last executing test programs: 13.288539686s ago: executing program 3 (id=2495): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x20004001) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565b, &(0x7f0000000140)={0x5, 0x802}) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040e07000220"], 0xa) ioctl$KVM_SET_GSI_ROUTING(r0, 0x4008ae6a, &(0x7f0000000000)=ANY=[]) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002280)='pids.events\x00', 0x0, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, 0x0) 13.038027455s ago: executing program 1 (id=2497): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000380)={0xa0000001}) ppoll(&(0x7f0000000200)=[{r2, 0x1}], 0x1, 0x0, 0x0, 0x3) 12.833796661s ago: executing program 3 (id=2498): setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'virt_wifi0\x00', 0x0}) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@remote, r0}, 0x14) close(0xffffffffffffffff) 12.457403282s ago: executing program 3 (id=2501): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='dctcp\x00', 0x6) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000000240), 0x0, &(0x7f0000000280)}}, {{&(0x7f00000003c0)={0x2, 0x4e23, @remote}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000000400)="1627c567d68bf59c66fa40124f8c7ada5e748914c352f17793d00a73a423d2118e57affb293b8d5a60d0817e8f9111925e9a68631b4b1cb5bb3a77175ff3360db1a72e59ac03c4378008a63795214b08f011b27b3d6dd4cbdb8f65c9cdb9fde1797055b0f40ac383e83383b637f8c00c2c33ecdd89839f8872cd64c58f1876b1df4a4c2b748c12dd3f33f18c71b0e2b2256be891758a893fc948c3ae8f25509253f5a1489e0b076d66852440fc003fb3487f359e80a3573f969584ad1a754915482a1052130fdf4771156a0927bc055d17000a917a1f28c7055c58b600", 0xdd}, {&(0x7f00000006c0)}, {&(0x7f0000000500)="493bde698e5a8bba3c82df241ea0fad3ca1d1b41d7a25f6bff083f97a329ccca28620075eb23f14543e205aa035c0b04703a8d7e6079471b546f274bddfe7c51bbfaac1a7390d43c1cdba10be7aa539e390e0e82bf1291a3f321cc5e3fc08766d509e0c2a1339a48378c039fda738336102b6d31dc7f24686d30762f066bc5528732f051b63ccaecdfff0064351451a40a43cfbd42335d51d70613a0be5bde", 0x9f}, {&(0x7f00000005c0)="a13b91444a241f78d556a3859220bafbb6e6bdb714c1f73f6a97b9314e27d7c4", 0x20}], 0x4, &(0x7f0000001700)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x7c}}], 0x18}}], 0x2, 0x801) socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1}, @NFTA_SET_DESC={0x14, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x8, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x98}}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) openat$cgroup_devices(r3, &(0x7f0000000300)='devices.deny\x00', 0x2, 0x0) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB='H\x00\x00\x00\n'], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) 11.838141326s ago: executing program 3 (id=2504): r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000380)={0xa0000001}) ppoll(&(0x7f0000000200)=[{r3, 0x1}], 0x1, 0x0, 0x0, 0x3) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000140)={0x4}) 10.697268539s ago: executing program 4 (id=2507): openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) r1 = syz_open_procfs(0x0, &(0x7f0000000200)='smaps\x00') r2 = fanotify_init(0x8, 0x0) fanotify_mark(r2, 0x1, 0x40000011, r1, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='status\x00') bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0xa0001f98, 0x0, 0x0, &(0x7f0000000440), 0x0, 0xa70a, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) preadv(r3, &(0x7f0000000000)=[{&(0x7f0000000240)=""/135, 0x87}], 0x1, 0x0, 0x0) socket$rds(0x15, 0x5, 0x0) r4 = syz_open_dev$cec(0x0, 0x0, 0x1) ioctl$CEC_ADAP_S_PHYS_ADDR(r4, 0x40026102, 0x0) 6.420539206s ago: executing program 4 (id=2511): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000002640)={[{@delalloc}, {@bsdgroups}, {@oldalloc}, {@errors_continue}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x10) creat(0x0, 0xa3) r1 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x1}], 0x1, 0x101000, 0x0, 0x9) 5.584142936s ago: executing program 4 (id=2515): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket(0x10, 0x3, 0x9) r0 = socket$netlink(0x10, 0x3, 0x10) getpid() r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r2, 0x1}, 0x14}}, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) socket$alg(0x26, 0x5, 0x0) socket$inet6(0xa, 0x2, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@loopback, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, 0xe8) 5.08674315s ago: executing program 4 (id=2519): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000006c0)={{r0}, &(0x7f0000000000), &(0x7f0000000640)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10) 4.734266885s ago: executing program 2 (id=2521): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@my=0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000040)={{@host, 0xfffffffd}, @my=0x0, 0x78daf67cf30ceecb, 0xf, 0x4, 0x8}) 4.624757619s ago: executing program 4 (id=2523): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={0x0, r0}, 0x18) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000140)='./bus\x00', 0x100005, &(0x7f0000000e00)={[], [{@subj_user={'subj_user', 0x3d, 'ext4\x00W\xa3\x983\xd0\xd9\xfa\xf5\xcezW\xd4;\x1b\x9a\xa9\xb4f\xde/\x11\x01j\b\x80\xf1\xf4\xf3\xfd\x90\x9f\xf4I\xd7\xbb\xd6\xb8q!^p\x8f\x03~3\x05\x96\xe7\x94K\x1dV\xbej\x8d\xa8\xd1\x9b\xd5\xbdu\xf9\x14+\xd4L\x03\xa3&\xa7\xfa\xb6\xe2^\xbf\xe97\x18\xeb\xb4XJ(\xfb`G}\xe1i\xefrA\xcf\x80\xe7sH\xab\xc9\xec\x119C\xb0\\\xea\xa0{u\x17\x83gg\xbb\xadF\xe9O\x19\xb7+_\xb7v\xd6\x81\xf3H\xf1\f\xa4]f-\xe7j\x03\xc4\x1d\x82T\xca\x888X;\xcdI\xe1\xae:\a\\\x14Q\xc6.\x86b[@\x9cy\x94\xa9\xaaA\x94:Q\xf4\xe9\x04\xcajyE\x1a\xb2N\x92\x91\'SP\xbb\x1d\'\xa9)\x1f\xacwnK\x9b\x17\xf6b\x00\xc41\xba\xe2Q:5r\x02V\xd9\xa1\xd2\xed\xb3\xf68\xd0\xce\xd4\xa8:`Uzm\xd8\xbf\na'}}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'k[\x1c\xec\xae\v5\xd1\xcf\a{j\xd1\f#\xe0>\x14\"\x91\x12\xd8M\aX \xc4\xf8\x06UEEM\xe0\xc8\fL\x02\xfe\xe5_Neq\xbf0\xb5\xc4\xdeh\xc5\x88?y\t\xbd\x12\xce\xca\xf4\xb1V\xfd82\xbc7\x01Z)\xecZ0\xfd\n\x1e\"\xef[NvC\x91+\x1e\xf0\x9e\x90M\x9b\xf1\xd9r:\xd7}\x9a\x9b\x9d\x92+P9RO\xa79\x0e\x83\xf3E\xec\xe0\xf4\xf2\xd7\xab\xcbd\xa7\xab|\xc2F@\xf5\x0f\x84-\t\x9esJYYDB=bK\xed\xe3\xd8\xa7\xf7\xe4oSX\xa9T3\xce;\x95\x9dDm\x97[\xbfV\xb3\x8b\x12\xb3\x91\xea4\xdc\x83\xe0q\xed\xca\xda\",=P\xcbE\xc9\xda\xb6X\xfd\f\x83\x03\x00\xe6:\x9c*[0\x9ak\x82ilR\xb5\xb4,\xd5L;\xaf\xdf\at#\xf7\x96\xf0s\xde\xf0\xb8\x93D\xced\xed\x13\x99\x13\xef\x87C\\l\x03\xe4$\xa2\xb7\xcb?\xcdJ\xad\b\x1e#\x9d\xd4\xfaZU\x9b\x1f\xd2\x96\xa7\xcc\xdeBC\xb4S\'b\xaf&\xdeFd\x90\x10\xe8\xd1\x00\xaf]\x13\xa1\n_.\x85\x8aWhI\xaa\x101\xeaT\xc7\x04Rl1\x065g$\xcc\xed47\xd2\xfb!P^\xc2\xd8\xa0\xef\x1c\x8f\x98\xdct\x97\xb0\"[\xcb\xd3\x84\x9d\x97{\xea\xa1_\x88ItP\x8b?\xf0\x87tVA`\x91\x18\x1b\x01b\x9f\xd8csq\xce\xab\xe4\xf8\xcb\x946\x97\x9a\xaf\xbb\x99\xc2\xa8\\\xf4\xe3.\xc0\x8d\xb2\n\x17\xe6\xaeJe\xc9\x00IO\xdd\x85\xfa\xff\x14\xd9\x1c\xbf\xe7C\xd2A\x1d\x90\xc0\x14\x8e\xd2I\xf8Y]N\xb7(\xcb\xb0\xe5Rb[n\xaf\x8a\xee>\xa5\x1b\xbc\nF\bv\xa8x\xf3\x03\f\x18\x89\xe4O\xcc\xd0\x1f\x90\xc5\xd9\x11\xf7{I3d\f\x06\xc52\x7f\xaa\xd6\xb9q\xed\x9c\xb3U\xb5\xf8&\xc7\xdb\x82\xb0\xd4\xea]\x80\xc0\x1c\x9c\x1a.^\xdc(\xa0b\xc6xB\xe7R\xa7\xe7{z\xf3~\x05\xd6\xf6\x9d;\x97\x94\xc7\xb5\xe5ZJ\x7f\xc6\f4y\x05g*\xfa\xbaN\xc2\xc3e<\"\n7\"\xe6\xc2@t\x8a\'\xf9_+\"3y\x84\xb2\xc3-\x9da\xc0\xbe\x00=\x82\x00W\f)Y\x8e\x8b T\x12\xfd\xa6T\x8e\x91ZzQX\"\x9f~\x03;$O\xc7\xfd'}}]}, 0x0, 0x457, &(0x7f0000000700)="$eJzs3MtvG0UYAPBvbSdt+iChKo8+gECLqHgkTVpKD1xAgDiAhASHcgxOWpW6DWqCRKsKCkLliCpxRxyR+As4wQUBJySucEeVKtRLCyejtXdrx7GTtHHsEv9+0rYzsxPNfJ4de3YnTgADazz9J4nYERF/RMRoPbu0wnj9v1s3LpX/uXGpnES1+vbfSa3ezRuXynnV/Oe255lSROHzJPa1aXfhwsUzM5XK3PksP7l49oPJhQsXnzt9dubU3Km5c9PHjx89MvXCsennsxpb1xVnGtfNvR/P79/z+rtX3yyfuPreL98lefwtcXTJ+Eonn6xWu9xcf+1sSielPnaEO1KsT9MYqs3/0ShGY/BG49XP+to5YENVq9Xqg51PX64Cm1gSbQpLBxtvD8AmlX/Qp/e/+dGLdce94vpL9RugNO5b2VE/U4pCVmeo5f62m8Yj4sTlf79Oj1j9OcSWDeoGADBAfkjXP8+2W/8Vovm50H3ZHspYRNwfEbsi4lhE7I6IByJqdR+KiIfvsP3WTZLl65/CtbsKbI3S9d+L2d7W0vVfvvqLsWKW21mLfyg5eboydzh7TQ7F0JY0P7VCGz++8vuXnc41r//SI20/Xwtm/bhWaln1zc4szqwn5mbXP43YW2oXf3J7JyCJiD0Rsfcu2zj99Lf7O51bPf4VdGGfqfpNxFP18b8cLfHnkpX3Jye3RmXu8GR+VSz3629X3urU/rri74J0/Le1vf5vxz+WNO/XLqRFw3fUxpU/vyg3ptNSd3v9DyfvLCn7aGZx8fxUxHDyRr3TzeXTLfWmG/XT+A8daD//d0XjldgXEelF/EhEPBoRj2V9fzwinoiIAyvE//PLB9/vdO52/CNZQR/Gf7bd+L/WafwbieFoLWmfKJ756fsljY41kmsb/6O11KGsZC3vf2vpV341AwAAwGZXiIgdxaQwkaejUJiYqP8O/+7YVqjMLyw+c3L+w3Oz9e8IjMVQIX/SNdr0PHQqu63P89Mt+SPZc+OviiO1/ER5vjLb7+BhwG2vzfnl8z/1V7HfvQM23Or7aLt60g+g93xfEwaX+Q+Dy/yHwdVm/o/0ox9A77X7/P+kD/0Aeq9l/tv2gwHi/h8Gl/kPg8v8h4G0MBKrf0leQmJZIgr3RDf+z4lqsvY/VNHzRL/fmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrjvwAAAP//n1HZTw==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x8, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r6, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) connect$pppl2tp(r1, &(0x7f0000000240)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0x4e21, @empty}, 0x2, 0x0, 0x2, 0x2}}, 0x2e) getpid() 4.153739761s ago: executing program 2 (id=2524): setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'virt_wifi0\x00', 0x0}) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@remote, r0}, 0x14) close(0xffffffffffffffff) 3.804712661s ago: executing program 0 (id=2525): syz_emit_vhci(&(0x7f0000000580)=@HCI_EVENT_PKT={0x4, @hci_ev_role_change={{0x12, 0x8}, {0x5, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x5}}}, 0xb) socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_emit_ethernet(0xfdef, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "92c01f", 0x8, 0x2f, 0x0, @remote, @ipv4={'\x00', '\xff\xff', @private}, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21}, {}, {0x8, 0x88be, 0x4305000f}}}}}}}, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000180)) write$dsp(r1, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000780)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x44, 0x44, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x0, [{0x0, 0x2}]}, @func_proto={0x0, 0x4, 0x0, 0xd, 0x0, [{}, {0x10}, {0xa}, {}]}]}}, &(0x7f0000000240)=""/199, 0x5e, 0xc7, 0x1, 0x0, 0x0, @void, @value}, 0x20) 3.580119159s ago: executing program 2 (id=2526): syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000020f10120480b0320c3970102030109022400010000000009046cb402c432ad0009050300080001060609050202"], 0x0) socket$inet_tcp(0x2, 0x1, 0x0) connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x8040) 3.093439946s ago: executing program 4 (id=2527): syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000180)='./file1\x00', 0x10, &(0x7f0000000480)=ANY=[@ANYRES32=0x0], 0xff, 0x59fa, &(0x7f000000bbc0)="$eJzs3X+QHNV9IPDXM7Pa0a5+rAQOMpjVIqOEQGyt+FXYpGIll9gpIJRcpBzEyYYFrYhsSaj0I4AgQeTAhw5w4RSpBCd/EBfmDqO4qIKLUSgTfpzE2dgqLj7qClNn32H/4SvCoTKgo1w+b2p3+s3O9E5vz87O6gd8PiVtT7958+3Xr9/09PfN7E4AAADgfeHgnTuOXH7q733nz0ffue33/3HL7aG/PFFejRUG0uVNx6qFHE29lWUTy+y4+LVbvv6Toet+59uP9X3t3QMbztj4g9896bqnPn/J/gf+5tm3Fz7xy9eK4sbxdPbkevJGEkL1W4f/8osHXjxlvCxZNP6ztCeEJcnSZ5ckmRDDPw8hbBhvYwhhWebOx985b+P48va7e5vKF2fqGe/vb+PHeXxg7T5y4znhh7+97o7vLf/G3/fse33PZJWk2jCeQlh0TePje0II89P/IR2LoWE8xkG7NoTQ1/C4iwra9eE2278qZ/20dDkvXfYXxIn3r8islzL1sutRT2bZV7C92cprRyf1ym3UWZBZz56MZiuvnbF8Sbr8Zro8e4bxy+k+lJNQSkKl3vzNyeQYCQ3HLQnJxLGs1tdL9WMb0v3PrCeZ9VJmvdyT2a+J7aYDrZwkzeWxXqY8no4rafkZjefqFq7IKf9guqymT9R343rI3qjpn3Kjvl8TYrsOT9OWo6HUcA5qVV4/8OnB6E/L+pOlUx4z1kK878C6e1aW1z93cCCnHcljSRo/6Sj+7u8uWfC5R/fuyr6u1+NfU0rjlzqK/6NLD7151d6vfiU3/n0xfrmj+Oc+3ffGpc/fuSK3fw7H/ql0FH/ktRfuXX7ytfty2/9gjF/tKP6a/Yd6Fx55+pnc9g/H/pnfUfxXL/7kjx95+cnXc+OHGL+vo/jr92/7Uu/gkbNy4z8T+6e/s/Hz1r4LXxkc/OlQXvyXYvyFHcV/eM8DH39o8d2X5B7ftbF/BjqKf9mZT92x4MiTp+edO5MH232FBaCVk9JrrLvS9U7zzNlqyBf+eqhSu+ZbkP5f2M0NZS4+x7ezqJvxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACCE8IFz/uun/vdnBt6opOu96Y1XS7VlLJ8XQjI/hLBj58j2nZu2Xj/0+Rt2bd86snloZOfQ6Nad228eOv83hraPbts8cvP4vcMfOa/2uKUhqS2T06dsu3dsbKw00FwWt/dvztz3w5UX/Z9/CWH4A98frOS2f9UDWx46ucXPjGTN2Ce27Lr8+xf8XbpfA2m7Blq0a2xsbCzktOv/XvmLh/7i8E/OCmH4V6Zr1wuv/tY/NTVoomAyTqrUG2oN6k36Wraj3uq0PbG/Khs3bR4dnr5/xx9fztmPf3vL6z/feNOXf1Hr32rufrTZv/PXjG0u/dW6y/7/X91aKyhq17E67kX9Hfciti/2XzXt70Xpfi3K2a9Kzn7d+b1nXv7WqXvzO7pgv3rSAdCTfLCt7ca960uWNJVX0/qxIfFxq3Zu2bZqx827P7Jpy8j1o9ePbv3Y6vNXXzh8wYUXrJrY81Xd2f+394ThylvL+0Lc/q+2uf9HZzwt/pM934w/2xtPze2aN+P+GG9XcX80tijv+dd3xRfv/9gDz19eKyga57F2/XySLvvGj/Pq0DDepvZVq/0qOj4hhKFW/fDm25eEU/7HpjuKzkONR6bxZ0ayZuzFFT/7u4v+dtlv1gqOynm+sUEdnufrrZ5sz0R/VdPjMXac9m9vKKf71d+yXatffL7nnoP/8qf19s2bF24a2blz++razwVpSxckp7VsV7Y07tfyiZ/lkHZLqA/TFuN1XE+otS97/ozVs73an97XnyxtuV9Z8b4D6+5ZWV7/3MG8nk4eq21xflhYWyYfyqm5OfPAcr3BrbZ/vD7/isbH4Kf+9onPPPEP508ZH+fWfhbtV5KzX994+eH7v/blf/8P3duvT/3WoYGf/c8/XlkrOO7PK+VaQ+qtTtuTNJ5Xzg2h6Pm3PLTej9znX6n1/hQ9/7LbmazfOt5QZr0/lDt6vp77dN8blz5/54rc5+vh6Z6vjTt7a9PjygXP1+Nl/GSfX0mluR1z9/xqGijJmrFv33XSnmdvW3tqraDo9bJeu9W4Pq+N/CNnv/7pqlcGbxj6d/+9e+eNr//G41f/YGTNn9UKOj/usS3dOe7VtH+rOf1bb3XMOxv796PX3bB5Q628qJ+P3fVvuizIf+KpZMfNu78wsnnz6PYd7e1Xu6+ncTvZXu709TSe3ZYW7Fdpyn7N3Y12+qvd51ts/4aO+6v5+dYfko5eF3Z/d8mCzz26d9fAlEelG7qmlMYvdRT/R5ceevOqvV/9Sm78+2L8SkfxR1574d7lJ1+7Lzf+g0kav9pR/DX7D/UuPPL0M7nxh2P753cU/9WLP/njR15+8vXc+CHG7++s/9/ad+Erg4M/zY3/UpJuZ/waKYTH3zlvY209CT3p8y22o6epXSG7nmTWS5n1cuN6Kc4ipBsoJ0lzeayXlp/R0JZW/iinPF6FVZfVlu/G9ZC9MX358abUcO5vVV50nQoA8F4X3/+P16Dx/f/R9EIpf6YBJs02D1uWEzfmYZPzOc3vsS5L48fHx3nAwY+G4fHl7UO1C/2Zvo8Qnw/Zec64nbM+3ByjcJ5zbGL7U+Y5i+bfV2TWY7tq8+WVhjw0NTWvqYQ25t+nbmf6+ffM7he/nzV015RmDTXMW2WPX086Y9bq8w6Z9lbGI+SNj+y8WPw8x+CisHZie22Oj+znaOJxyH6OJm7n1MyJs9PP0eSNj4Gp/dDUrjg+Yr1pxsdEk4vfj5x6/MI0/Tt5/FpHyx6/GRzv6nj9uX5/tgvzhi1PaUdv3nBu3w8zL5kTP32CHe/zhrE87kelzfnEz+SUd2s+MZ4uYrsOT9OWo8F8IvBeFfP/+Boxnv+PX4D/v0y9ojwle9UY4+V+Tqjcuj1FecfUz+n1dfQ6vn7/ti/1Dh45K/c655l2P6e3rWmtr+BzP0X9uDKzXtiPORM0RfledjtF/Z79XEZ/WNhRvz+854GPP7T47kty+31t7YW0uN/vb1pbWNDvJ0C+0Dq+fOF9kS/M9fzZMctH0g8+zVU+8oc55TPNR/qm3Kjv14TjNx+ZfCFtykd6jm67AIATR8z/6++fpfn//4oV0uuIorz17Mx6jJebt+Zcn+TlrX+QLm/K1O9Pf6NiptfNl5351B0Ljjx5em7e8mC7eeh/alobKMxDZ5c35+YRa7vzefHcPKKeZ80uT8xtfz1PnF2envM2bUOePrs8Ord/6nl08zzA/Yfaix/nAXLj1+cBupjn/nKy0tHLcwvm6zIbi6vtztcdkzx6UfN+zkkenf767Fzl0VfklM80j+6fcqO+XxOO3zy6uVweDQC8V8X8P17Gxfz/+Uy92b7PnpsXdOm6Pfv3QOrxX5qTvHIyfpfe/y3O++Y6b53rvH6u5yVO9Pd/53peaGDiD3jO1TzZMXt/+XjJi9ONyosBADiexfx/frqen//PLj+Zkr/11C4hJ/OTEy8/b6wnP8+J/57Jz0/0+a+5/ZzM+z7/j+vp6pj8HwCA41DM/+OvPca///df0vXs360/EfP04H10efoJk6d3eZ4txm/8HIB5gKP7+fj5k/XNAwAAcCz0TGRKU3/P/rPpMvt79nm/l39VTv12VdLL42t3bh8dvXrXtg0jO0ev3nrDhtEdV9+4fdPOnaNba/Vmmzfm5i1p3tgTKml/tK6XzdsWp38PYXHO30PI1o9hT5u4MfXvIWQ3O7/g7whMHr/22pt3/ErT1G81PvKOd178P8qpH9WP/3V/fO7VG3dcvWnrpp2bRjZv2j3aXG88a+2bwfdmJun/GX1f6guv/oeDIdRuTXxrZkZp5t/fGQ/PDNvR9GPKHxcujfd3knv8x9uRZNqxJG3JkrzvP8hp93f+21/8yZljv3gkhOEPlD8003Y3h1wz9p+vHP2DnQe/v228/aVp21+vmbar6PtKs/Xj/lQ237Bj5zkbb9i1NfuNkp2J8xml+voczWekT/9ym/MT63PKZ/r7++UpN45Pbc9PAADQJL7/H69n4/uHX04voGJ5+3l67cKx0/ePc/P04fby9Oz3khXl6dn6cX/bzdOrs8zTs9svytNb1W+Vp+fl3Xnx/zCn/ky1P046+JxHTD8f3bsrd5xc0944yX6fQdE4ydaf6ThJZjlOstsvGiet6rcaJ3nHPS/+p3Pq5ykaD5X6eJjd53Jyx8N97Y2HX8+sF42HbP2ZjofSLMdDdvtF46FV/VbjIe/45sW/PKd+u5rHx/jAmBgXo1ffeMP2LzTUm+vvvwhTP5LRTvvmTT52br//o1Pt9+/cfu5r9u0PYc1ESV775/ZzZbNvf1H/z+BzZYvClM+V5bb/pdnNhLXf/rn9fpeMvOpTH3+05mvTM0HR58+K5nHX5ZTPdB533pQbxyfzuHDsxPw/vt0T8/+702W33wY68b8nzfeYtYzfpe8xK7qOed+9nmffcvd6DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDi6w2ht7Js4ubBO3ccufzU3/vOn4++c9vv/+OW23/tlq//ZOi63/n2Y31fe/fAhjM2/uB3T7ruqc9fsv+Bv3n27YVP/PK1wtgDEz8rZ6er1RCSN5IQqt86/JdfPPDiKeNlSQihnAzsCWFJsvTZJUkmwvDPQwgbYlMrzXc+/s55G8eXt9/d21S+OBMku1+hvxzb09jOEG4q3CNOQNV0nO0+cuM54Ye/ve6O7y3/xt/37Ht9z2SVpNownkJYdE3j43tCCPPT/6H2lJmwLD44Xa4NIfQ1PO6ignZ9uM32r8pZPy1dzkuX/QVx4v0rMuulTL3setSTWfYVbG+28trRab0iCzLr2ZPRbOW1M5YvSZffTJdnzzB+Of5PQikJlXrzNyeTYyQ0HLckJBPHslpfL9WPbUj3P7OeZNZLmfVyT2a/JrabDrRykjSXx3qZ8ng6rqTlZzSeq1u4Iqf8g+mymj5R343rIXujpn/Kjfp+TYjtOjxNW1L/sbhK50oN56BW5fUDnx6M/rSsP1k65TFjLcT7Dqy7Z2V5/XMHB3LakTyWpPGTjuLv/u6SBZ97dO+uZXnxryml8Usdxf/RpYfevGrvV7+SG/++GL/cUfxzn+5749Ln71yR2z+HY/9UOoo/8toL9y4/+dp9ue1/MMavdhR/zf5DvQuPPP1MbvuHY//M7yj+qxd/8sePvPzk67nxQ4zf11H89fu3fal38MhZufGfif3T39n4eWvfha8MDv50KC/+SzH+wo7iP7zngY8/tPjuS3KP79rYPwMdxb/szKfuWHDkydPzzp3Jg9165QR4fzopvca6K13vNM+crYZ84a+HKrVrvgXp/4Xd3FDG+HYWzWF8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADem/751vM/e+UnPr2ukoSQ5NQZayHeV563Zs1QB9sdee2Fe5effO2+xrJlHcQBAAAAisU8vFQvqYZl4cZkfjitZf04R3BaXEuay7NzCDFOdo6g0zilFnFKHcQpd6k9lS7F6elSnHlditPbpTjVgjjV0F6c+dPEqYyPgDbb0zdte9qP09+lOAu6FGdhl+Is6lKcxV2KMzBtnPbH4ZIuxVnapTgndSnOyV2K84EuxfmVLsU5pUtxsnPKMx2HC9Oap+bFmbhRLoxTScr1O1rNp5+Sbuf0WW6nf9rtVMcWFr0et7md+QX7E7fz4czjSjPcTrXN7fzqLLeTtLmdX5/ldkoF24nj9qZs++J24lqb4//mLsXZ3aU4t3Qpzq1divOnXYrzZ12Kc9ss4wC0K+b/k/neQOit/GboS8842VmAmO8un/g59fUu74QU430oUz6vKF42Uc/EWz7T9mUnEDLxVmTKe5riVer5yDTxqo3xVmbunG5/L17Tum2N8c7OlPdOE69pBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgKPjnW8//7JWf+PS6kITxfy2NtRDvK89bs2aog+0eWHfPyvL65w42lvVWOggEAAAAFIp5eE+9pBp6K6tDbzKvqV41nQeopuvlgdpycFFYO75MhkoT633JkmkfV0kft2rnlm2rdty8+yObtoxcP3r96NaPrT5/9YXDF1x4waqNmzaPDtd+htBbEC+EMDH9sOPm3V8Y2bx5dPuOWmG2/cvSxy1L15P0cYMfDcPjy9vT9i8t2F5pyvbm7kbx0QMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+Fd27S1EzrN8APj7zczOTLfNv/Onp2loNkMOJWrVJG4l1dL9QLDQHMhSkNnqWoJNsLhpQpuUWMc2YFsTFKElECK5MBKLrcWbHmwReyAQqdGAG4O0RXOhF0qrlbTkQlJGdme+Oe1MZx1Kksbf7+I7PO/zvs/3fhcLz7cDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA59Z0ZXSyPDY+MRyFEPXIqXaRjKWzcVwaoO5XXtz+g9zImRWtsVxmgIUAAACAvpI+fKgRyYdcJh3S4drZuyWhZSA0+34AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOB/z3RldLI8Nj5xaRRC1COn2kUyls7GcWmAuqfeffqzr4+M/K01VhxgHQAAAKC/pA9PNSL5UAxLw1B07Uzn34gm3wYWdsyv5TUl6yyaZ17nt4NeeUvnmXf9PPM+1idvQ/28KwAAAMBHX9L/ZxqRQshlFszph5P+v19fn+Qt7shL18/z/61Adt6ZAAAAwAdL+v9cI1IMuUyx0a/Pt99f0pGXzO/3f/tk/vIe8/v9P399/ez/9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw0TFdGZ0sj41PpKMQoh451S6SsXQ2jksD1F390vA/1h55ZElrLJcZYCEAAACgr6QPb7be+ZDLDIehcOls3z9y68Fnv/Ts86MhhFqbn82GXZt27Lh3de2Y5K06dmTo+0ff/vacvFW143nbIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8KGZroxOlsfGJy6JQoh65FS7SMbS2TguDVD3zc9/8S9PnnzhrdZYcYB1AAAAgP6SPrzZ++dDMWRDNlw9e9fa689Idczv9c0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuHjc980HvrFpamrzvS7Oz0U1HcIF8BguXLRfnO+/TAAAwIdtcYhC9b90zcbz/dQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCFYLoyOlkeG5/IRyFEPXKqXSRj6WwclwaoG794PLfgzEuvtMaKA6wDAAAA9Jf04c3ePx+KYSgMhatm77p9E5jt/wvn8CEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAC8p0ZXSyPDY+sSAKIeqRU+0iGUtn47g0QN0ndh/43OHLv3dbayyXGWAhAAAAoK+kD882IvmQy3w85MJ19fup9glRun7u/l2gOW9727Thec+rtM1Lz3veno6dZeq7qc3LJ+sVaufGvFJzXqo+r9Qyrxga5UuNebMva19btQV9nnPumwcAAIBzJ+n/c41IIeQyuZb+/6dt+QV9LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQw3RldLI8Nj4RRSFEPXKqXSRj6Wwclwao+8Bv//+yr/5s787WWHGAdQAAAID+kj682fvnQzEsCv8XFs32/aHQnp/k/bN89vDj//rrihBWXn1iJNO57I+Si1+/ecvLnYcQUu3ZqRAur9eLetT7ze8fv39Z9eyTIay8Kn3dnHrhg+u1LxlXnytvXr/j6IntfV4OAAAAXCSS/n+oESmEXOaenv1/0nn36f8bZhvwy+/f/Ysr68d6R94xI1Wo10v1qPeFZU//efmav7890//PrffJxtWnD2w9fGVbwVqkQxRXx7bu3HDixkOpZNe1+umO+sl7+fK33vr3ll2Pna3Vz4d8Pb6w41Fq1eYeO8qHuDqV2j+x7v39lfb6mR77f+R3r5z81cK9783Uf3fxcKP+9aFb/drOMz3rh0vi6vDtj+676cCRDe31QwilbvXfee+2cM0f7364c//DHQu3vvnWY+cLiKvHlpw+tOZg8eb2+lFH/eT9//zkE/t+8th3n0/qJ78VWbF0vvVTHfVf23PF7lcf2riwvX6qx/5fvuP1kW2l7/yhc/93ta2a6fkUc/f/1A3P3PnGpvjBziEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICLy3RldLI8Nj6RikKIeuRUu0jG0tk4Lg1Q99Ta4+/csffHP2yNFQdYBwAAAOgv6cObvX8+FEM2ZMPwbN//XHnz+h1HT2wPhdpoVD9nprbdt+MTW7btvOeu8/TkAAAAwHydWhvN9v+ZRqQQcpllYaje/49t3bnhxI2HUkn/n5o5RyGELXdPbV4ZGnmv7bli96sPbVzY+E4QwuzPAvIzeZ9p5t16y/HC6T99fXnXvNXNvGNLTh9ac7B4c5IXWvNWhcb3iadueObONzbFDzaerzXvU1/bNlX/PJGsO3z7o/tuOnBkQyr5jlE/D9fXTfKmUvsn1r2/v5IqhNzMeLqel6/vGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYa7oyOlkeG58I6RCiHjnVVvVAMpbOxnFpgLrrlv3y4cvOvLCoNZbLDLAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsJ+/YVIVcVxAD9nZrcdd3Z1V4O2onW1orAHpSCiXioqQiOEngwJS/MhCoKIwh5aQyOxopcg60WigmoLwSA3SbRYo3/SSw8VFFgPgUgLtYv0kDEz546z17mNzlogfT4wnD3n3vu9v3vPmTt7AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOK/09YzU28PbH5u9+5Lbv3jmwZmn7/zoka1XPfXOL2Mbb/18T/+bJ6Y2Ldv8/W1LNu5/aPXkrtcO/TH4wV9HOwY/2WhWpG4lhHg8hlD5ePrlZ6e+vKg2FkMI5Tg0HsJwXHxoOOYSVv0ZQtjUrHPuxr0z122utVt39s0ZX5QLyV9XqJazehqG5tbb6mQ+jPNOJa2zLbNPXBN+vGXdtq+Xvv9e78Sx8VO7xNo+5bSeQli4ofX43hDCgvSpyVbbSHZwateGEPpbjruhQ12Xn2H9Kwv6l6b2gtRWO+Rk25fn+qXcfvl+pjfX9nc433wV1dHtfp0M5Pr5h9F8Netc2X58OLUfpnbFWeaXs08MpRh6muU/HE+tkdAybzHE+lxWmv1Sc25Duv5cP+b6pVy/3Ju7rvp500Irxzh3PNsvN549jnvS+LLWZ3Ub9xSMX5zaSvqinsj6If9HQ/W0P5rXVZfVNf0PtfwXSi3PoHbjzYlPk1FNY9W4+LRjTraRbZta9/yV5fWfHB4qqCPuiSk/dpW/5avhgfve3fH4SFH+hlLKL3WV/9OaI7/du+P1VwvzX8ryy13lX3ug//iaT7cvL7w/09n96Tmj/Jj62bb7j372wtILH5hoN9f1/N1ZfqWr+m+ePNI3OHvgYGH9q7L7s6Cr/B9uuuPnt7/dd6wwP2T5/V3lr5989MW+0dmrC/MPNr4K1foK7WL9/D5x/Xejo7+OFeV/k93/wTb5sWP+W+O7bnxj0c7VhetzbXZ/hlL+grOq/64r9m8bmN13WdGzM+4+V7+cAP9PS9L/WM+lfqf3zL0zpbbvmfPV8r7wylhP4xdoIH0Gz+WJcmrnWfgv5gMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwN/swAEJAAAAgKD/r9sRKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBUAAAA///T0yVX") r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, 