C1] ? __sys_recvmmsg+0x290/0x290 [ 550.125818][ C1] ? __lock_acquire+0x7d10/0x7d10 [ 550.130886][ C1] __x64_sys_recvmmsg+0x195/0x250 [ 550.135949][ C1] ? do_recvmmsg+0x850/0x850 [ 550.140685][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 550.145925][ C1] do_syscall_64+0x4c/0xa0 [ 550.150373][ C1] ? clear_bhb_loop+0x30/0x80 [ 550.155083][ C1] ? clear_bhb_loop+0x30/0x80 [ 550.159794][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 550.165808][ C1] RIP: 0033:0x7fdaf5ec1cb9 [ 550.170257][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 550.190198][ C1] RSP: 002b:00007fdaf40fc028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 550.198833][ C1] RAX: ffffffffffffffda RBX: 00007fdaf613d090 RCX: 00007fdaf5ec1cb9 [ 550.206845][ C1] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003 [ 550.214856][ C1] RBP: 00007fdaf5f2fbf7 R08: 0000000000000000 R09: 0000000000000000 [ 550.222871][ C1] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 550.230891][ C1] R13: 00007fdaf613d128 R14: 00007fdaf613d090 R15: 00007ffec555f4d8 [ 550.239022][ C1] [ 550.242364][ C1] Kernel Offset: disabled [ 550.246734][ C1] Rebooting in 86400 seconds..