0x0) 2.994626584s ago: executing program 0 (id=2528): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='dctcp\x00', 0x6) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, 0x0, 0x0, 0x801) socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1}, @NFTA_SET_DESC={0x14, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x8, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x98}}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) openat$cgroup_devices(r3, &(0x7f0000000300)='devices.deny\x00', 0x2, 0x0) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB='H\x00\x00\x00\n'], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) 2.964761671s ago: executing program 1 (id=2529): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket(0x10, 0x3, 0x9) r0 = socket$netlink(0x10, 0x3, 0x10) getpid() r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r2, 0x1}, 0x14}}, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) socket$alg(0x26, 0x5, 0x0) socket$inet6(0xa, 0x2, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@loopback, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, 0xe8) 2.627953526s ago: executing program 0 (id=2530): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40201, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201}) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000004740)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000100)="8aa91c2b", 0x4}], 0x1, 0x0, 0x0, 0x4040081}}], 0x1, 0x40980) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd2000100000004000000060ec97000fc83c00fe8000000000000000000000000000aaff02000000000000000000000000000121"], 0xffe) 2.49468445s ago: executing program 1 (id=2531): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) r2 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000100)=ANY=[], 0x52) 2.084279432s ago: executing program 0 (id=2532): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYBLOB="0096c6438500"/25], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1f, 0x18, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b3000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x19, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socket(0x10, 0x3, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{}, &(0x7f0000000440), &(0x7f0000000480)=r1}, 0x20) socket$inet6_mptcp(0xa, 0x1, 0x106) socket(0x23, 0x5, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 2.047498849s ago: executing program 3 (id=2533): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7bedcb5d07081196f37538e486dd6372ce22667f2b00dbf6e97158cf474fec87891f6d76745b686158bbcfe8875afdef00010000000029"], 0x66) 1.863711017s ago: executing program 1 (id=2534): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000300)=@gcm_128={{0x303}, "b2f2a03891307a69", "00000100", "634eca88", "a3aed7f3f111d75e"}, 0x28) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), r0) recvmsg(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x10043) 1.781114889s ago: executing program 0 (id=2535): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x4000800) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x2c, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r3, {0x4, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@TCA_CHAIN={0x8, 0xb, 0xfffffffe}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x0) 1.479932195s ago: executing program 2 (id=2536): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'virt_wifi0\x00', 0x0}) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote, r1}, 0x14) close(r0) 1.306055153s ago: executing program 3 (id=2537): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x8241, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCSUSAGES(r1, 0x501c4814, &(0x7f0000000a40)={{0x1, 0x2, 0x7, 0x1, 0x7, 0x2}, 0x8001, [0x0, 0xffff, 0xb933, 0x9, 0xfffffffa, 0x5, 0x6, 0x101, 0x1000, 0x4, 0x4, 0x1, 0x7f, 0x1, 0x4, 0x2, 0x0, 0x8, 0x9, 0xb, 0x401, 0x2400000, 0x6, 0x5, 0x9, 0x9, 0x6, 0x2, 0x4, 0x7, 0xf58, 0x7, 0x9, 0x6, 0x2, 0xffffffff, 0xf, 0x5, 0x5, 0x6, 0x1, 0x0, 0xffffffdd, 0x2, 0xffffffff, 0x3, 0x13, 0x3, 0xf, 0x29, 0x4ab, 0x5, 0x6, 0x0, 0x6, 0x6, 0x7, 0xfffffff9, 0xc, 0x1, 0x97a, 0xd9e, 0x7fffffff, 0xbcad, 0x1, 0x5, 0x6, 0x6, 0x8e8e, 0x25d, 0x6ab1, 0x3, 0x800, 0x8001, 0x5, 0xffff, 0x8001, 0x3, 0x0, 0x10, 0x2, 0xec7d, 0xffffffd8, 0x8065, 0x1, 0xa8, 0x0, 0x0, 0x802d, 0x559, 0xdd, 0x1, 0x9, 0x7, 0x3, 0x0, 0x2, 0xfffffffe, 0x4, 0x3ff, 0x6, 0x8b, 0x7fffffff, 0x4, 0x401, 0xf3, 0xffff, 0xfffffff8, 0x1, 0x93a, 0x8, 0xfffffe5c, 0x85e, 0x3ff, 0x2f, 0x400, 0xd, 0x7fffffff, 0x0, 0xffff, 0x54, 0x7fffffff, 0x401, 0x3, 0x800, 0x7, 0x5, 0x1, 0x7, 0x3, 0xfffffff7, 0xa9, 0x3, 0x7fffffff, 0x9, 0x7, 0x6, 0x0, 0x7, 0x2, 0x10, 0x0, 0x0, 0x3, 0x5, 0x1, 0x5, 0x10000, 0x0, 0x612, 0x8, 0x8a00, 0x9, 0x70c, 0x0, 0x5, 0x3, 0xc, 0x2ffb, 0x418, 0xfffffc1f, 0x7, 0x4, 0xffffffff, 0x4a4e2c37, 0xba42, 0xfffffff9, 0x7fffffff, 0x9, 0x4, 0xfff, 0xcaa, 0x5, 0xe, 0xa, 0x2, 0xfffff001, 0x10000, 0xfffffffa, 0x2f9, 0x3, 0x7, 0x6, 0xfffffffc, 0xffffaf1d, 0x9, 0x2, 0x4, 0xdeba, 0xffff, 0xad, 0x3ff, 0x1000, 0x4, 0x0, 0x14000, 0x6, 0x0, 0x8, 0x0, 0x64d4, 0x3, 0x1, 0x3f80, 0xe30, 0x8, 0x2, 0x1, 0x5, 0xffff, 0x0, 0x5264, 0x2, 0x7, 0x8f66, 0x2, 0x4, 0x80000000, 0x4adb, 0x1, 0x1, 0x10000, 0x7, 0x9, 0x9, 0x8, 0xffffff54, 0x2, 0x1ff, 0xf, 0x8, 0x20000000, 0x7, 0x33cb, 0x3, 0x9ed, 0x2, 0x1, 0x9beb7266, 0xfffffffc, 0xd46f, 0x80000001, 0x5, 0x2, 0x2, 0x200, 0x3, 0xf, 0x8, 0x3, 0x4, 0xfff, 0x5, 0x33, 0x179399e9, 0x2, 0x7, 0x0, 0x3, 0xd6, 0x3, 0x3, 0x7, 0x2, 0x8a5, 0x97f8, 0xed3, 0x3, 0x634, 0xb56, 0x3, 0xffffa9a0, 0x5, 0xfff, 0x9, 0x2, 0x3, 0x401, 0x8d21, 0x4, 0x14000000, 0x6, 0x6, 0x1, 0x1000, 0x2, 0x7, 0x3, 0x8, 0x4, 0x7f, 0x6, 0xffffffff, 0xd8, 0xff, 0x3ff, 0x8000, 0xdc, 0x4, 0x9, 0x2, 0x0, 0x9, 0x3, 0xc, 0x8, 0x7, 0x3, 0x4ce, 0x8, 0xb269, 0x8001, 0xc, 0x4, 0x9, 0x80000000, 0x4, 0xf7, 0x0, 0x0, 0xfffffffa, 0x43, 0x3, 0x4, 0x2, 0x4, 0xa3e6, 0x38c4, 0x10, 0x401, 0x3da, 0x4, 0x0, 0x1, 0xfffffff9, 0x7fff, 0xfba1, 0x10, 0x1d69, 0x80, 0x0, 0x9e, 0x10001, 0x1000, 0xfffffffa, 0x8, 0x5, 0x9, 0x3, 0x7f, 0xbb, 0x6, 0x0, 0x1ff, 0xd, 0x7, 0x81, 0x1000, 0x200, 0x5, 0x0, 0x0, 0x6, 0x7, 0x0, 0x4, 0x1, 0x58e, 0x7, 0x0, 0x6, 0x5, 0x4, 0x532cbfcc, 0x7, 0x8, 0x10000000, 0x7, 0x1, 0x3, 0x0, 0x31, 0xffffffff, 0xa867, 0x8001, 0x6, 0x1db, 0xffffff81, 0xc0, 0x7ff, 0x3, 0x65, 0x1, 0xfffffff7, 0x9, 0x2, 0x9, 0x9, 0x50, 0x0, 0x2, 0x1, 0x7ff, 0x5, 0x6f1b21b5, 0xc, 0x7, 0x9a, 0x4, 0xca72, 0x4, 0xd7, 0x1, 0x7, 0x61, 0x7, 0x5, 0x5, 0xffffffff, 0xc, 0x6, 0x7ff, 0xffffff7f, 0x6, 0xff, 0x4, 0x7, 0x7ff, 0x4, 0x8, 0x1, 0x8, 0x7f3, 0x6, 0x8, 0xa23, 0x6, 0x5172, 0x0, 0xfffffff9, 0x7, 0xdbf, 0x80, 0x6, 0x8001, 0x1, 0xc, 0x4, 0x6, 0x7fff, 0x0, 0x3, 0x0, 0x1000, 0x85, 0x9, 0x7ff, 0x100, 0x5, 0x2, 0x200, 0x1, 0xfffffffc, 0x0, 0x9bd0, 0x0, 0x549, 0x7, 0x0, 0x9d23, 0x4, 0x0, 0x0, 0x9, 0x8, 0x3, 0x0, 0x3, 0x7, 0x0, 0x1, 0x5, 0x8, 0xc3, 0x84bb, 0x1, 0x7, 0x96f2, 0xfdf, 0x8, 0x4, 0x7fff, 0xfffffffb, 0x8, 0x6, 0x3, 0x8000, 0x401, 0x9, 0x5, 0x1, 0x1ffc00, 0xfffffffa, 0x9, 0x7, 0x7fff, 0x2, 0x8, 0x2, 0x1, 0x4, 0x9, 0x1, 0x800, 0x100, 0x6c1, 0x4, 0x7, 0xb, 0xb, 0x8000, 0x0, 0x4, 0xfff, 0x0, 0x1, 0xa7e6, 0xffff, 0x8001, 0x6d2, 0x3, 0xffff8001, 0xf0b, 0x423, 0x6, 0x6, 0x80000000, 0x401, 0x4, 0x7, 0x401, 0x7fff, 0x299, 0x9d, 0x1000, 0x0, 0x8001, 0x5, 0x4, 0x7, 0x9, 0x6, 0x200, 0x5, 0x9, 0x9, 0x0, 0x3ff, 0x7, 0x0, 0xfffffff8, 0xfffffffd, 0x2, 0x81, 0x200, 0x8, 0x8, 0x6, 0x10000, 0x0, 0x657f73bb, 0x5, 0xffffff00, 0x80000001, 0x8, 0x1, 0x40c5, 0x5, 0x7fff, 0x400, 0xa, 0x200, 0x4, 0x5, 0x0, 0x6, 0x6e, 0x9, 0x0, 0x800, 0x7f, 0x2, 0x0, 0x200, 0x7f, 0x0, 0x6, 0x8, 0xe3, 0x5, 0x5, 0x5, 0x7, 0xfffffff8, 0x7, 0x7, 0x4, 0x2, 0xfd, 0x1, 0x5, 0x13df, 0x1, 0x9, 0x10000, 0x2, 0x4, 0xf6f, 0x72ff, 0x2, 0xcc61, 0xa0, 0x5, 0xd, 0x9, 0x401, 0x7fffffff, 0x8, 0xffffff42, 0x81, 0x5, 0xc, 0x5, 0x1, 0x8, 0x1, 0x7bc9, 0x80, 0x5, 0xa, 0x0, 0x8, 0x0, 0x1, 0x100, 0x5, 0x7, 0x0, 0x1, 0x5f579aa3, 0xfaa, 0x2, 0x1, 0x2, 0xffffffa7, 0x0, 0x5, 0x1, 0x3ff, 0x77, 0x0, 0xdd, 0x1, 0x401, 0x6, 0x7fff, 0x4, 0xa, 0x10, 0xfd5e8331, 0x80, 0xfc, 0xa, 0x3, 0x1c7ff1b1, 0x200, 0xfffffffe, 0x0, 0x1, 0xfffffff9, 0x6a0, 0x1, 0xc8, 0x27, 0x838, 0x6780000, 0x4, 0xb967, 0x7fff, 0x2, 0x3, 0x7, 0x5, 0x5, 0x9, 0x4, 0x9, 0x3, 0x1, 0x8, 0x3, 0x3, 0x4, 0x2, 0x5, 0x0, 0x0, 0x9, 0x84c, 0x6, 0x5, 0x6, 0x4, 0x7f1, 0x5, 0xe, 0x3, 0xb961, 0x52b2, 0xfffffffd, 0xac, 0x1, 0x8001, 0x9, 0x6, 0x7, 0x3, 0x2, 0x0, 0x2, 0x7, 0x55, 0x88, 0x1, 0xffffffff, 0x8, 0x3, 0x1, 0xff, 0x2, 0x80000001, 0x10001, 0x5, 0x5, 0x0, 0x2, 0x8, 0x7, 0x659, 0x400, 0x23, 0x57a, 0xb14, 0x8, 0x9, 0x8000000, 0x10, 0x5, 0x3, 0x2, 0xd8f, 0x4, 0x6, 0xd54b, 0x5, 0x101, 0xfffffcb1, 0x2, 0x0, 0xfff, 0x8, 0x2, 0xbe, 0xf93, 0x164, 0x9072, 0x2, 0x4, 0xf, 0x3, 0x0, 0x3, 0x8, 0x80, 0xfffffff8, 0x5, 0xe2b6, 0x101, 0x60000000, 0x7, 0xa9ca, 0x4, 0x1, 0x9, 0x9, 0x8, 0x6, 0x8b, 0x6, 0x1, 0x4, 0x33, 0x1ff, 0xfff, 0x61, 0x1ff, 0x6ed, 0x6, 0x2, 0x7e3, 0xfffffffa, 0xc608, 0x0, 0x0, 0xfff, 0xffff11e3, 0x8, 0x4ed58, 0xfff, 0x1000, 0x1ff, 0x3, 0x9, 0x4, 0x3, 0x0, 0x8, 0x800, 0x400, 0x1, 0x1, 0x4, 0x1ff, 0x100, 0x6, 0x872, 0x81, 0x674, 0x47, 0x3e2, 0x80000000, 0x4, 0x0, 0x4, 0x2, 0xf, 0xdc, 0x400, 0x2, 0x5, 0x1175, 0x0, 0x32, 0x8, 0xfffffffe, 0x1, 0x3, 0x3, 0x3, 0x4, 0x8001, 0xb, 0x7, 0x6, 0x6, 0x4, 0x5, 0x4, 0x6, 0x4, 0x2, 0x97, 0xee, 0x0, 0x6, 0x2, 0x0, 0x3, 0x3ff, 0x15, 0x101, 0x1, 0xbb6, 0xfffffbff, 0xfffffcdf, 0xffff, 0x9, 0x1, 0xffffffff, 0x6, 0x5, 0x2, 0x80, 0x354, 0x9, 0x2, 0x100, 0x1, 0x10000, 0x100, 0x0, 0x0, 0xfff, 0x0, 0x2, 0x3, 0x9, 0x2, 0x9, 0x4, 0x6, 0x1, 0x4, 0x101, 0x100, 0x1000, 0x3ff, 0x401, 0x9, 0x439, 0xffffffff, 0x6c, 0x46a, 0x3, 0x3, 0x8, 0xc, 0x4, 0x8000, 0x2, 0x8, 0x2, 0x7fff, 0x2, 0x0, 0x4, 0x9, 0x6, 0x80, 0x5baf, 0x80, 0x8, 0x6, 0x4, 0x1, 0x800, 0x3, 0x9, 0x7, 0x4, 0x0, 0x10, 0x6, 0x3, 0x5, 0x2, 0x5, 0x18ec, 0x9, 0x2, 0xc9a1, 0x9, 0x65849e9c, 0x9, 0x3, 0x0, 0x9, 0x2, 0x7, 0x80000000, 0x7fffffff, 0x1ff, 0xffffff47, 0x9, 0x1, 0x7, 0x100, 0x2, 0xe26, 0x1000, 0x8d, 0x4, 0x1955, 0x4, 0x60a, 0x5, 0x7f000000, 0x4000000, 0x24, 0xa5a, 0xb2bf, 0x47, 0x0, 0x6, 0x80000001, 0x8c91, 0x5, 0x4, 0x8, 0x6, 0x6, 0x2, 0x0, 0x4, 0x3, 0xa, 0x6, 0x9, 0x2, 0xff, 0xfffffff8, 0x5, 0x3, 0x4, 0x3, 0x0, 0xf65c, 0xfffffffb, 0x8001, 0xfffffffa, 0x4, 0xfffffe00, 0x9, 0x9]}) 1.117578993s ago: executing program 2 (id=2538): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) bind$netlink(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000133700000008000300", @ANYRES32=r1, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000133700000008000300", @ANYRES32=r3], 0x2c}}, 0x0) r5 = socket$qrtr(0x2a, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8914, &(0x7f0000000000)={'wlan1\x00'}) 1.088751588s ago: executing program 0 (id=2539): r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000380)={0xa0000001}) ppoll(&(0x7f0000000200)=[{r3, 0x1}], 0x1, 0x0, 0x0, 0x3) 714.680612ms ago: executing program 1 (id=2540): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='dctcp\x00', 0x6) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, 0x0, 0x0, 0x801) socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1}, @NFTA_SET_DESC={0x14, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x8, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x98}}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) openat$cgroup_devices(r3, &(0x7f0000000300)='devices.deny\x00', 0x2, 0x0) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB='H\x00\x00\x00\n'], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) 711.459175ms ago: executing program 2 (id=2541): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket(0x10, 0x3, 0x9) r0 = socket$netlink(0x10, 0x3, 0x10) r1 = getpid() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r2, &(0x7f0000000100)={0x0, 0x4100, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r3, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r1}}]}, 0x3c}}, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) socket$inet6(0xa, 0x2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@loopback, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, 0xe8) 0s ago: executing program 1 (id=2542): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40201, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201}) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000004740)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000100)="8aa91c2bdf3e", 0x6}], 0x1, 0x0, 0x0, 0x4040081}}], 0x1, 0x40980) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd2000100000004000000060ec97000fc83c00fe8000000000000000000000000000aaff02000000000000000000000000000121"], 0xffe) kernel console output (not intermixed with test programs): 3283][ T6013] simple_read_from_buffer+0x199/0x340 [ 246.913445][ T6013] proc_fail_nth_read+0x1e5/0x2c0 [ 246.913630][ T6013] vfs_read+0x29f/0xf70 [ 246.913765][ T6013] ? stack_depot_save_flags+0x2c/0x750 [ 246.913919][ T6013] ? kmsan_get_metadata+0x13e/0x1c0 [ 246.914078][ T6013] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 246.914232][ T6013] ? kmsan_get_metadata+0x13e/0x1c0 [ 246.914388][ T6013] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 246.914556][ T6013] ksys_read+0x240/0x4b0 [ 246.914686][ T6013] ? kmsan_get_metadata+0x13e/0x1c0 [ 246.914856][ T6013] __x64_sys_read+0x93/0xe0 [ 246.914997][ T6013] x64_sys_call+0x314c/0x3c30 [ 246.915135][ T6013] do_syscall_64+0xcd/0x1e0 [ 246.915267][ T6013] ? clear_bhb_loop+0x25/0x80 [ 246.915424][ T6013] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.915584][ T6013] RIP: 0033:0x7f62a9d8b7fc [ 246.915680][ T6013] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 246.915794][ T6013] RSP: 002b:00007f62aab2a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 246.915914][ T6013] RAX: ffffffffffffffda RBX: 00007f62a9fa5fa0 RCX: 00007f62a9d8b7fc [ 246.916006][ T6013] RDX: 000000000000000f RSI: 00007f62aab2a0a0 RDI: 0000000000000003 [ 246.916085][ T6013] RBP: 00007f62aab2a090 R08: 0000000000000000 R09: 0000000000000000 [ 246.916164][ T6013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 246.916239][ T6013] R13: 0000000000000000 R14: 00007f62a9fa5fa0 R15: 00007ffc8f270878 [ 246.916342][ T6013] [ 246.953976][ T6011] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 247.245843][ T6011] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 247.311368][ T29] audit: type=1326 audit(1739674287.770:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6007 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f294ed8cde9 code=0x7ffc0000 [ 247.370060][ T29] audit: type=1326 audit(1739674287.800:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6007 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f294ed8cde9 code=0x7ffc0000 [ 247.399081][ T29] audit: type=1326 audit(1739674287.810:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6007 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f294ed8cde9 code=0x7ffc0000 [ 247.426675][ T29] audit: type=1326 audit(1739674287.810:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6007 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=244 compat=0 ip=0x7f294ed8cde9 code=0x7ffc0000 [ 247.449108][ T29] audit: type=1326 audit(1739674287.810:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6007 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f294ed8cde9 code=0x7ffc0000 [ 247.474227][ T29] audit: type=1326 audit(1739674287.810:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6007 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f294ed8b750 code=0x7ffc0000 [ 247.497831][ T29] audit: type=1326 audit(1739674287.810:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6007 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f294ed8c9eb code=0x7ffc0000 [ 247.520206][ T29] audit: type=1326 audit(1739674287.810:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6007 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f294ed8c9eb code=0x7ffc0000 [ 247.542783][ T29] audit: type=1326 audit(1739674287.820:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6007 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f294ed8c9eb code=0x7ffc0000 [ 247.598908][ T6015] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 247.637763][ T6017] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 247.782135][ T25] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 247.980074][ T25] usb 3-1: unable to get BOS descriptor or descriptor too short [ 248.002936][ T25] usb 3-1: not running at top speed; connect to a high speed hub [ 248.103710][ T25] usb 3-1: config 255 has an invalid interface number: 1 but max is 0 [ 248.112500][ T25] usb 3-1: config 255 has no interface number 0 [ 248.118984][ T25] usb 3-1: config 255 interface 1 has no altsetting 0 [ 248.185426][ T25] usb 3-1: string descriptor 0 read error: -22 [ 248.192367][ T25] usb 3-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=84.f4 [ 248.202157][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.411949][ T51] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 248.413144][ T5794] Bluetooth: hci5: command 0x1003 tx timeout [ 248.466498][ T25] i2c-cp2615 3-1:255.1: probe with driver i2c-cp2615 failed with error -22 [ 248.483894][ T5825] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 248.736699][ T6011] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 248.745894][ T6011] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 248.882094][ T6011] overlay: ./file1 is not a directory [ 248.994061][ T5867] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 249.160196][ T5867] usb 1-1: Using ep0 maxpacket: 16 [ 249.219476][ T5867] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 249.230014][ T5867] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 249.241434][ T5867] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 249.251418][ T5867] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 249.261422][ T5867] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 249.455429][ T5867] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 249.465074][ T5867] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 249.473375][ T5867] usb 1-1: Manufacturer: syz [ 249.533663][ T5867] usb 1-1: config 0 descriptor?? [ 250.061520][ T5867] rc_core: IR keymap rc-hauppauge not found [ 250.067661][ T5867] Registered IR keymap rc-empty [ 250.074024][ T5867] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 250.128570][ T5867] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 250.155223][ T5867] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 250.169539][ T5867] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input5 [ 250.253755][ T5867] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 250.339150][ T5867] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 250.350178][ T29] kauditd_printk_skb: 105 callbacks suppressed [ 250.350299][ T29] audit: type=1326 audit(1739674290.810:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6022 comm="syz.0.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6bef7bf6a5 code=0x7ffc0000 [ 250.418620][ T5867] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 250.460849][ T25] usb 3-1: USB disconnect, device number 3 [ 250.468716][ T5867] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 250.561867][ T5867] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 250.593027][ T5867] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 250.610050][ T29] audit: type=1326 audit(1739674291.020:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6022 comm="syz.0.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bef78cde9 code=0x7ffc0000 [ 250.635041][ T29] audit: type=1326 audit(1739674291.020:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6022 comm="syz.0.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bef78cde9 code=0x7ffc0000 [ 250.643344][ T5867] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 250.724308][ T5867] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 250.811798][ T5867] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 250.843628][ T5867] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 250.879592][ T5867] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 250.889216][ T5867] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 250.971395][ T5867] usb 1-1: USB disconnect, device number 2 [ 258.658665][ T6034] loop2: detected capacity change from 0 to 128 [ 258.698862][ T6034] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 258.762603][ T6034] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 258.841457][ T5825] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 258.864082][ T6034] UDF-fs: error (device loop2): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 259.026162][ T5825] usb 5-1: Using ep0 maxpacket: 32 [ 259.069266][ T5825] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 259.091646][ T5867] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 259.131380][ T5825] usb 5-1: New USB device found, idVendor=05ac, idProduct=b0c5, bcdDevice=61.c8 [ 259.140724][ T5825] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.149117][ T5825] usb 5-1: Product: syz [ 259.153660][ T5825] usb 5-1: Manufacturer: syz [ 259.158473][ T5825] usb 5-1: SerialNumber: syz [ 259.204874][ T6041] loop0: detected capacity change from 0 to 2048 [ 259.214242][ T5825] usb 5-1: config 0 descriptor?? [ 259.260460][ T6044] FAULT_INJECTION: forcing a failure. [ 259.260460][ T6044] name failslab, interval 1, probability 0, space 0, times 0 [ 259.274226][ T6044] CPU: 0 UID: 0 PID: 6044 Comm: syz.1.25 Not tainted 6.14.0-rc2-syzkaller-00281-g496659003dac #0 [ 259.274353][ T6044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 259.274425][ T6044] Call Trace: [ 259.274471][ T6044] [ 259.274516][ T6044] dump_stack_lvl+0x216/0x2d0 [ 259.274652][ T6044] dump_stack+0x1e/0x24 [ 259.274763][ T6044] should_fail_ex+0x767/0x830 [ 259.274932][ T6044] should_failslab+0x17f/0x210 [ 259.275094][ T6044] kmem_cache_alloc_noprof+0xee/0xe10 [ 259.275237][ T6044] ? vm_area_dup+0x5c/0x640 [ 259.275403][ T6044] ? kmsan_get_metadata+0x13e/0x1c0 [ 259.275567][ T6044] vm_area_dup+0x5c/0x640 [ 259.275730][ T6044] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 259.275897][ T6044] __split_vma+0x27c/0x13a0 [ 259.276051][ T6044] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 259.276223][ T6044] vms_gather_munmap_vmas+0x38e/0x1830 [ 259.276361][ T6044] ? mas_walk+0x423/0x670 [ 259.276530][ T6044] ? kmsan_get_metadata+0x13e/0x1c0 [ 259.276700][ T6044] mmap_region+0x8f7/0x4f30 [ 259.276846][ T6044] ? stack_depot_save_flags+0x2c/0x750 [ 259.276999][ T6044] ? kmsan_get_metadata+0x13e/0x1c0 [ 259.277152][ T6044] ? kmsan_get_metadata+0x13e/0x1c0 [ 259.277355][ T6044] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 259.277530][ T6044] do_mmap+0x198b/0x1e50 [ 259.277713][ T6044] vm_mmap_pgoff+0x343/0x610 [ 259.277887][ T6044] ksys_mmap_pgoff+0x5c5/0x790 [ 259.278051][ T6044] ? kmsan_get_metadata+0x13e/0x1c0 [ 259.278219][ T6044] __x64_sys_mmap+0x1a8/0x240 [ 259.278379][ T6044] x64_sys_call+0x1d2c/0x3c30 [ 259.278516][ T6044] do_syscall_64+0xcd/0x1e0 [ 259.278644][ T6044] ? clear_bhb_loop+0x25/0x80 [ 259.278799][ T6044] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.278957][ T6044] RIP: 0033:0x7f713278cde9 [ 259.279051][ T6044] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 259.279158][ T6044] RSP: 002b:00007f7133503038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 259.279297][ T6044] RAX: ffffffffffffffda RBX: 00007f71329a5fa0 RCX: 00007f713278cde9 [ 259.279388][ T6044] RDX: 0000000000000001 RSI: 0000000000002000 RDI: 0000400000ffc000 [ 259.279467][ T6044] RBP: 00007f7133503090 R08: 0000000000000003 R09: 0000000080000000 [ 259.279549][ T6044] R10: 0000000000000013 R11: 0000000000000246 R12: 0000000000000001 [ 259.279624][ T6044] R13: 0000000000000000 R14: 00007f71329a5fa0 R15: 00007ffd4df176a8 [ 259.279725][ T6044] [ 259.285111][ T6041] loop0: p2 < > p3 p4 < > [ 259.342229][ T5867] usb 4-1: Using ep0 maxpacket: 32 [ 259.380674][ T6041] loop0: p3 start 4278191616 is beyond EOD, [ 259.442788][ T5416] usb 5-1: USB disconnect, device number 2 [ 259.524712][ T5867] usb 4-1: config 0 interface 0 has no altsetting 0 [ 259.527749][ T6041] truncated [ 259.589667][ T5867] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 259.599312][ T5867] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.607722][ T5867] usb 4-1: Product: syz [ 259.612207][ T5867] usb 4-1: Manufacturer: syz [ 259.617018][ T5867] usb 4-1: SerialNumber: syz [ 259.731785][ T5791] UDF-fs: warning (device loop2): udf_evict_inode: Inode 94 (mode 100755) has inode size 134220898 different from extent length 134221312. Filesystem need not be standards compliant. [ 259.755806][ T6048] TCP: TCP_TX_DELAY enabled [ 259.781653][ T5867] usb 4-1: config 0 descriptor?? [ 260.216955][ T5867] gs_usb 4-1:0.0: Configuring for 74 interfaces [ 260.223693][ T5867] gs_usb 4-1:0.0: Driver cannot handle more that 3 CAN interfaces [ 260.231859][ T5867] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -22 [ 261.129658][ T6052] loop3: detected capacity change from 0 to 32768 [ 261.161827][ T5867] usb 4-1: USB disconnect, device number 7 [ 265.575915][ T6060] IPVS: set_ctl: invalid protocol: 41 100.1.1.1:20001 [ 266.222800][ T6062] loop3: detected capacity change from 0 to 32768 [ 266.361213][ T5867] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 266.444986][ T6062] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,fix_errors=no,norecovery,recovery_pass_last=check_extents,nojournal_transaction_names,reconstruct_alloc,no_data_io [ 266.469700][ T6062] bcachefs (loop3): recovering from clean shutdown, journal seq 10 [ 266.479178][ T6062] bcachefs (loop3): Version upgrade required: [ 266.479178][ T6062] Version upgrade from 0.8: (unknown version) to 1.7: mi_btree_bitmap incomplete [ 266.479178][ T6062] Doing incompatible version upgrade from 0.8: (unknown version) to 1.20: directory_size [ 266.479178][ T6062] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 266.558514][ T6062] bcachefs (loop3): dropping and reconstructing all alloc info [ 266.661382][ T5867] usb 3-1: Using ep0 maxpacket: 16 [ 266.683218][ T5867] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 266.694111][ T5867] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 266.790514][ T5867] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 266.800443][ T5867] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.813992][ T5867] usb 3-1: Product: syz [ 266.818371][ T5867] usb 3-1: Manufacturer: syz [ 266.825034][ T5867] usb 3-1: SerialNumber: syz [ 266.861117][ T6081] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 267.146367][ T6062] bcachefs (loop3): accounting_read... done [ 267.153448][ T6062] bcachefs (loop3): alloc_read... done [ 267.159352][ T6062] bcachefs (loop3): stripes_read... done [ 267.165541][ T6062] bcachefs (loop3): snapshots_read... done [ 267.175136][ T6062] bcachefs (loop3): done starting filesystem [ 267.303115][ T5867] usb 3-1: 0:2 : does not exist [ 267.312961][ T5802] bcachefs (loop3): shutting down [ 267.445603][ T5867] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 267.464345][ T5802] bcachefs (loop3): shutdown complete [ 267.584197][ T5867] usb 3-1: USB disconnect, device number 4 [ 268.044970][ T6078] loop0: detected capacity change from 0 to 65536 [ 268.055291][ T5825] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 268.104992][ T6078] XFS (loop0): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 268.211803][ T6078] XFS (loop0): Ending clean mount [ 268.223494][ T6095] netlink: 'syz.2.40': attribute type 4 has an invalid length. [ 268.225985][ T5825] usb 2-1: Using ep0 maxpacket: 8 [ 268.238529][ T6078] XFS (loop0): Quotacheck needed: Please wait. [ 268.263975][ T5825] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 268.274310][ T5825] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 268.313656][ T5825] usb 2-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 268.323203][ T5825] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.331566][ T5825] usb 2-1: Product: syz [ 268.335938][ T5825] usb 2-1: Manufacturer: syz [ 268.340751][ T5825] usb 2-1: SerialNumber: syz [ 268.354741][ T5825] usb 2-1: config 0 descriptor?? [ 268.379204][ T6078] XFS (loop0): Quotacheck: Done. [ 268.612630][ T5797] XFS (loop0): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 268.877372][ T6072] pimreg: entered allmulticast mode [ 269.030259][ T6072] pimreg: left allmulticast mode [ 269.143410][ T6097] netlink: 'syz.2.42': attribute type 4 has an invalid length. [ 270.257085][ T6106] IPVS: set_ctl: invalid protocol: 41 100.1.1.1:20001 [ 270.722140][ T5825] usb 2-1: USB disconnect, device number 2 [ 271.301566][ T5867] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 271.425249][ T5416] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 271.491864][ T5867] usb 4-1: device descriptor read/64, error -71 [ 271.523105][ T6108] loop2: detected capacity change from 0 to 4096 [ 271.530820][ T5416] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 271.580002][ T6116] loop0: detected capacity change from 0 to 1024 [ 271.634965][ T6116] EXT4-fs: Ignoring removed nomblk_io_submit option [ 271.665241][ T6112] loop1: detected capacity change from 0 to 32768 [ 271.674945][ T6116] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 271.712868][ T6120] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 271.751503][ T5867] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 271.820473][ T6116] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 271.948139][ T6112] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,fix_errors=no,norecovery,recovery_pass_last=check_extents,nojournal_transaction_names,reconstruct_alloc,no_data_io [ 271.972566][ T6112] bcachefs (loop1): recovering from clean shutdown, journal seq 10 [ 271.981984][ T6112] bcachefs (loop1): Version upgrade required: [ 271.981984][ T6112] Version upgrade from 0.8: (unknown version) to 1.7: mi_btree_bitmap incomplete [ 271.981984][ T6112] Doing incompatible version upgrade from 0.8: (unknown version) to 1.20: directory_size [ 271.981984][ T6112] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 272.063243][ T6112] bcachefs (loop1): dropping and reconstructing all alloc info [ 272.072957][ T5867] usb 4-1: device descriptor read/64, error -71 [ 272.188763][ T5867] usb usb4-port1: attempt power cycle [ 272.225094][ T6112] bcachefs (loop1): accounting_read... done [ 272.242437][ T6112] bcachefs (loop1): alloc_read... done [ 272.248330][ T6112] bcachefs (loop1): stripes_read... done [ 272.254743][ T6112] bcachefs (loop1): snapshots_read... done [ 272.263843][ T6112] bcachefs (loop1): done starting filesystem [ 272.431452][ T5786] bcachefs (loop1): shutting down [ 272.451494][ T5416] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 272.568026][ T5786] bcachefs (loop1): shutdown complete [ 272.713039][ T5416] usb 3-1: Using ep0 maxpacket: 16 [ 272.736703][ T5797] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 272.775763][ T5416] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 272.788026][ T5416] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 272.798956][ T5416] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 272.809818][ T5416] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 272.842726][ T5867] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 272.928256][ T5867] usb 4-1: device descriptor read/8, error -71 [ 273.003910][ T5416] usb 3-1: New USB device found, idVendor=1608, idProduct=0303, bcdDevice=a1.cb [ 273.013457][ T5416] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.021764][ T5416] usb 3-1: Product: syz [ 273.026135][ T5416] usb 3-1: Manufacturer: syz [ 273.030943][ T5416] usb 3-1: SerialNumber: syz [ 273.127316][ T5416] usb 3-1: config 0 descriptor?? [ 273.173392][ T5416] io_ti 3-1:0.0: required endpoints missing [ 273.199917][ T6118] loop4: detected capacity change from 0 to 65536 [ 273.241787][ T6118] XFS (loop4): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 273.244124][ T5867] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 273.293922][ T5867] usb 4-1: device descriptor read/8, error -71 [ 273.350643][ T5825] usb 3-1: USB disconnect, device number 5 [ 273.389000][ T6118] XFS (loop4): Ending clean mount [ 273.402695][ T5867] usb usb4-port1: unable to enumerate USB device [ 273.418582][ T6118] XFS (loop4): Quotacheck needed: Please wait. [ 273.477409][ T6118] XFS (loop4): Quotacheck: Done. [ 273.655397][ T6143] netlink: 'syz.0.52': attribute type 4 has an invalid length. [ 273.690757][ T5790] XFS (loop4): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 273.986713][ T6145] capability: warning: `syz.0.54' uses deprecated v2 capabilities in a way that may be insecure [ 274.091577][ T6145] FAULT_INJECTION: forcing a failure. [ 274.091577][ T6145] name failslab, interval 1, probability 0, space 0, times 0 [ 274.104779][ T6145] CPU: 1 UID: 0 PID: 6145 Comm: syz.0.54 Not tainted 6.14.0-rc2-syzkaller-00281-g496659003dac #0 [ 274.104905][ T6145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 274.104976][ T6145] Call Trace: [ 274.105022][ T6145] [ 274.105067][ T6145] dump_stack_lvl+0x216/0x2d0 [ 274.105206][ T6145] dump_stack+0x1e/0x24 [ 274.105318][ T6145] should_fail_ex+0x767/0x830 [ 274.105488][ T6145] should_failslab+0x17f/0x210 [ 274.105659][ T6145] __kmalloc_noprof+0x176/0x1230 [ 274.105792][ T6145] ? kfree+0x20/0xdb0 [ 274.105905][ T6145] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 274.106067][ T6145] ? tomoyo_realpath_from_path+0x104/0xaa0 [ 274.106250][ T6145] ? kmsan_get_metadata+0x13e/0x1c0 [ 274.106415][ T6145] tomoyo_realpath_from_path+0x104/0xaa0 [ 274.106611][ T6145] ? __srcu_read_lock+0x76/0xd0 [ 274.106745][ T6145] tomoyo_path_number_perm+0x1cf/0x7d0 [ 274.106897][ T6145] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 274.107055][ T6145] ? kmsan_get_metadata+0x13e/0x1c0 [ 274.107209][ T6145] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 274.107399][ T6145] tomoyo_file_ioctl+0x3f/0x50 [ 274.107526][ T6145] security_file_ioctl+0x145/0x590 [ 274.107681][ T6145] __se_sys_ioctl+0xd0/0x440 [ 274.107823][ T6145] __x64_sys_ioctl+0x96/0xe0 [ 274.107962][ T6145] x64_sys_call+0x19f0/0x3c30 [ 274.108097][ T6145] do_syscall_64+0xcd/0x1e0 [ 274.108228][ T6145] ? clear_bhb_loop+0x25/0x80 [ 274.108386][ T6145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.108550][ T6145] RIP: 0033:0x7f6bef78cde9 [ 274.108643][ T6145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 274.108752][ T6145] RSP: 002b:00007f6bf0677038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 274.108871][ T6145] RAX: ffffffffffffffda RBX: 00007f6bef9a5fa0 RCX: 00007f6bef78cde9 [ 274.108963][ T6145] RDX: 00004000000003c0 RSI: 0000000000008946 RDI: 0000000000000004 [ 274.109048][ T6145] RBP: 00007f6bf0677090 R08: 0000000000000000 R09: 0000000000000000 [ 274.109127][ T6145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 274.109201][ T6145] R13: 0000000000000000 R14: 00007f6bef9a5fa0 R15: 00007fffa70ff1a8 [ 274.109302][ T6145] [ 274.109348][ T6145] ERROR: Out of memory at tomoyo_realpath_from_path. [ 275.148911][ T6147] loop3: detected capacity change from 0 to 4096 [ 275.706189][ T6147] loop3: detected capacity change from 0 to 1024 [ 277.111975][ T5825] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 277.139358][ T6159] loop2: detected capacity change from 0 to 32768 [ 277.383625][ T6159] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,fix_errors=no,norecovery,recovery_pass_last=check_extents,nojournal_transaction_names,reconstruct_alloc,no_data_io [ 277.392742][ T5825] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 277.407919][ T6159] bcachefs (loop2): recovering from clean shutdown, journal seq 10 [ 277.416079][ T5825] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 277.425287][ T6159] bcachefs (loop2): Version upgrade required: [ 277.425287][ T6159] Version upgrade from 0.8: (unknown version) to 1.7: mi_btree_bitmap incomplete [ 277.425287][ T6159] Doing incompatible version upgrade from 0.8: (unknown version) to 1.20: directory_size [ 277.425287][ T6159] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 277.432418][ T5825] usb 4-1: Product: syz [ 277.502193][ C0] vkms_vblank_simulate: vblank timer overrun [ 277.516464][ T5825] usb 4-1: Manufacturer: syz [ 277.516914][ T6159] bcachefs (loop2): dropping and reconstructing all alloc info [ 277.521356][ T5825] usb 4-1: SerialNumber: syz [ 277.598301][ T6159] bcachefs (loop2): accounting_read... [ 277.609272][ T5825] usb 4-1: config 0 descriptor?? [ 277.630443][ T6159] done [ 277.633740][ T6159] bcachefs (loop2): alloc_read... done [ 277.639602][ T6159] bcachefs (loop2): stripes_read... done [ 277.645816][ T6159] bcachefs (loop2): snapshots_read... done [ 277.659326][ T6159] bcachefs (loop2): done starting filesystem [ 277.664139][ T25] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 277.819845][ T5791] bcachefs (loop2): shutting down [ 277.843318][ T25] usb 2-1: Using ep0 maxpacket: 16 [ 277.881618][ T25] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 277.892344][ T25] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 277.909739][ T5791] bcachefs (loop2): shutdown complete [ 277.922814][ T25] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 277.932599][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 277.941243][ T25] usb 2-1: Product: syz [ 277.945794][ T25] usb 2-1: Manufacturer: syz [ 277.950768][ T25] usb 2-1: SerialNumber: syz [ 278.219689][ T25] usb 2-1: 0:2 : does not exist [ 278.245302][ T6176] fuse: Unknown parameter 'fd0x0000000000000003' [ 278.261713][ T25] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 278.359315][ T25] usb 2-1: USB disconnect, device number 3 [ 278.470659][ T5825] usb 4-1: Firmware version (0.0) predates our first public release. [ 278.482665][ T5825] usb 4-1: Please update to version 0.2 or newer [ 278.609338][ T5825] usb 4-1: USB disconnect, device number 12 [ 278.842429][ T6180] netlink: 'syz.4.64': attribute type 4 has an invalid length. [ 279.693884][ T5867] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 279.867514][ T5867] usb 5-1: device descriptor read/64, error -71 [ 280.131772][ T5867] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 280.339670][ T5867] usb 5-1: device descriptor read/64, error -71 [ 280.401383][ T5825] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 280.453470][ T5867] usb usb5-port1: attempt power cycle [ 280.592907][ T5825] usb 4-1: Using ep0 maxpacket: 16 [ 280.627209][ T5825] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 280.637568][ T5825] usb 4-1: can't read configurations, error -61 [ 280.801326][ T5867] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 280.804875][ T5825] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 280.863240][ T5867] usb 5-1: device descriptor read/8, error -71 [ 280.992112][ T5825] usb 4-1: Using ep0 maxpacket: 16 [ 281.017451][ T5825] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 281.025638][ T5825] usb 4-1: can't read configurations, error -61 [ 281.055433][ T5825] usb usb4-port1: attempt power cycle [ 281.131400][ T5867] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 281.159204][ T5867] usb 5-1: device descriptor read/8, error -71 [ 281.276817][ T5867] usb usb5-port1: unable to enumerate USB device [ 281.434659][ T5825] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 281.453289][ T6211] netlink: 'syz.2.77': attribute type 4 has an invalid length. [ 281.483977][ T5825] usb 4-1: Using ep0 maxpacket: 16 [ 281.513520][ T5825] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 281.521592][ T5825] usb 4-1: can't read configurations, error -61 [ 281.727027][ T5825] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 281.753496][ T5825] usb 4-1: Using ep0 maxpacket: 16 [ 281.784881][ T5825] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 281.793041][ T5825] usb 4-1: can't read configurations, error -61 [ 281.826271][ T5825] usb usb4-port1: unable to enumerate USB device [ 282.148128][ T5825] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 282.187900][ T5825] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 282.899520][ T6235] FAULT_INJECTION: forcing a failure. [ 282.899520][ T6235] name failslab, interval 1, probability 0, space 0, times 0 [ 282.913032][ T6235] CPU: 1 UID: 0 PID: 6235 Comm: syz.0.87 Not tainted 6.14.0-rc2-syzkaller-00281-g496659003dac #0 [ 282.913160][ T6235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 282.913233][ T6235] Call Trace: [ 282.913280][ T6235] [ 282.913325][ T6235] dump_stack_lvl+0x216/0x2d0 [ 282.913463][ T6235] dump_stack+0x1e/0x24 [ 282.913575][ T6235] should_fail_ex+0x767/0x830 [ 282.913744][ T6235] should_failslab+0x17f/0x210 [ 282.913926][ T6235] __kmalloc_noprof+0x176/0x1230 [ 282.914060][ T6235] ? kfree+0x20/0xdb0 [ 282.914172][ T6235] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 282.914332][ T6235] ? tomoyo_realpath_from_path+0x104/0xaa0 [ 282.914514][ T6235] ? kmsan_get_metadata+0x13e/0x1c0 [ 282.914675][ T6235] tomoyo_realpath_from_path+0x104/0xaa0 [ 282.914875][ T6235] ? __srcu_read_lock+0x76/0xd0 [ 282.915010][ T6235] tomoyo_path_number_perm+0x1cf/0x7d0 [ 282.915165][ T6235] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 282.915325][ T6235] ? kmsan_get_metadata+0x13e/0x1c0 [ 282.915479][ T6235] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 282.915668][ T6235] tomoyo_file_ioctl+0x3f/0x50 [ 282.915795][ T6235] security_file_ioctl+0x145/0x590 [ 282.915949][ T6235] __se_sys_ioctl+0xd0/0x440 [ 282.916090][ T6235] __x64_sys_ioctl+0x96/0xe0 [ 282.916227][ T6235] x64_sys_call+0x19f0/0x3c30 [ 282.916364][ T6235] do_syscall_64+0xcd/0x1e0 [ 282.916495][ T6235] ? clear_bhb_loop+0x25/0x80 [ 282.916651][ T6235] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.916810][ T6235] RIP: 0033:0x7f6bef78cde9 [ 282.916909][ T6235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 282.917018][ T6235] RSP: 002b:00007f6bf0677038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 282.917137][ T6235] RAX: ffffffffffffffda RBX: 00007f6bef9a5fa0 RCX: 00007f6bef78cde9 [ 282.917229][ T6235] RDX: 0000400000000180 RSI: 00000000000007a4 RDI: 0000000000000003 [ 282.917309][ T6235] RBP: 00007f6bf0677090 R08: 0000000000000000 R09: 0000000000000000 [ 282.917388][ T6235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 282.917463][ T6235] R13: 0000000000000000 R14: 00007f6bef9a5fa0 R15: 00007fffa70ff1a8 [ 282.917564][ T6235] [ 282.917611][ T6235] ERROR: Out of memory at tomoyo_realpath_from_path. [ 283.389243][ T6231] loop1: detected capacity change from 0 to 32768 [ 283.509797][ T6237] loop4: detected capacity change from 0 to 47 [ 283.528207][ T6231] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 283.565956][ T6231] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 283.831415][ T5786] ocfs2: Unmounting device (7,1) on (node local) [ 284.326760][ T6246] netlink: 'syz.0.91': attribute type 4 has an invalid length. [ 284.701336][ T6244] loop2: detected capacity change from 0 to 32768 [ 284.750734][ T6244] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 285.338985][ T6244] XFS (loop2): Ending clean mount [ 285.400300][ T6262] loop0: detected capacity change from 0 to 1024 [ 285.410164][ T6244] XFS (loop2): Quotacheck needed: Please wait. [ 285.432320][ T6262] EXT4-fs: Ignoring removed bh option [ 285.467825][ T6264] loop4: detected capacity change from 0 to 2048 [ 285.495888][ T6244] XFS (loop2): Quotacheck: Done. [ 285.510413][ T6244] FAULT_INJECTION: forcing a failure. [ 285.510413][ T6244] name failslab, interval 1, probability 0, space 0, times 0 [ 285.523404][ T6244] CPU: 1 UID: 0 PID: 6244 Comm: syz.2.90 Not tainted 6.14.0-rc2-syzkaller-00281-g496659003dac #0 [ 285.523532][ T6244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 285.523604][ T6244] Call Trace: [ 285.523651][ T6244] [ 285.523696][ T6244] dump_stack_lvl+0x216/0x2d0 [ 285.523833][ T6244] dump_stack+0x1e/0x24 [ 285.523944][ T6244] should_fail_ex+0x767/0x830 [ 285.524112][ T6244] should_failslab+0x17f/0x210 [ 285.524272][ T6244] __kmalloc_noprof+0x176/0x1230 [ 285.524414][ T6244] ? kmsan_get_metadata+0x13e/0x1c0 [ 285.524565][ T6244] ? tomoyo_encode+0x5f8/0xa40 [ 285.524731][ T6244] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 285.524893][ T6244] ? kmsan_get_metadata+0x13e/0x1c0 [ 285.525047][ T6244] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 285.525215][ T6244] tomoyo_encode+0x5f8/0xa40 [ 285.525404][ T6244] tomoyo_realpath_from_path+0x9dd/0xaa0 [ 285.525604][ T6244] tomoyo_path_number_perm+0x1cf/0x7d0 [ 285.525759][ T6244] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 285.525918][ T6244] ? kmsan_get_metadata+0x13e/0x1c0 [ 285.526072][ T6244] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 285.526263][ T6244] tomoyo_file_ioctl+0x3f/0x50 [ 285.526393][ T6244] security_file_ioctl+0x145/0x590 [ 285.526543][ T6244] __se_sys_ioctl+0xd0/0x440 [ 285.526686][ T6244] __x64_sys_ioctl+0x96/0xe0 [ 285.526824][ T6244] x64_sys_call+0x19f0/0x3c30 [ 285.526960][ T6244] do_syscall_64+0xcd/0x1e0 [ 285.527089][ T6244] ? clear_bhb_loop+0x25/0x80 [ 285.527248][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.527414][ T6244] RIP: 0033:0x7f294ed8cde9 [ 285.527508][ T6244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 285.527615][ T6244] RSP: 002b:00007f294fb62038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 285.527734][ T6244] RAX: ffffffffffffffda RBX: 00007f294efa5fa0 RCX: 00007f294ed8cde9 [ 285.527826][ T6244] RDX: 00004000000000c0 RSI: 00000000c0205865 RDI: 0000000000000003 [ 285.527906][ T6244] RBP: 00007f294fb62090 R08: 0000000000000000 R09: 0000000000000000 [ 285.527985][ T6244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 285.528060][ T6244] R13: 0000000000000000 R14: 00007f294efa5fa0 R15: 00007ffead126af8 [ 285.528162][ T6244] [ 285.528336][ T6244] ERROR: Out of memory at tomoyo_realpath_from_path. [ 285.814133][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 285.821127][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 285.839097][ T5791] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 285.872927][ T6262] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 285.887211][ T6262] ext4 filesystem being mounted at /23/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 285.902608][ T6264] loop4: p3 p4 < > [ 286.228618][ T5797] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 286.744111][ T5867] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 286.791266][ T5825] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 286.963875][ T5825] usb 5-1: Using ep0 maxpacket: 16 [ 286.976698][ T5867] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 286.993574][ T5867] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 287.005748][ T5867] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 287.015260][ T5867] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.023591][ T5825] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 287.032103][ T5825] usb 5-1: config 0 has no interface number 0 [ 287.077213][ T5825] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 287.089124][ T5825] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 287.098625][ T5825] usb 5-1: Product: syz [ 287.101205][ T5867] usb 2-1: config 0 descriptor?? [ 287.103552][ T5825] usb 5-1: Manufacturer: syz [ 287.112968][ T5825] usb 5-1: SerialNumber: syz [ 287.236996][ T5825] usb 5-1: config 0 descriptor?? [ 287.289883][ T5825] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 287.817075][ T5867] usb 2-1: string descriptor 0 read error: -71 [ 287.832436][ T5867] uclogic 0003:256C:006D.0003: failed retrieving string descriptor #200: -71 [ 287.841860][ T5867] uclogic 0003:256C:006D.0003: failed retrieving pen parameters: -71 [ 287.850203][ T5867] uclogic 0003:256C:006D.0003: failed probing pen v2 parameters: -71 [ 287.858739][ T5867] uclogic 0003:256C:006D.0003: failed probing parameters: -71 [ 287.866866][ T5867] uclogic 0003:256C:006D.0003: probe with driver uclogic failed with error -71 [ 287.950759][ T5867] usb 2-1: USB disconnect, device number 4 [ 287.988537][ T29] audit: type=1326 audit(1739674328.440:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6285 comm="syz.2.102" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f294ed8cde9 code=0x0 [ 288.048737][ T6288] loop3: detected capacity change from 0 to 47 [ 288.770439][ T5825] gspca_spca1528: reg_w err -71 [ 288.775864][ T5825] spca1528 5-1:0.1: probe with driver spca1528 failed with error -71 [ 288.825486][ T5825] usb 5-1: USB disconnect, device number 7 [ 288.887911][ T6298] netlink: 'syz.1.105': attribute type 4 has an invalid length. [ 289.287724][ T6303] loop2: detected capacity change from 0 to 512 [ 289.297477][ T6303] EXT4-fs: Ignoring removed nobh option [ 289.371178][ T6303] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 289.399427][ T6305] loop1: detected capacity change from 0 to 1024 [ 289.419443][ T6305] EXT4-fs: Ignoring removed bh option [ 289.501808][ T6303] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 289.515046][ T6303] ext4 filesystem being mounted at /22/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 289.529573][ T6305] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 289.546279][ T6305] ext4 filesystem being mounted at /20/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 289.582246][ T6310] loop3: detected capacity change from 0 to 2048 [ 289.600696][ T6303] EXT4-fs: Ignoring removed nobh option [ 289.607314][ T6303] EXT4-fs: Cannot change journaled quota options when quota turned on [ 289.616373][ T6315] netlink: 16 bytes leftover after parsing attributes in process `syz.4.111'. [ 289.713705][ T6310] loop3: p3 p4 < > [ 289.916470][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 290.224093][ T6324] loop3: detected capacity change from 0 to 47 [ 290.323078][ T29] audit: type=1326 audit(1739674330.780:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6281 comm="syz.0.101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bef78cde9 code=0x7fc00000 [ 290.415723][ T6329] FAULT_INJECTION: forcing a failure. [ 290.415723][ T6329] name failslab, interval 1, probability 0, space 0, times 0 [ 290.429069][ T6329] CPU: 0 UID: 0 PID: 6329 Comm: syz.4.115 Not tainted 6.14.0-rc2-syzkaller-00281-g496659003dac #0 [ 290.429195][ T6329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 290.429266][ T6329] Call Trace: [ 290.429313][ T6329] [ 290.429358][ T6329] dump_stack_lvl+0x216/0x2d0 [ 290.429495][ T6329] dump_stack+0x1e/0x24 [ 290.429606][ T6329] should_fail_ex+0x767/0x830 [ 290.429782][ T6329] should_failslab+0x17f/0x210 [ 290.429947][ T6329] __kmalloc_node_noprof+0x183/0x1250 [ 290.430097][ T6329] ? __kvmalloc_node_noprof+0xc0/0x2d0 [ 290.430256][ T6329] ? kernel_text_address+0x129/0x1b0 [ 290.430420][ T6329] __kvmalloc_node_noprof+0xc0/0x2d0 [ 290.430574][ T6329] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 290.430743][ T6329] traverse+0x107/0xa60 [ 290.430875][ T6329] ? kmsan_get_metadata+0x13e/0x1c0 [ 290.431031][ T6329] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 290.431193][ T6329] seq_read_iter+0x1cc3/0x20e0 [ 290.431317][ T6329] ? kmsan_get_metadata+0x13e/0x1c0 [ 290.431470][ T6329] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 290.431645][ T6329] seq_read+0x4ef/0x5d0 [ 290.431772][ T6329] ? kmsan_get_metadata+0x13e/0x1c0 [ 290.431929][ T6329] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 290.432089][ T6329] ? __pfx_seq_read+0x10/0x10 [ 290.432213][ T6329] ? __pfx_seq_read+0x10/0x10 [ 290.432332][ T6329] proc_reg_read+0x261/0x4b0 [ 290.432476][ T6329] vfs_readv+0x94e/0xee0 [ 290.432639][ T6329] ? __pfx_proc_reg_read+0x10/0x10 [ 290.432802][ T6329] ? kmsan_get_metadata+0x13e/0x1c0 [ 290.432957][ T6329] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 290.433123][ T6329] __x64_sys_preadv+0x2b6/0x4d0 [ 290.433281][ T6329] x64_sys_call+0x2d86/0x3c30 [ 290.433416][ T6329] do_syscall_64+0xcd/0x1e0 [ 290.433547][ T6329] ? clear_bhb_loop+0x25/0x80 [ 290.433704][ T6329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.433872][ T6329] RIP: 0033:0x7f7ad6d8cde9 [ 290.433967][ T6329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 290.434075][ T6329] RSP: 002b:00007f7ad7be8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 290.434196][ T6329] RAX: ffffffffffffffda RBX: 00007f7ad6fa5fa0 RCX: 00007f7ad6d8cde9 [ 290.434288][ T6329] RDX: 0000000000000001 RSI: 00004000000001c0 RDI: 0000000000000003 [ 290.434366][ T6329] RBP: 00007f7ad7be8090 R08: 0000000000000000 R09: 0000000000000000 [ 290.434445][ T6329] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 290.434520][ T6329] R13: 0000000000000000 R14: 00007f7ad6fa5fa0 R15: 00007ffe1334a148 [ 290.434622][ T6329] [ 290.693919][ T6327] loop1: detected capacity change from 0 to 1024 [ 290.702747][ T6327] EXT4-fs: Ignoring removed bh option [ 290.708560][ T6327] EXT4-fs: inline encryption not supported [ 290.782248][ T6327] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 290.816269][ T6327] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 290.863346][ T6327] EXT4-fs error (device loop1): ext4_map_blocks:671: inode #3: block 2: comm syz.1.113: lblock 2 mapped to illegal pblock 2 (length 1) [ 290.923957][ T6327] Quota error (device loop1): qtree_write_dquot: dquota write failed [ 290.934568][ T6327] EXT4-fs error (device loop1): ext4_map_blocks:671: inode #3: block 48: comm syz.1.113: lblock 0 mapped to illegal pblock 48 (length 1) [ 290.956298][ T6327] Quota error (device loop1): v2_write_file_info: Can't write info structure [ 290.965596][ T6327] EXT4-fs error (device loop1): ext4_acquire_dquot:6927: comm syz.1.113: Failed to acquire dquot type 0 [ 290.985809][ T6327] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5838: Corrupt filesystem [ 291.001951][ T6327] EXT4-fs error (device loop1): ext4_evict_inode:256: inode #11: comm syz.1.113: mark_inode_dirty error [ 291.014802][ T6327] EXT4-fs warning (device loop1): ext4_evict_inode:259: couldn't mark inode dirty (err -117) [ 291.025539][ T6327] EXT4-fs (loop1): 1 orphan inode deleted [ 291.033254][ T6327] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 291.053006][ T61] EXT4-fs error (device loop1): ext4_map_blocks:671: inode #3: block 1: comm kworker/u8:5: lblock 1 mapped to illegal pblock 1 (length 1) [ 291.113460][ T6325] EXT4-fs error (device loop1): __ext4_get_inode_loc:4435: comm syz.1.113: Invalid inode table block 1 in block_group 0 [ 291.118656][ T61] Quota error (device loop1): remove_tree: Can't read quota data block 1 [ 291.135600][ T61] EXT4-fs error (device loop1): ext4_release_dquot:6950: comm kworker/u8:5: Failed to release dquot type 0 [ 291.152837][ T6325] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5838: Corrupt filesystem [ 291.292631][ T6325] EXT4-fs error (device loop1): ext4_map_blocks:671: inode #2: block 16: comm syz.1.113: lblock 0 mapped to illegal pblock 16 (length 1) [ 291.392460][ T5791] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 291.449844][ T6325] EXT4-fs error (device loop1): ext4_map_blocks:671: inode #2: block 16: comm syz.1.113: lblock 0 mapped to illegal pblock 16 (length 1) [ 291.858790][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 291.939768][ T6336] loop3: detected capacity change from 0 to 32768 [ 291.951803][ T5786] EXT4-fs error (device loop1): __ext4_get_inode_loc:4435: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 291.988004][ T5786] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5838: Corrupt filesystem [ 292.038171][ T5786] EXT4-fs error (device loop1): ext4_quota_off:7194: inode #3: comm syz-executor: mark_inode_dirty error [ 292.133264][ T5867] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 292.281713][ T6340] netlink: 'syz.2.119': attribute type 4 has an invalid length. [ 292.299545][ T5867] usb 5-1: Using ep0 maxpacket: 32 [ 292.349474][ T5867] usb 5-1: unable to get BOS descriptor or descriptor too short [ 292.362346][ T5867] usb 5-1: config 128 has an invalid interface number: 127 but max is 3 [ 292.371218][ T5867] usb 5-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 292.381801][ T5867] usb 5-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 292.391182][ T5867] usb 5-1: config 128 has no interface number 0 [ 292.397676][ T5867] usb 5-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 139, changing to 11 [ 292.415043][ T5867] usb 5-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 18351, setting to 1024 [ 292.428647][ T5867] usb 5-1: config 128 interface 127 has no altsetting 0 [ 292.452936][ T6342] 9pnet_fd: Insufficient options for proto=fd [ 292.549037][ T5867] usb 5-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 292.558733][ T5867] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 292.567266][ T5867] usb 5-1: Product: syz [ 292.571729][ T5867] usb 5-1: Manufacturer: syz [ 292.576549][ T5867] usb 5-1: SerialNumber: syz [ 292.620695][ T6335] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 292.862037][ T6342] loop0: detected capacity change from 0 to 4096 [ 292.880066][ T6342] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 292.970884][ T5867] usb 5-1: USB disconnect, device number 8 [ 293.050766][ T6348] loop1: detected capacity change from 0 to 2048 [ 293.085093][ T6342] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 293.115100][ T6342] ntfs3(loop0): Failed to initialize $Extend/$ObjId. [ 293.128627][ T6342] ntfs3(loop0): ino=5, mi_enum_attr [ 293.136202][ T6342] ntfs3(loop0): Failed to load root (-22). [ 293.175591][ T6348] loop1: p3 p4 < > [ 293.859782][ T6360] loop1: detected capacity change from 0 to 47 [ 294.082033][ T5825] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 294.087396][ T6363] loop0: detected capacity change from 0 to 2048 [ 294.155744][ T6365] loop3: detected capacity change from 0 to 1024 [ 294.172767][ T6365] EXT4-fs: Ignoring removed bh option [ 294.186889][ T6363] loop0: p1 [ 294.272443][ T6365] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 294.285826][ T6365] ext4 filesystem being mounted at /21/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 294.491263][ T5802] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 294.878177][ T6378] loop3: detected capacity change from 0 to 1024 [ 294.956695][ T6381] netlink: 'syz.1.135': attribute type 4 has an invalid length. [ 294.979483][ T6378] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 295.061325][ T5867] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 295.262432][ T5867] usb 5-1: too many configurations: 235, using maximum allowed: 8 [ 295.315921][ T5867] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 295.324169][ T5867] usb 5-1: can't read configurations, error -61 [ 295.501329][ T5867] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 295.511599][ T5825] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 295.629941][ T5802] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 295.703452][ T5867] usb 5-1: too many configurations: 235, using maximum allowed: 8 [ 295.736614][ T5867] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 295.739539][ T5825] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 295.744946][ T5867] usb 5-1: can't read configurations, error -61 [ 295.753825][ T5825] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 295.753942][ T5825] usb 1-1: Product: syz [ 295.773137][ T5825] usb 1-1: Manufacturer: syz [ 295.777968][ T5825] usb 1-1: SerialNumber: syz [ 295.794632][ T5867] usb usb5-port1: attempt power cycle [ 295.842946][ T5825] usb 1-1: config 0 descriptor?? [ 295.879223][ T6398] Zero length message leads to an empty skb [ 295.902168][ T5416] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 296.061352][ T5416] usb 2-1: Using ep0 maxpacket: 32 [ 296.085639][ T5416] usb 2-1: unable to get BOS descriptor or descriptor too short [ 296.118671][ T5416] usb 2-1: config 128 has an invalid interface number: 127 but max is 3 [ 296.127578][ T5416] usb 2-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 296.138222][ T5416] usb 2-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 296.147706][ T5416] usb 2-1: config 128 has no interface number 0 [ 296.154282][ T5416] usb 2-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 1828, setting to 1024 [ 296.166037][ T5416] usb 2-1: config 128 interface 127 has no altsetting 0 [ 296.189665][ T5416] usb 2-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 296.204397][ T5416] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 296.214578][ T5416] usb 2-1: Product: syz [ 296.218976][ T5416] usb 2-1: Manufacturer: syz [ 296.223880][ T5416] usb 2-1: SerialNumber: syz [ 296.231259][ T5867] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 296.255389][ T6393] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 296.271707][ T5867] usb 5-1: too many configurations: 235, using maximum allowed: 8 [ 296.313061][ T5867] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 296.321178][ T5867] usb 5-1: can't read configurations, error -61 [ 296.461789][ T5867] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 296.548124][ T5867] usb 5-1: too many configurations: 235, using maximum allowed: 8 [ 296.580379][ T5867] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 296.589150][ T5867] usb 5-1: can't read configurations, error -61 [ 296.630837][ T5867] usb usb5-port1: unable to enumerate USB device [ 296.646263][ T5416] usb 2-1: USB disconnect, device number 5 [ 296.694677][ T5825] usb 1-1: Firmware version (0.0) predates our first public release. [ 296.703392][ T5825] usb 1-1: Please update to version 0.2 or newer [ 296.726553][ T6398] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 296.733112][ T6398] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 296.746911][ T6398] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 296.778095][ T6398] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 296.785062][ T6398] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 296.794843][ T6398] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 296.797452][ T5825] usb 1-1: USB disconnect, device number 3 [ 296.821859][ T6398] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 296.828457][ T6398] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 296.838553][ T6398] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 296.849594][ T6398] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 296.856209][ T6398] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 296.868675][ T6398] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 296.884362][ T6398] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 296.890760][ T6398] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 296.901628][ T6398] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 297.071579][ T6409] syz.3.144 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 297.093659][ T6408] netlink: 16 bytes leftover after parsing attributes in process `syz.3.144'. [ 297.171317][ T5416] usb 3-1: new low-speed USB device number 7 using dummy_hcd [ 297.367371][ T5416] usb 3-1: config index 0 descriptor too short (expected 6427, got 27) [ 297.376141][ T5416] usb 3-1: config 0 has an invalid interface number: 21 but max is 0 [ 297.384555][ T5416] usb 3-1: config 0 has no interface number 0 [ 297.390692][ T6415] netlink: 16 bytes leftover after parsing attributes in process `syz.3.146'. [ 297.399937][ T5416] usb 3-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 297.411871][ T5416] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 297.428660][ T5416] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 297.441863][ T5416] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 297.451700][ T5416] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.647494][ T5416] usb 3-1: config 0 descriptor?? [ 297.654803][ T6406] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 297.789963][ T6419] netlink: 'syz.1.148': attribute type 4 has an invalid length. [ 297.965693][ T5416] usb 3-1: USB disconnect, device number 7 [ 298.011914][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 298.175285][ T6422] loop1: detected capacity change from 0 to 256 [ 298.279577][ T6422] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb080095b, utbl_chksum : 0xe619d30d) [ 298.399417][ T6426] loop4: detected capacity change from 0 to 2048 [ 298.402942][ T6422] netlink: 4 bytes leftover after parsing attributes in process `syz.1.150'. [ 298.491514][ T6426] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 298.589851][ T6425] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 298.632836][ T6425] EXT4-fs (loop4): Remounting filesystem read-only [ 298.815472][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 298.893770][ T51] Bluetooth: hci4: command 0x0c1a tx timeout [ 298.900056][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 298.901700][ T5794] Bluetooth: hci2: command 0x0c1a tx timeout [ 299.018524][ T5790] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 299.119787][ T6431] loop0: detected capacity change from 0 to 2048 [ 299.284553][ T6438] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 299.456568][ T6441] kernel read not supported for file /  (pid: 6441 comm: syz.0.152) [ 299.467824][ T29] audit: type=1800 audit(1739674339.930:121): pid=6441 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.152" name=200420 dev="mqueue" ino=10081 res=0 errno=0 [ 299.516954][ T6438] NILFS (loop0): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3) [ 299.528074][ T6438] NILFS error (device loop0): nilfs_bmap_propagate: broken bmap (inode number=16) [ 299.556810][ T6438] Remounting filesystem read-only [ 299.731620][ T5797] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer [ 299.801300][ T6415] loop3: detected capacity change from 0 to 40427 [ 299.822790][ T6415] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x1fffff [ 299.831908][ T6415] F2FS-fs (loop3): Image doesn't support compression [ 299.839173][ T6415] F2FS-fs (loop3): Image doesn't support compression [ 299.875825][ T6415] F2FS-fs (loop3): invalid crc value [ 299.914764][ T6415] F2FS-fs (loop3): Found nat_bits in checkpoint [ 300.142477][ T6437] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 300.149210][ T6437] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 300.156258][ T6437] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 300.163050][ T6437] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 300.169664][ T6437] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 300.217805][ T6415] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 300.265025][ T6415] syz.3.146: attempt to access beyond end of device [ 300.265025][ T6415] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 300.296138][ T6415] F2FS-fs (loop3): inject dquot initialize in f2fs_dquot_initialize of f2fs_truncate+0x3ea/0x940 [ 300.422453][ T5416] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 300.450219][ T5825] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 300.461515][ T5867] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 300.596105][ T25] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 300.611578][ T5825] usb 1-1: Using ep0 maxpacket: 32 [ 300.614210][ T5416] usb 3-1: Using ep0 maxpacket: 16 [ 300.632106][ T5867] usb 5-1: Using ep0 maxpacket: 32 [ 300.632507][ T5825] usb 1-1: config 0 interface 0 has no altsetting 0 [ 300.659487][ T5416] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 300.668757][ T5416] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 300.679202][ T5416] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 300.693351][ T5867] usb 5-1: unable to get BOS descriptor or descriptor too short [ 300.715518][ T5825] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 300.715651][ T5867] usb 5-1: config 128 has an invalid interface number: 127 but max is 3 [ 300.725139][ T5825] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.733679][ T5867] usb 5-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 300.733791][ T5867] usb 5-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 300.742046][ T5825] usb 1-1: Product: syz [ 300.752413][ T5867] usb 5-1: config 128 has no interface number 0 [ 300.761688][ T5825] usb 1-1: Manufacturer: syz [ 300.765848][ T5867] usb 5-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 1828, setting to 1024 [ 300.772341][ T5825] usb 1-1: SerialNumber: syz [ 300.794435][ T5867] usb 5-1: config 128 interface 127 has no altsetting 0 [ 300.805588][ T5825] usb 1-1: config 0 descriptor?? [ 300.852150][ T25] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 300.862898][ T25] usb 4-1: New USB device found, idVendor=050d, idProduct=011b, bcdDevice=6f.a4 [ 300.872396][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.902437][ T5416] usb 3-1: New USB device found, idVendor=1d6b, idProduct=7893, bcdDevice= 0.40 [ 300.920648][ T5416] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.929056][ T25] usb 4-1: config 0 descriptor?? [ 300.936937][ T5416] usb 3-1: Product: syz [ 300.942133][ T5416] usb 3-1: Manufacturer: syz [ 300.946957][ T5416] usb 3-1: SerialNumber: syz [ 300.959579][ T25] rndis_host 4-1:0.0: probe with driver rndis_host failed with error -22 [ 301.072976][ T5867] usb 5-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 301.082732][ T5867] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 301.091350][ T5867] usb 5-1: Product: syz [ 301.095910][ T5867] usb 5-1: Manufacturer: syz [ 301.100880][ T5867] usb 5-1: SerialNumber: syz [ 301.105856][ T6456] netlink: 'syz.1.160': attribute type 4 has an invalid length. [ 301.140362][ T6442] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 301.190464][ T6450] netlink: 156 bytes leftover after parsing attributes in process `syz.2.157'. [ 301.238715][ T5416] usb 3-1: 0:2 : does not exist [ 301.253887][ T25] usb 4-1: USB disconnect, device number 17 [ 301.292447][ T5788] Bluetooth: hci0: command 0x0c1a tx timeout [ 301.302808][ T5416] usb 3-1: 1:0: failed to get current value for ch 0 (-22) [ 301.328936][ T5825] gs_usb 1-1:0.0: Configuring for 74 interfaces [ 301.335899][ T5825] gs_usb 1-1:0.0: Driver cannot handle more that 3 CAN interfaces [ 301.344298][ T5825] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -22 [ 301.514005][ T5416] usb 3-1: USB disconnect, device number 8 [ 301.550295][ T5867] usb 5-1: USB disconnect, device number 13 [ 301.578189][ T6458] IPVS: set_ctl: invalid protocol: 41 100.1.1.1:20001 [ 301.857703][ T5802] syz-executor: attempt to access beyond end of device [ 301.857703][ T5802] loop3: rw=2049, sector=45112, nr_sectors = 8 limit=40427 [ 301.872323][ T5802] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 302.173987][ T5788] Bluetooth: hci2: command 0x0c1a tx timeout [ 302.174382][ T5794] Bluetooth: hci1: command 0x0c1a tx timeout [ 302.255538][ T5794] Bluetooth: hci4: command 0x0c1a tx timeout [ 302.262261][ T5794] Bluetooth: hci3: command 0x0c1a tx timeout [ 302.611812][ T6465] loop2: detected capacity change from 0 to 8 [ 302.944654][ T6468] netlink: 28 bytes leftover after parsing attributes in process `syz.1.166'. [ 302.956830][ T6468] netlink: 28 bytes leftover after parsing attributes in process `syz.1.166'. [ 302.983627][ T6468] team0: entered promiscuous mode [ 302.988909][ T6468] team_slave_0: entered promiscuous mode [ 302.995952][ T6468] team_slave_1: entered promiscuous mode [ 303.010537][ T6468] batadv_slave_1: entered promiscuous mode [ 303.303656][ T25] usb 1-1: USB disconnect, device number 4 [ 303.375133][ T5788] Bluetooth: hci0: command 0x0c1a tx timeout [ 303.751161][ T6477] netlink: 'syz.2.171': attribute type 4 has an invalid length. [ 303.803539][ T6482] loop1: detected capacity change from 0 to 256 [ 303.833381][ T6482] exfat: Deprecated parameter 'utf8' [ 303.945698][ T6482] exFAT-fs (loop1): Invalid boot checksum (boot checksum : 0x1119abd0, checksum : 0x1119ac30) [ 303.956680][ T6482] exFAT-fs (loop1): invalid boot region [ 303.962580][ T6482] exFAT-fs (loop1): failed to recognize exfat type [ 304.038077][ T6482] warning: `syz.1.172' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 304.088694][ T6484] IPVS: set_ctl: invalid protocol: 41 100.1.1.1:20001 [ 304.251878][ T5788] Bluetooth: hci2: command 0x0c1a tx timeout [ 304.258146][ T5788] Bluetooth: hci1: command 0x0c1a tx timeout [ 304.343006][ T5788] Bluetooth: hci3: command 0x0c1a tx timeout [ 304.349406][ T5794] Bluetooth: hci4: command 0x0c1a tx timeout [ 304.933872][ T5416] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 304.988033][ T6482] loop1: detected capacity change from 0 to 40427 [ 305.006660][ T6482] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1fffff [ 305.016022][ T6482] F2FS-fs (loop1): heap/no_heap options were deprecated [ 305.036008][ T6482] F2FS-fs (loop1): invalid crc value [ 305.080854][ T6482] F2FS-fs (loop1): Found nat_bits in checkpoint [ 305.158126][ T5416] usb 3-1: Using ep0 maxpacket: 32 [ 305.231846][ T5416] usb 3-1: unable to get BOS descriptor or descriptor too short [ 305.282392][ T5416] usb 3-1: config 128 has an invalid interface number: 127 but max is 3 [ 305.291703][ T5416] usb 3-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 305.302415][ T5416] usb 3-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 305.317072][ T5416] usb 3-1: config 128 has no interface number 0 [ 305.325375][ T5416] usb 3-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 1828, setting to 1024 [ 305.337196][ T5416] usb 3-1: config 128 interface 127 has no altsetting 0 [ 305.422566][ T6482] F2FS-fs (loop1): Start checkpoint disabled! [ 305.443667][ T6482] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 305.461145][ T6482] F2FS-fs (loop1): Stopped filesystem due to reason: 0 [ 306.309358][ T5416] usb 3-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 306.319058][ T5416] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.327374][ T5416] usb 3-1: Product: syz [ 306.337759][ T5416] usb 3-1: Manufacturer: syz [ 306.344378][ T5416] usb 3-1: SerialNumber: syz [ 306.356674][ T6489] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 306.982138][ T6496] loop4: detected capacity change from 0 to 65536 [ 307.054108][ T6496] XFS (loop4): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 307.067559][ T5416] usb 3-1: USB disconnect, device number 9 [ 307.274838][ T6496] XFS (loop4): Ending clean mount [ 307.505636][ T5790] XFS (loop4): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 310.130836][ T6542] sctp: [Deprecated]: syz.2.193 (pid 6542) Use of int in max_burst socket option deprecated. [ 310.130836][ T6542] Use struct sctp_assoc_value instead [ 311.227346][ T6565] syz.2.202 uses obsolete (PF_INET,SOCK_PACKET) [ 311.728185][ T6573] netlink: 8 bytes leftover after parsing attributes in process `syz.2.202'. [ 312.003116][ T6564] sctp: failed to load transform for md5: -2 [ 312.033127][ T6567] sctp: failed to load transform for md5: -2 [ 313.259607][ T6605] netlink: 32 bytes leftover after parsing attributes in process `syz.3.215'. [ 315.191114][ T6632] policy can only be matched on NF_INET_PRE_ROUTING [ 315.191202][ T6632] unable to load match [ 315.980320][ T6636] netlink: 24 bytes leftover after parsing attributes in process `syz.4.228'. [ 319.280908][ T6622] Set syz1 is full, maxelem 65536 reached [ 320.778554][ T6676] netlink: 8 bytes leftover after parsing attributes in process `syz.1.245'. [ 320.903619][ T6680] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 321.461717][ T6693] xt_socket: unknown flags 0x4 [ 321.512113][ T6695] IPVS: set_ctl: invalid protocol: 50 224.0.0.2:20003 [ 321.533477][ T6689] netdevsim netdevsim0: Direct firmware load for / [ 321.533477][ T6689] failed with error -2 [ 321.544714][ T6689] netdevsim netdevsim0: Falling back to sysfs fallback for: / [ 321.544714][ T6689] [ 321.988434][ T6698] bridge_slave_0: left allmulticast mode [ 321.994549][ T6698] bridge_slave_0: left promiscuous mode [ 322.005682][ T6698] bridge0: port 1(bridge_slave_0) entered disabled state [ 322.053195][ T6698] bridge_slave_1: left allmulticast mode [ 322.059190][ T6698] bridge_slave_1: left promiscuous mode [ 322.068706][ T6698] bridge0: port 2(bridge_slave_1) entered disabled state [ 322.094811][ T6701] netlink: 20 bytes leftover after parsing attributes in process `syz.3.255'. [ 322.138350][ T6698] bond0: (slave bond_slave_0): Releasing backup interface [ 322.182318][ T6698] bond0: (slave bond_slave_1): Releasing backup interface [ 322.257588][ T6698] team_slave_0: left promiscuous mode [ 322.342513][ T6698] team0: Port device team_slave_0 removed [ 322.354071][ T6698] team_slave_1: left promiscuous mode [ 322.404110][ T6698] team0: Port device team_slave_1 removed [ 322.429131][ T6698] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 322.437000][ T6698] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 322.478147][ T6698] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 322.486384][ T6698] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 322.695750][ T6704] vlan2: entered allmulticast mode [ 322.701205][ T6704] bond0: entered allmulticast mode [ 322.709878][ T6704] bridge0: port 1(vlan2) entered blocking state [ 322.725136][ T6704] bridge0: port 1(vlan2) entered disabled state [ 323.107165][ T6712] netlink: 8 bytes leftover after parsing attributes in process `syz.3.260'. [ 324.071537][ T6694] netlink: 12 bytes leftover after parsing attributes in process `syz.2.252'. [ 324.080757][ T6694] netlink: 8 bytes leftover after parsing attributes in process `syz.2.252'. [ 324.707122][ T6740] netlink: 12 bytes leftover after parsing attributes in process `syz.3.268'. [ 325.198342][ T6747] netlink: 8 bytes leftover after parsing attributes in process `syz.0.270'. [ 326.862876][ T6780] netlink: 8 bytes leftover after parsing attributes in process `syz.4.279'. [ 326.872057][ T6780] netlink: 4 bytes leftover after parsing attributes in process `syz.4.279'. [ 329.750945][ T6830] batadv_slave_1: entered allmulticast mode [ 329.956964][ T6829] batadv_slave_1: left allmulticast mode [ 331.230206][ T6859] netlink: 4 bytes leftover after parsing attributes in process `syz.4.316'. [ 332.093711][ T6876] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 332.108066][ T6876] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 332.822148][ T6889] netlink: 4 bytes leftover after parsing attributes in process `syz.2.332'. [ 334.751733][ T29] audit: type=1800 audit(1739674375.210:122): pid=6918 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.344" name="memory.events" dev="tmpfs" ino=410 res=0 errno=0 [ 335.143546][ T6938] netlink: 4 bytes leftover after parsing attributes in process `syz.2.353'. [ 335.748671][ T6948] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 335.756497][ T6948] syzkaller1: linktype set to 780 [ 336.802653][ T6965] netlink: 'syz.1.365': attribute type 10 has an invalid length. [ 336.869191][ T6965] veth1_vlan: entered allmulticast mode [ 336.942696][ T6965] netlink: 12 bytes leftover after parsing attributes in process `syz.1.365'. [ 337.162426][ T6970] geneve2: entered allmulticast mode [ 338.601097][ T6981] loop3: detected capacity change from 0 to 32768 [ 338.659184][ T6981] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 338.688289][ T6981] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 338.930549][ T5802] ocfs2: Unmounting device (7,3) on (node local) [ 339.828240][ T6996] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 339.930527][ T7006] netlink: 88 bytes leftover after parsing attributes in process `syz.1.383'. [ 339.940194][ T7006] netlink: 24 bytes leftover after parsing attributes in process `syz.1.383'. [ 339.949452][ T7006] netlink: 16 bytes leftover after parsing attributes in process `syz.1.383'. [ 339.958626][ T7006] netlink: 80 bytes leftover after parsing attributes in process `syz.1.383'. [ 342.087959][ T7050] netlink: 8 bytes leftover after parsing attributes in process `syz.0.404'. [ 346.307291][ T7137] netlink: 'syz.4.443': attribute type 1 has an invalid length. [ 346.319280][ T7137] netlink: 68 bytes leftover after parsing attributes in process `syz.4.443'. [ 346.390785][ T7138] lo speed is unknown, defaulting to 1000 [ 346.399130][ T7138] lo speed is unknown, defaulting to 1000 [ 346.406190][ T7138] lo speed is unknown, defaulting to 1000 [ 346.802831][ T7138] infiniband syz0: set down [ 346.807598][ T7138] infiniband syz0: added lo [ 346.813665][ T5416] lo speed is unknown, defaulting to 1000 [ 346.948312][ T7138] RDS/IB: syz0: added [ 346.952733][ T7138] smc: adding ib device syz0 with port count 1 [ 346.959328][ T7138] smc: ib device syz0 port 1 has pnetid [ 346.967220][ T7138] lo speed is unknown, defaulting to 1000 [ 347.354102][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 347.360881][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 347.442991][ T7138] lo speed is unknown, defaulting to 1000 [ 347.856489][ T7138] lo speed is unknown, defaulting to 1000 [ 348.269173][ T7138] lo speed is unknown, defaulting to 1000 [ 348.682241][ T7138] lo speed is unknown, defaulting to 1000 [ 349.093934][ T5416] lo speed is unknown, defaulting to 1000 [ 349.929550][ T7171] team0 (unregistering): Port device team_slave_0 removed [ 349.957399][ T7171] team0 (unregistering): Port device team_slave_1 removed [ 350.437689][ T7185] netlink: 156 bytes leftover after parsing attributes in process `syz.0.465'. [ 350.718295][ T7189] netlink: 28 bytes leftover after parsing attributes in process `syz.2.466'. [ 350.727708][ T7189] netlink: 28 bytes leftover after parsing attributes in process `syz.2.466'. [ 350.750487][ T7189] ip6gretap0: entered promiscuous mode [ 350.761274][ T7189] syz_tun: entered promiscuous mode [ 350.769483][ T7189] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 350.782340][ T7189] Cannot create hsr debugfs directory [ 351.446060][ T7202] netlink: 8 bytes leftover after parsing attributes in process `syz.1.472'. [ 351.967421][ T7210] netlink: 156 bytes leftover after parsing attributes in process `syz.4.478'. [ 353.250282][ T7231] netlink: 8 bytes leftover after parsing attributes in process `syz.4.487'. [ 353.775923][ T7245] netlink: 16 bytes leftover after parsing attributes in process `syz.1.489'. [ 355.016863][ T7264] netlink: 8 bytes leftover after parsing attributes in process `syz.0.501'. [ 356.541619][ T7295] netlink: 8 bytes leftover after parsing attributes in process `syz.3.515'. [ 358.377756][ T7325] netlink: 156 bytes leftover after parsing attributes in process `syz.3.528'. [ 358.666407][ T7333] netlink: 4 bytes leftover after parsing attributes in process `syz.0.532'. [ 360.408614][ T7362] netlink: 12 bytes leftover after parsing attributes in process `syz.4.545'. [ 362.354745][ T7391] netlink: 12 bytes leftover after parsing attributes in process `syz.2.558'. [ 363.052989][ T7401] team0 (unregistering): Port device team_slave_0 removed [ 363.162143][ T7401] team0 (unregistering): Port device team_slave_1 removed [ 364.266876][ T7420] netlink: 12 bytes leftover after parsing attributes in process `syz.1.572'. [ 365.565496][ T7441] team0 (unregistering): Port device team_slave_0 removed [ 365.589142][ T7441] team0 (unregistering): Port device team_slave_1 removed [ 366.083553][ T7449] netlink: 12 bytes leftover after parsing attributes in process `syz.2.586'. [ 368.243122][ T7484] netlink: 12 bytes leftover after parsing attributes in process `syz.1.601'. [ 369.264508][ T7506] netlink: 'syz.4.612': attribute type 10 has an invalid length. [ 369.283768][ T7506] bond0: (slave veth4): Enslaving as an active interface with an up link [ 369.340830][ T7506] veth1_vlan: entered allmulticast mode [ 370.086250][ T7519] netlink: 12 bytes leftover after parsing attributes in process `syz.3.617'. [ 370.431979][ T7525] team0 (unregistering): left promiscuous mode [ 371.634411][ T7551] netlink: 12 bytes leftover after parsing attributes in process `syz.3.632'. [ 373.018340][ T7583] netlink: 12 bytes leftover after parsing attributes in process `syz.1.646'. [ 374.763742][ T7615] netlink: 12 bytes leftover after parsing attributes in process `syz.3.659'. [ 376.130327][ T7644] netlink: 24 bytes leftover after parsing attributes in process `syz.1.673'. [ 376.386794][ T7649] netlink: 12 bytes leftover after parsing attributes in process `syz.0.675'. [ 377.915546][ T7682] batadv_slave_1: entered allmulticast mode [ 377.967123][ T7681] batadv_slave_1: left allmulticast mode [ 379.065217][ T7708] netlink: 76 bytes leftover after parsing attributes in process `syz.4.701'. [ 380.086906][ T7733] rose2: entered allmulticast mode [ 380.262518][ T7730] team0 (unregistering): Port device team_slave_0 removed [ 380.294212][ T7730] team0 (unregistering): Port device team_slave_1 removed [ 380.562890][ T7740] netlink: 56 bytes leftover after parsing attributes in process `syz.2.716'. [ 381.255719][ T7755] mac80211_hwsim hwsim10 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 383.705444][ T7809] netlink: 24 bytes leftover after parsing attributes in process `syz.4.745'. [ 385.216406][ T3819] wlan0: Trigger new scan to find an IBSS to join [ 385.365171][ T7838] netlink: 28 bytes leftover after parsing attributes in process `syz.1.758'. [ 385.374623][ T7838] netlink: 28 bytes leftover after parsing attributes in process `syz.1.758'. [ 385.479463][ T7845] netlink: 24 bytes leftover after parsing attributes in process `syz.2.761'. [ 387.212765][ T7877] netlink: 24 bytes leftover after parsing attributes in process `syz.3.777'. [ 387.497133][ T7884] netlink: 28 bytes leftover after parsing attributes in process `syz.1.780'. [ 387.506683][ T7884] netlink: 28 bytes leftover after parsing attributes in process `syz.1.780'. [ 387.754527][ T7889] netlink: 12 bytes leftover after parsing attributes in process `syz.3.782'. [ 388.925611][ T7910] netlink: 24 bytes leftover after parsing attributes in process `syz.3.792'. [ 389.688497][ T7924] netlink: 28 bytes leftover after parsing attributes in process `syz.3.799'. [ 389.698054][ T7924] netlink: 28 bytes leftover after parsing attributes in process `syz.3.799'. [ 390.172696][ T61] wlan0: Trigger new scan to find an IBSS to join [ 390.451935][ T7944] netlink: 24 bytes leftover after parsing attributes in process `syz.4.809'. [ 390.599774][ T7949] netlink: 8 bytes leftover after parsing attributes in process `syz.2.808'. [ 390.610401][ T7949] netlink: 8 bytes leftover after parsing attributes in process `syz.2.808'. [ 391.105873][ T61] wlan0: Creating new IBSS network, BSSID 36:ae:a7:52:86:b6 [ 392.282709][ T7974] netlink: 24 bytes leftover after parsing attributes in process `syz.1.822'. [ 394.073065][ T8016] netlink: 16 bytes leftover after parsing attributes in process `syz.4.839'. [ 394.228089][ T8021] netlink: 24 bytes leftover after parsing attributes in process `syz.2.840'. [ 394.245047][ T8024] netlink: 16 bytes leftover after parsing attributes in process `syz.1.842'. [ 395.568681][ T8050] netlink: 16 bytes leftover after parsing attributes in process `syz.4.855'. [ 397.341918][ T8090] netlink: 16 bytes leftover after parsing attributes in process `syz.4.871'. [ 399.064268][ T8132] netlink: 16 bytes leftover after parsing attributes in process `syz.0.887'. [ 400.224249][ T8153] netlink: 32 bytes leftover after parsing attributes in process `syz.1.896'. [ 401.088523][ T8168] netlink: 16 bytes leftover after parsing attributes in process `syz.1.900'. [ 402.763418][ T8194] netlink: 16 bytes leftover after parsing attributes in process `syz.1.914'. [ 403.350459][ T8204] netlink: 8 bytes leftover after parsing attributes in process `syz.2.919'. [ 404.321293][ T8223] netlink: 8 bytes leftover after parsing attributes in process `syz.0.928'. [ 406.197395][ T8253] netlink: 8 bytes leftover after parsing attributes in process `syz.0.941'. [ 406.943190][ T8264] netlink: 212 bytes leftover after parsing attributes in process `syz.3.947'. [ 406.956288][ T8264] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 407.969211][ T8281] netlink: 8 bytes leftover after parsing attributes in process `syz.2.954'. [ 408.071965][ T8283] syzkaller1: entered promiscuous mode [ 408.077790][ T8283] syzkaller1: entered allmulticast mode [ 408.671328][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 408.677993][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 409.092526][ T8297] lo speed is unknown, defaulting to 1000 [ 413.248761][ T8421] netlink: 16 bytes leftover after parsing attributes in process `syz.0.967'. [ 413.775440][ T8426] geneve2: entered allmulticast mode [ 415.108678][ T8447] netlink: 16 bytes leftover after parsing attributes in process `syz.2.980'. [ 416.383633][ T8463] IPVS: set_ctl: invalid protocol: 58 100.1.1.2:19974 [ 416.466626][ T8463] netlink: 'syz.2.987': attribute type 10 has an invalid length. [ 416.474924][ T8463] netlink: 132 bytes leftover after parsing attributes in process `syz.2.987'. [ 416.559135][ T8463] sctp: [Deprecated]: syz.2.987 (pid 8463) Use of int in maxseg socket option. [ 416.559135][ T8463] Use struct sctp_assoc_value instead [ 417.415972][ T8478] netlink: 16 bytes leftover after parsing attributes in process `syz.3.993'. [ 423.371473][ T4051] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 425.390623][ T8599] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1038'. [ 425.823884][ T8607] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1042'. [ 425.834611][ T8607] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1042'. [ 426.869543][ T8631] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1052'. [ 426.920338][ T8633] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1053'. [ 427.296895][ T25] IPVS: starting estimator thread 0... [ 427.394251][ T8638] IPVS: using max 240 ests per chain, 12000 per kthread [ 428.200631][ T8657] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1062'. [ 428.210265][ T8657] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1062'. [ 428.232870][ T8657] ip6gretap0: entered promiscuous mode [ 428.233579][ T8659] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1065'. [ 428.243266][ T8657] syz_tun: entered promiscuous mode [ 428.729457][ T8668] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1069'. [ 430.463790][ T8701] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1084'. [ 430.473586][ T8701] bridge_slave_1: left allmulticast mode [ 430.479467][ T8701] bridge_slave_1: left promiscuous mode [ 430.486354][ T8701] bridge0: port 2(bridge_slave_1) entered disabled state [ 430.548357][ T8701] bridge_slave_0: left allmulticast mode [ 430.556858][ T8701] bridge_slave_0: left promiscuous mode [ 430.564081][ T8701] bridge0: port 1(bridge_slave_0) entered disabled state [ 431.969789][ T8730] bpq0: entered promiscuous mode [ 433.925932][ T8775] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1115'. [ 433.936263][ T8775] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1115'. [ 434.202098][ T8775] syz_tun: entered promiscuous mode [ 434.245052][ T8775] syz_tun: left promiscuous mode [ 434.333312][ T8780] batadv_slave_1: entered allmulticast mode [ 434.367577][ T8779] batadv_slave_1: left allmulticast mode [ 435.968720][ T8815] batadv_slave_1: entered allmulticast mode [ 436.014332][ T8813] batadv_slave_1: left allmulticast mode [ 436.050211][ T8818] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1132'. [ 436.340090][ T8819] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1133'. [ 436.350852][ T8819] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1133'. [ 437.431356][ T8837] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1138'. [ 437.440631][ T8837] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1138'. [ 439.592054][ T8870] xt_hashlimit: size too large, truncated to 1048576 [ 439.652921][ T8877] : renamed from bond0 (while UP) [ 439.958619][ T8878] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1156'. [ 439.969670][ T8878] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1156'. [ 440.975252][ T8895] Set syz1 is full, maxelem 65536 reached [ 442.192622][ T8922] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1171'. [ 442.202024][ T8922] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1171'. [ 442.296121][ T8924] netlink: 'syz.1.1172': attribute type 1 has an invalid length. [ 442.373583][ T8924] xt_CT: You must specify a L4 protocol and not use inversions on it [ 443.722959][ T8951] Set syz1 is full, maxelem 65536 reached [ 443.965086][ T8958] sctp: [Deprecated]: syz.1.1179 (pid 8958) Use of struct sctp_assoc_value in delayed_ack socket option. [ 443.965086][ T8958] Use struct sctp_sack_info instead [ 444.056060][ T8961] netlink: 'syz.1.1179': attribute type 5 has an invalid length. [ 445.384945][ T8984] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1187'. [ 445.396793][ T8984] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1187'. [ 445.615183][ T8990] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1189'. [ 446.830302][ T9008] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1198'. [ 446.885831][ T9012] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1199'. [ 447.293727][ T9019] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1202'. [ 447.780892][ T9032] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1204'. [ 447.790789][ T9032] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1204'. [ 449.119413][ T9049] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1215'. [ 452.134365][ T9072] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1224'. [ 452.143854][ T9072] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1224'. [ 454.093069][ T9091] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1229'. [ 454.445763][ T9039] Set syz1 is full, maxelem 65536 reached [ 454.741360][ T3611] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 455.528004][ T9111] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1235'. [ 456.315630][ T9127] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1238'. [ 456.325818][ T9127] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1238'. [ 456.596789][ T9131] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1243'. [ 458.614154][ T9144] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 458.711182][ T9144] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 459.610022][ T9156] netlink: 'syz.3.1252': attribute type 1 has an invalid length. [ 459.690517][ T9144] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.138849][ T9144] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.446149][ T9144] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.473151][ T9144] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.499752][ T9144] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.527536][ T9144] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.831234][ T9122] Set syz1 is full, maxelem 65536 reached [ 461.675242][ T9170] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1257'. [ 461.685031][ T9170] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1257'. [ 465.350697][ T9211] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1273'. [ 465.361477][ T9211] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1273'. [ 470.393881][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 470.400577][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 470.846482][ T9230] lo speed is unknown, defaulting to 1000 [ 471.703420][ T9191] Set syz1 is full, maxelem 65536 reached [ 472.002146][ T9190] Set syz1 is full, maxelem 65536 reached [ 472.394132][ T9239] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1283'. [ 472.919150][ T9244] bond0: entered promiscuous mode [ 472.949032][ T9244] bond0: left allmulticast mode [ 472.957448][ T9244] bridge0: port 1(vlan2) entered disabled state [ 473.119297][ T9250] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1286'. [ 473.128856][ T9250] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1286'. [ 474.289481][ T9266] Set syz1 is full, maxelem 65536 reached [ 474.518824][ T9273] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1296'. [ 475.014900][ T9279] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1299'. [ 475.024441][ T9279] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1299'. [ 475.632041][ T9296] Set syz1 is full, maxelem 65536 reached [ 475.688563][ T9297] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1305'. [ 475.698369][ T9297] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1305'. [ 476.382017][ T9305] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1309'. [ 478.206884][ T9338] Set syz1 is full, maxelem 65536 reached [ 478.694520][ T9346] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1322'. [ 478.704697][ T9346] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1322'. [ 481.575466][ T9392] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1340'. [ 482.600564][ T9412] Set syz1 is full, maxelem 65536 reached [ 483.665616][ T9431] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1354'. [ 484.312585][ T9440] only policy match revision 0 supported [ 484.312671][ T9440] unable to load match [ 484.515706][ T9446] Set syz1 is full, maxelem 65536 reached [ 484.843510][ T9453] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1362'. [ 484.852962][ T9453] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1362'. [ 486.746996][ T3611] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 487.408777][ T9502] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1381'. [ 487.419372][ T9502] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1381'. [ 488.524469][ T9526] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 489.260457][ T9537] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1395'. [ 489.776277][ T9549] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1400'. [ 489.785661][ T9549] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1400'. [ 491.952064][ T9589] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1417'. [ 491.965312][ T9589] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1417'. [ 491.974558][ T9589] netlink: 'syz.2.1417': attribute type 32 has an invalid length. [ 492.304496][ T9599] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1419'. [ 492.313851][ T9599] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1419'. [ 495.232818][ T9655] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 497.628418][ T9698] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1460'. [ 497.680061][ T9698] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1460'. [ 499.699610][ T9740] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1475'. [ 499.754434][ T9740] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1475'. [ 500.223169][ T9749] lo speed is unknown, defaulting to 1000 [ 502.605445][ T9788] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1489'. [ 502.660592][ T9788] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1489'. [ 504.868582][ T9830] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1505'. [ 504.966854][ T9830] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1505'. [ 504.999914][ T9834] batadv_slave_1: entered allmulticast mode [ 505.039478][ T9833] batadv_slave_1: left allmulticast mode [ 505.523527][ T5416] IPVS: starting estimator thread 0... [ 505.530710][ T9846] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold [ 505.631570][ T9848] IPVS: using max 240 ests per chain, 12000 per kthread [ 505.662406][ T9851] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1512'. [ 505.672285][ T9851] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1512'. [ 505.764711][ T9851] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1512'. [ 506.967580][ T9876] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1520'. [ 507.000061][ T9873] netlink: 'syz.1.1519': attribute type 2 has an invalid length. [ 507.009418][ T9873] netlink: 187320 bytes leftover after parsing attributes in process `syz.1.1519'. [ 507.096184][ T9876] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1520'. [ 507.218145][ T9880] batadv_slave_1: entered allmulticast mode [ 507.265418][ T9878] batadv_slave_1: left allmulticast mode [ 507.822852][ T5416] IPVS: starting estimator thread 0... [ 507.855655][ T9893] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold [ 507.930670][ T9894] IPVS: using max 240 ests per chain, 12000 per kthread [ 508.787686][ T9906] syzkaller0: tun_chr_ioctl cmd 2147767521 [ 508.822408][ T9910] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1534'. [ 508.923361][ T9913] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1534'. [ 510.076862][ T9931] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold [ 510.352737][ T9935] syzkaller1: entered promiscuous mode [ 510.358462][ T9935] syzkaller1: entered allmulticast mode [ 511.003087][ T9953] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1547'. [ 511.115827][ T9953] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1547'. [ 511.536573][ T9964] netlink: 220 bytes leftover after parsing attributes in process `syz.1.1553'. [ 513.955461][T10012] netlink: 'syz.3.1575': attribute type 10 has an invalid length. [ 518.239983][T10087] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1603'. [ 518.731932][ T8393] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 518.822711][T10103] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1608'. [ 518.832207][T10103] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1608'. [ 520.120546][T10119] tun0: tun_chr_ioctl cmd 1074025675 [ 520.126428][T10119] tun0: persist enabled [ 520.183068][T10125] tun0: tun_chr_ioctl cmd 1074025675 [ 520.188716][T10125] tun0: persist enabled [ 520.878745][T10140] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1626'. [ 520.888587][T10140] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1626'. [ 523.486182][T10186] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1644'. [ 523.495877][T10186] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1644'. [ 524.483514][T10199] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1649'. [ 524.520434][T10199] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1649'. [ 524.686949][T10203] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 524.902460][T10203] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 525.060018][T10203] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 525.148939][T10203] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 525.423105][T10203] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 525.450501][T10203] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 525.480799][T10203] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 525.508523][T10203] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 526.043097][T10229] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1661'. [ 526.053024][T10229] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1661'. [ 526.438770][T10235] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1664'. [ 526.495849][T10235] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1664'. [ 528.172229][T10267] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1677'. [ 528.202770][T10267] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1677'. [ 529.819763][T10300] __nla_validate_parse: 2 callbacks suppressed [ 529.819841][T10300] netlink: 5 bytes leftover after parsing attributes in process `syz.0.1692'. [ 529.838711][T10300] 0猉功D: renamed from gretap0 (while UP) [ 529.890241][T10300] 0猉功D: entered allmulticast mode [ 529.897980][T10300] A link change request failed with some changes committed already. Interface 30猉功D may have been left with an inconsistent configuration, please check. [ 530.177636][T10309] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1697'. [ 530.511655][T10317] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1699'. [ 531.561608][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 531.568434][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 533.703288][T10419] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 533.888281][T10423] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1711'. [ 533.973091][T10426] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1713'. [ 534.369083][T10435] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1716'. [ 534.380235][T10435] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1716'. [ 534.742172][T10438] lo speed is unknown, defaulting to 1000 [ 536.680636][T10470] netlink: 'syz.1.1728': attribute type 2 has an invalid length. [ 536.690761][T10470] netlink: 187320 bytes leftover after parsing attributes in process `syz.1.1728'. [ 536.715210][T10476] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 539.752305][T10521] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1748'. [ 540.612548][T10542] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1759'. [ 540.626323][T10541] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1759'. [ 541.288524][T10552] tipc: Started in network mode [ 541.294237][T10552] tipc: Node identity 080211000001, cluster identity 4711 [ 541.302590][T10552] tipc: Enabled bearer , priority 0 [ 541.691735][T10557] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1764'. [ 542.218383][T10567] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1769'. [ 542.422179][ T5867] tipc: Node number set to 134418688 [ 542.647101][T10570] ip6tnl1: entered promiscuous mode [ 543.482745][T10586] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1778'. [ 544.315757][T10601] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1784'. [ 544.922340][T10615] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1791'. [ 546.064371][T10638] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1802'. [ 546.726622][T10643] 8021q: adding VLAN 0 to HW filter on device bond1 [ 546.771242][T10646] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1805'. [ 546.918654][T10652] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1806'. [ 547.542461][T10662] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1812'. [ 548.668039][T10685] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1820'. [ 548.677379][T10685] bridge_slave_1: left allmulticast mode [ 548.684986][T10685] bridge_slave_1: left promiscuous mode [ 548.691819][T10685] bridge0: port 2(bridge_slave_1) entered disabled state [ 548.784510][T10685] bridge_slave_0: left allmulticast mode [ 548.790651][T10685] bridge_slave_0: left promiscuous mode [ 548.797502][T10685] bridge0: port 1(bridge_slave_0) entered disabled state [ 548.807069][T10690] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1821'. [ 549.885170][T10709] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1830'. [ 549.894686][T10709] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1830'. [ 550.330746][T10723] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1836'. [ 550.394241][T10723] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1836'. [ 550.417724][T10725] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1837'. [ 550.733074][T10399] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 551.821816][T10746] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1846'. [ 552.133654][T10752] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1849'. [ 552.180188][T10752] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1849'. [ 552.306465][T10757] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1850'. [ 552.315809][T10757] bridge_slave_1: left allmulticast mode [ 552.321853][T10757] bridge_slave_1: left promiscuous mode [ 552.328583][T10757] bridge0: port 2(bridge_slave_1) entered disabled state [ 552.406752][T10757] bridge_slave_0: left allmulticast mode [ 552.412978][T10757] bridge_slave_0: left promiscuous mode [ 552.419703][T10757] bridge0: port 1(bridge_slave_0) entered disabled state [ 552.847792][T10764] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1853'. [ 553.188752][T10761] can: request_module (can-proto-3) failed. [ 554.577977][ T5794] Bluetooth: hci4: command 0x0c1a tx timeout [ 554.757335][T10790] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1864'. [ 554.862372][T10790] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1864'. [ 555.799355][T10804] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1870'. [ 555.846762][T10804] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1870'. [ 555.931733][T10804] xt_hashlimit: max too large, truncated to 1048576 [ 556.137104][T10810] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1873'. [ 557.031880][T10828] __nla_validate_parse: 3 callbacks suppressed [ 557.031959][T10828] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1881'. [ 557.236476][T10836] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 557.342576][T10837] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1885'. [ 557.494484][T10836] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 557.671430][T10844] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1888'. [ 557.680799][T10844] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1888'. [ 557.734212][T10836] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 557.963782][T10836] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 558.202930][T10836] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 558.229591][T10836] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 558.259266][T10836] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 558.288798][T10836] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 558.993125][T10865] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1894'. [ 559.034070][T10865] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1894'. [ 560.122120][T10881] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1902'. [ 560.131853][T10881] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1902'. [ 560.869571][T10894] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1909'. [ 560.920606][T10894] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1909'. [ 563.047047][T10932] __nla_validate_parse: 2 callbacks suppressed [ 563.047121][T10932] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1924'. [ 563.118808][T10932] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1924'. [ 564.127715][T10948] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1932'. [ 564.138000][T10948] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1932'. [ 564.735287][T10958] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1937'. [ 564.792248][T10958] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1937'. [ 566.029446][T10986] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1948'. [ 566.039334][T10986] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1948'. [ 566.054715][T10982] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1946'. [ 566.104535][T10982] gretap0: entered promiscuous mode [ 566.146459][T10985] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1946'. [ 566.156447][T10985] 0猉功D: renamed from gretap0 [ 566.174294][T10985] 0猉功D: left promiscuous mode [ 566.179569][T10985] 0猉功D: entered allmulticast mode [ 566.194386][T10985] A link change request failed with some changes committed already. Interface 30猉功D may have been left with an inconsistent configuration, please check. [ 568.097197][T11017] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1960'. [ 568.106656][T11017] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1960'. [ 568.263417][T11022] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1962'. [ 568.717072][T11029] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1964'. [ 569.219158][T11038] ax25_connect(): syz.4.1970 uses autobind, please contact jreuter@yaina.de [ 569.367349][T11047] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1971'. [ 569.376969][T11047] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1971'. [ 569.691226][T11051] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1974'. [ 569.700643][T11051] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1974'. [ 570.089064][T11058] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1978'. [ 570.329207][T11065] IPv6: Can't replace route, no match found [ 570.898084][T11078] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 571.131740][T11080] bond0: left promiscuous mode [ 571.142667][T11080] 8021q: adding VLAN 0 to HW filter on device bond0 [ 571.149691][T11080] bond0: entered allmulticast mode [ 571.255365][T11080] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 571.273522][T10775] lo speed is unknown, defaulting to 1000 [ 571.279616][T10775] lo speed is unknown, defaulting to 1000 [ 571.313266][T11082] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1987'. [ 571.950696][T11097] Set syz1 is full, maxelem 65536 reached [ 573.545234][T11127] __nla_validate_parse: 2 callbacks suppressed [ 573.545312][T11127] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2002'. [ 574.197086][T11138] netlink: 100 bytes leftover after parsing attributes in process `syz.1.2006'. [ 574.393292][T11140] Set syz1 is full, maxelem 65536 reached [ 575.721138][T11164] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2017'. [ 576.198937][T11171] netlink: 100 bytes leftover after parsing attributes in process `syz.0.2020'. [ 577.454817][T11175] Set syz1 is full, maxelem 65536 reached [ 578.834770][T11212] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2038'. [ 579.991912][T11214] Set syz1 is full, maxelem 65536 reached [ 580.418932][T11227] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2044'. [ 580.816715][T11235] netlink: 216 bytes leftover after parsing attributes in process `syz.1.2047'. [ 580.827244][T11235] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2047'. [ 580.836774][T11235] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2047'. [ 581.387168][T11243] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2051'. [ 582.455856][T11251] Set syz1 is full, maxelem 65536 reached [ 582.731384][ T4118] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 583.090710][T11267] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2057'. [ 584.013230][T11286] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2066'. [ 584.022621][T11286] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2066'. [ 584.541097][T11296] 8021q: adding VLAN 0 to HW filter on device bond1 [ 584.614086][T11298] Set syz1 is full, maxelem 65536 reached [ 585.002280][T11305] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2072'. [ 586.342262][T11336] Set syz1 is full, maxelem 65536 reached [ 588.165386][T11360] 8021q: adding VLAN 0 to HW filter on device bond2 [ 588.642683][T11377] Set syz1 is full, maxelem 65536 reached [ 590.661759][T11413] 8021q: adding VLAN 0 to HW filter on device bond0 [ 591.317495][T11431] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2119'. [ 592.772060][T11456] syzkaller0: tun_chr_ioctl cmd 2147767521 [ 592.971762][T11461] Set syz1 is full, maxelem 65536 reached [ 593.005884][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 593.013288][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 593.210645][T11466] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2132'. [ 594.280049][T11476] 8021q: adding VLAN 0 to HW filter on device bond3 [ 594.931468][T11499] syzkaller0: tun_chr_ioctl cmd 2147767521 [ 595.483085][T11505] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2145'. [ 595.857195][T11508] Set syz1 is full, maxelem 65536 reached [ 596.086600][T11515] netlink: 'syz.1.2150': attribute type 10 has an invalid length. [ 596.950228][T11527] syzkaller0: tun_chr_ioctl cmd 2147767521 [ 597.518781][T11541] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2160'. [ 597.704372][T11535] 8021q: adding VLAN 0 to HW filter on device bond4 [ 597.814328][T11549] Set syz1 is full, maxelem 65536 reached [ 598.170083][T11556] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2165'. [ 598.348915][T11558] netlink: 'syz.1.2166': attribute type 10 has an invalid length. [ 599.644050][T11576] 8021q: adding VLAN 0 to HW filter on device bond2 [ 599.826671][T11586] Set syz1 is full, maxelem 65536 reached [ 600.075214][T11590] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2178'. [ 601.429483][T11616] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 601.609565][T11616] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 601.723451][T11621] Set syz1 is full, maxelem 65536 reached [ 601.838843][T11625] netlink: 'syz.3.2189': attribute type 10 has an invalid length. [ 601.867961][T11616] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 602.002767][T11625] bond0: (slave veth2): Enslaving as an active interface with an up link [ 602.057834][T11616] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 602.423632][T11616] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 602.450511][T11616] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 602.481536][T11616] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 602.509261][T11616] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 603.445228][T11655] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2198'. [ 603.699676][T11649] 8021q: adding VLAN 0 to HW filter on device bond1 [ 605.895735][T11682] netlink: 'syz.4.2209': attribute type 10 has an invalid length. [ 606.403114][T11690] netlink: 248 bytes leftover after parsing attributes in process `syz.3.2213'. [ 608.198435][T11696] Set syz1 is full, maxelem 65536 reached [ 608.797440][T11712] 8021q: adding VLAN 0 to HW filter on device bond5 [ 609.951696][T11727] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2226'. [ 610.248723][T11729] netlink: 'syz.4.2227': attribute type 10 has an invalid length. [ 611.512037][T11742] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2233'. [ 612.896235][T11770] netlink: 'syz.2.2244': attribute type 10 has an invalid length. [ 612.912662][T11770] bond0: (slave hsr1): The slave device specified does not support setting the MAC address [ 612.925503][T11770] hsr1: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 612.940262][T11770] bond0: (slave hsr1): Error -22 calling dev_set_mtu [ 613.674170][T11778] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2248'. [ 614.629335][T11796] netlink: 100 bytes leftover after parsing attributes in process `syz.3.2257'. [ 614.731536][ T8406] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 615.120359][T11808] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2261'. [ 615.446389][T11811] netlink: 'syz.3.2264': attribute type 10 has an invalid length. [ 616.698069][T11834] netlink: 100 bytes leftover after parsing attributes in process `syz.4.2272'. [ 617.062947][T11840] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2275'. [ 617.109250][T11842] netlink: 'syz.0.2276': attribute type 10 has an invalid length. [ 617.136798][T11842] : (slave veth3): Enslaving as an active interface with an up link [ 618.571870][T11876] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2290'. [ 619.753194][T11905] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2303'. [ 621.829541][T11935] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2315'. [ 623.751620][T11970] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2329'. [ 624.324536][T11981] dccp_invalid_packet: P.Data Offset(0) too small [ 624.787919][T11994] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 624.943604][T12000] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2344'. [ 626.203531][T12021] dccp_invalid_packet: P.Data Offset(0) too small [ 626.541624][T12027] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 627.415299][T12047] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2364'. [ 627.687305][T12051] Process accounting resumed [ 627.770288][T12053] dccp_invalid_packet: P.Data Offset(0) too small [ 628.723377][T12072] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2374'. [ 628.733017][T12072] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2374'. [ 628.779624][T12073] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2376'. [ 628.790496][T12073] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2376'. [ 629.081379][T12078] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2378'. [ 630.137312][T12107] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2391'. [ 630.146764][T12107] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2391'. [ 630.282827][T12108] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2392'. [ 630.292360][T12108] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2392'. [ 630.342807][T12110] netlink: 'syz.2.2393': attribute type 1 has an invalid length. [ 631.510478][T12139] netlink: 'syz.1.2406': attribute type 1 has an invalid length. [ 632.953461][T12168] Set syz1 is full, maxelem 65536 reached [ 632.995431][T12171] __nla_validate_parse: 4 callbacks suppressed [ 632.995511][T12171] netlink: 200 bytes leftover after parsing attributes in process `syz.0.2420'. [ 633.045679][T12174] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2422'. [ 634.335771][T12198] Set syz1 is full, maxelem 65536 reached [ 634.761619][T12205] netlink: 200 bytes leftover after parsing attributes in process `syz.1.2436'. [ 636.020084][T12230] Set syz1 is full, maxelem 65536 reached [ 636.561775][T12237] netlink: 200 bytes leftover after parsing attributes in process `syz.4.2451'. [ 638.145402][T12256] dccp_invalid_packet: P.Data Offset(0) too small [ 638.377642][T12259] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2462'. [ 638.459441][T12260] Set syz1 is full, maxelem 65536 reached [ 638.952929][T12271] syzkaller1: entered promiscuous mode [ 638.958756][T12271] syzkaller1: entered allmulticast mode [ 639.839168][T12289] ksmbd: Unknown IPC event: 0, ignore. [ 640.175449][T12296] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2475'. [ 640.405559][T12299] Set syz1 is full, maxelem 65536 reached [ 643.546803][T12320] loop0: detected capacity change from 0 to 64 [ 643.673166][T12320] hfs: walked past end of dir [ 643.965325][T12312] loop2: detected capacity change from 0 to 32768 [ 644.010379][T12312] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.2482 (12312) [ 644.070062][T12312] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 644.081059][T12312] BTRFS info (device loop2): using sha256 (sha256-generic) checksum algorithm [ 644.092877][T12312] BTRFS info (device loop2): using free-space-tree [ 644.409384][ T8406] BTRFS warning (device loop2): checksum verify failed on logical 5292032 mirror 1 wanted 0x71e9986adce26f47d358c48a094a2713636d7db020873728b415408513a17a00 found 0x71e9986adce26f47d358c48a094a2713636d7db020873728b415408513a1db55 level 0 [ 644.447392][T12312] BTRFS warning (device loop2): failed to read root (objectid=9): -5 [ 644.553416][T12312] BTRFS error (device loop2): open_ctree failed: -5 [ 645.792780][T12337] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2487'. [ 646.100456][T12339] Set syz1 is full, maxelem 65536 reached [ 646.219365][T12341] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2489'. [ 646.688868][T12323] loop0: detected capacity change from 0 to 32768 [ 646.728897][T12351] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2494'. [ 646.770967][ T13] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 646.823824][T12323] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 646.919715][ T5794] Bluetooth: hci4: unexpected event for opcode 0x2002 [ 647.327011][T12323] XFS (loop0): Ending clean mount [ 647.610328][ T5797] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 647.719491][T12372] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 647.754291][T12374] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2500'. [ 648.072143][T12376] Set syz1 is full, maxelem 65536 reached [ 650.972349][ T5794] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 650.981334][ T5794] Bluetooth: hci4: Injecting HCI hardware error event [ 650.990024][ T5794] Bluetooth: hci4: hardware error 0x00 [ 652.284756][T12403] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2510'. [ 653.051225][ T5794] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 653.938927][T12407] loop4: detected capacity change from 0 to 1024 [ 653.984843][T12407] EXT4-fs: Ignoring removed oldalloc option [ 653.991785][T12407] EXT4-fs: Ignoring removed nobh option [ 653.997685][T12407] EXT4-fs: Ignoring removed bh option [ 654.052149][T12411] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 654.219278][T12407] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 654.227329][T12416] Set syz1 is full, maxelem 65536 reached [ 654.301478][ T29] audit: type=1800 audit(1739674694.760:123): pid=12407 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2511" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 654.435824][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 654.442631][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 654.504495][ T5790] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 655.617615][T12434] loop4: detected capacity change from 0 to 512 [ 655.636043][T12432] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2522'. [ 657.211450][ T5844] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 657.236296][T12447] Set syz1 is full, maxelem 65536 reached [ 657.381124][ T5844] usb 3-1: Using ep0 maxpacket: 32 [ 657.423240][ T5844] usb 3-1: config 0 has an invalid interface number: 108 but max is 0 [ 657.432035][ T5844] usb 3-1: config 0 has no interface number 0 [ 657.438470][ T5844] usb 3-1: config 0 interface 108 altsetting 180 endpoint 0x2 has invalid wMaxPacketSize 0 [ 657.448801][ T5844] usb 3-1: config 0 interface 108 altsetting 180 bulk endpoint 0x2 has invalid maxpacket 0 [ 657.460025][ T5844] usb 3-1: config 0 interface 108 has no altsetting 0 [ 657.524485][ T5844] usb 3-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=97.c3 [ 657.534686][ T5844] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 657.543139][ T5844] usb 3-1: Product: syz [ 657.547524][ T5844] usb 3-1: Manufacturer: syz [ 657.552469][ T5844] usb 3-1: SerialNumber: syz [ 657.610803][ T5844] usb 3-1: config 0 descriptor?? [ 657.627087][ T5844] ttusbir 3-1:0.108: cannot find expected altsetting [ 657.685479][T12451] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 657.900186][ T5844] usb 3-1: USB disconnect, device number 10 [ 658.634494][T12464] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2535'. [ 659.191650][ T5844] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 659.319812][T12445] loop4: detected capacity change from 0 to 32768 [ 659.395152][ T5844] usb 4-1: Using ep0 maxpacket: 16 [ 659.423130][ T5844] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 659.434591][ T5844] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 659.444946][ T5844] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 659.454470][ T5844] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 659.525429][ T5844] usb 4-1: config 0 descriptor?? [ 659.620193][T12445] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow [ 659.636287][T12445] bcachefs (loop4): initializing new filesystem [ 659.655595][T12486] Set syz1 is full, maxelem 65536 reached [ 659.727709][T12487] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 659.763764][T12445] bcachefs (loop4): going read-write [ 659.875873][T12445] bcachefs (loop4): marking superblocks [ 659.933428][T12487] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 659.998160][ T5844] appleir 0003:05AC:8241.0004: unknown main item tag 0x0 [ 660.005826][ T5844] appleir 0003:05AC:8241.0004: unknown main item tag 0x0 [ 660.013373][ T5844] appleir 0003:05AC:8241.0004: unknown main item tag 0x0 [ 660.023452][ T5844] appleir 0003:05AC:8241.0004: unknown main item tag 0x0 [ 660.030917][ T5844] appleir 0003:05AC:8241.0004: unknown main item tag 0x0 [ 660.058082][T12487] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 660.095018][ T3577] ===================================================== [ 660.097074][ T5844] appleir 0003:05AC:8241.0004: No inputs registered, leaving [ 660.103186][ T3577] BUG: KMSAN: uninit-value in bch2_alloc_v4_validate+0x73f/0x1c10 [ 660.118334][ T3577] bch2_alloc_v4_validate+0x73f/0x1c10 [ 660.126585][ T3577] bch2_bkey_val_validate+0x357/0x530 [ 660.134819][ T3577] validate_bset_keys+0x20e3/0x2350 [ 660.140200][ T3577] validate_bset_for_write+0x2b3/0x410 [ 660.145922][ T5844] appleir 0003:05AC:8241.0004: hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.3-1/input0 [ 660.159563][ T3577] __bch2_btree_node_write+0x5436/0x6870 [ 660.166347][ T3577] bch2_btree_node_write_trans+0x2fd/0x890 [ 660.173717][ T3577] btree_interior_update_work+0x3c02/0x48c0 [ 660.179831][ T3577] process_scheduled_works+0xc1a/0x1e80 [ 660.186978][ T3577] worker_thread+0xea7/0x14f0 [ 660.192188][ T3577] kthread+0x6b9/0xef0 [ 660.196436][ T3577] ret_from_fork+0x6d/0x90 [ 660.201277][ T3577] ret_from_fork_asm+0x1a/0x30 [ 660.206219][ T3577] [ 660.208642][ T3577] Uninit was stored to memory at: [ 660.214106][ T3577] bch2_alloc_v4_validate+0x215/0x1c10 [ 660.219782][ T3577] bch2_bkey_val_validate+0x357/0x530 [ 660.228914][ T3577] validate_bset_keys+0x20e3/0x2350 [ 660.236089][ T3577] validate_bset_for_write+0x2b3/0x410 [ 660.241849][ T3577] __bch2_btree_node_write+0x5436/0x6870 [ 660.247684][ T3577] bch2_btree_node_write_trans+0x2fd/0x890 [ 660.253847][ T3577] btree_interior_update_work+0x3c02/0x48c0 [ 660.259956][ T3577] process_scheduled_works+0xc1a/0x1e80 [ 660.265944][ T3577] worker_thread+0xea7/0x14f0 [ 660.270793][ T3577] kthread+0x6b9/0xef0 [ 660.275165][ T3577] ret_from_fork+0x6d/0x90 [ 660.279782][ T3577] ret_from_fork_asm+0x1a/0x30 [ 660.284892][ T3577] [ 660.287314][ T3577] Uninit was stored to memory at: [ 660.292731][ T3577] bch2_sort_keys_keep_unwritten_whiteouts+0x14ab/0x1840 [ 660.299976][ T3577] __bch2_btree_node_write+0x3b3f/0x6870 [ 660.305899][ T3577] bch2_btree_node_write_trans+0x2fd/0x890 [ 660.312047][ T3577] btree_interior_update_work+0x3c02/0x48c0 [ 660.318149][ T3577] process_scheduled_works+0xc1a/0x1e80 [ 660.324137][ T3577] worker_thread+0xea7/0x14f0 [ 660.330774][ T3577] kthread+0x6b9/0xef0 [ 660.336792][ T3577] ret_from_fork+0x6d/0x90 [ 660.341562][ T3577] ret_from_fork_asm+0x1a/0x30 [ 660.346507][ T3577] [ 660.348934][ T3577] Uninit was created at: [ 660.353582][ T3577] ___kmalloc_large_node+0x22c/0x370 [ 660.359053][ T3577] __kmalloc_large_node_noprof+0x3f/0x1e0 [ 660.365101][ T3577] __kmalloc_node_noprof+0xc96/0x1250 [ 660.370658][ T3577] __kvmalloc_node_noprof+0xc0/0x2d0 [ 660.376279][ T3577] __bch2_btree_node_mem_alloc+0x2be/0xa80 [ 660.377916][ T5844] usb 4-1: USB disconnect, device number 18 [ 660.382453][ T3577] bch2_fs_btree_cache_init+0x4f0/0xb60 [ 660.394305][ T3577] bch2_fs_open+0x4d84/0x5ba0 [ 660.399194][ T3577] bch2_fs_get_tree+0x98a/0x24e0 [ 660.404471][ T3577] vfs_get_tree+0xb1/0x5a0 [ 660.409078][ T3577] do_new_mount+0x71f/0x15e0 [ 660.414013][ T3577] path_mount+0x742/0x1f10 [ 660.418663][ T3577] __se_sys_mount+0x71f/0x800 [ 660.423649][ T3577] __x64_sys_mount+0xe4/0x150 [ 660.428582][ T3577] x64_sys_call+0x39bf/0x3c30 [ 660.435307][ T3577] do_syscall_64+0xcd/0x1e0 [ 660.439988][ T3577] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.447827][ T3577] [ 660.450257][ T3577] CPU: 1 UID: 0 PID: 3577 Comm: kworker/u8:10 Not tainted 6.14.0-rc2-syzkaller-00281-g496659003dac #0 [ 660.461720][ T3577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 660.472041][ T3577] Workqueue: btree_update btree_interior_update_work [ 660.478950][ T3577] ===================================================== [ 660.486342][ T3577] Disabling lock debugging due to kernel taint [ 660.492790][ T3577] Kernel panic - not syncing: kmsan.panic set ... [ 660.499350][ T3577] CPU: 1 UID: 0 PID: 3577 Comm: kworker/u8:10 Tainted: G B 6.14.0-rc2-syzkaller-00281-g496659003dac #0 [ 660.511982][ T3577] Tainted: [B]=BAD_PAGE [ 660.516245][ T3577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 660.526468][ T3577] Workqueue: btree_update btree_interior_update_work [ 660.533404][ T3577] Call Trace: [ 660.536805][ T3577] [ 660.539854][ T3577] dump_stack_lvl+0x216/0x2d0 [ 660.544720][ T3577] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 660.550759][ T3577] dump_stack+0x1e/0x24 [ 660.555075][ T3577] panic+0x4e2/0xcf0 [ 660.559178][ T3577] ? kmsan_get_metadata+0x81/0x1c0 [ 660.564515][ T3577] kmsan_report+0x2c7/0x2d0 [ 660.569220][ T3577] ? __msan_memcpy+0x108/0x1c0 [ 660.574177][ T3577] ? btree_interior_update_work+0x3c02/0x48c0 [ 660.580552][ T3577] ? ret_from_fork+0x6d/0x90 [ 660.585331][ T3577] ? ret_from_fork_asm+0x1a/0x30 [ 660.590472][ T3577] ? kmsan_get_metadata+0x13e/0x1c0 [ 660.595894][ T3577] ? __msan_warning+0x95/0x120 [ 660.600850][ T3577] ? bch2_alloc_v4_validate+0x73f/0x1c10 [ 660.606712][ T3577] ? bch2_bkey_val_validate+0x357/0x530 [ 660.612526][ T3577] ? validate_bset_keys+0x20e3/0x2350 [ 660.618088][ T3577] ? validate_bset_for_write+0x2b3/0x410 [ 660.623917][ T3577] ? __bch2_btree_node_write+0x5436/0x6870 [ 660.629922][ T3577] ? bch2_btree_node_write_trans+0x2fd/0x890 [ 660.636094][ T3577] ? btree_interior_update_work+0x3c02/0x48c0 [ 660.642378][ T3577] ? process_scheduled_works+0xc1a/0x1e80 [ 660.648325][ T3577] ? worker_thread+0xea7/0x14f0 [ 660.653344][ T3577] ? kthread+0x6b9/0xef0 [ 660.657781][ T3577] ? ret_from_fork+0x6d/0x90 [ 660.662561][ T3577] ? ret_from_fork_asm+0x1a/0x30 [ 660.667682][ T3577] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 660.673717][ T3577] ? kmsan_get_metadata+0x13e/0x1c0 [ 660.679137][ T3577] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 660.685698][ T3577] ? kmsan_get_metadata+0x13e/0x1c0 [ 660.691124][ T3577] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 660.697168][ T3577] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 660.703215][ T3577] ? kmsan_get_metadata+0x13e/0x1c0 [ 660.708627][ T3577] ? kmsan_internal_memmove_metadata+0x17b/0x230 [ 660.715172][ T3577] ? kmsan_get_metadata+0x13e/0x1c0 [ 660.720598][ T3577] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 660.726636][ T3577] __msan_warning+0x95/0x120 [ 660.731421][ T3577] bch2_alloc_v4_validate+0x73f/0x1c10 [ 660.737138][ T3577] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 660.743171][ T3577] ? __pfx_bch2_alloc_v4_validate+0x10/0x10 [ 660.749299][ T3577] bch2_bkey_val_validate+0x357/0x530 [ 660.754883][ T3577] validate_bset_keys+0x20e3/0x2350 [ 660.760334][ T3577] validate_bset_for_write+0x2b3/0x410 [ 660.766003][ T3577] __bch2_btree_node_write+0x5436/0x6870 [ 660.771848][ T3577] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 660.777885][ T3577] ? kmsan_get_metadata+0x13e/0x1c0 [ 660.783296][ T3577] ? kmsan_get_metadata+0x13e/0x1c0 [ 660.788772][ T3577] bch2_btree_node_write_trans+0x2fd/0x890 [ 660.794804][ T3577] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 660.800837][ T3577] btree_interior_update_work+0x3c02/0x48c0 [ 660.806997][ T3577] ? btree_interior_update_work+0x39b6/0x48c0 [ 660.813296][ T3577] ? __pfx_btree_interior_update_work+0x10/0x10 [ 660.819763][ T3577] process_scheduled_works+0xc1a/0x1e80 [ 660.825587][ T3577] worker_thread+0xea7/0x14f0 [ 660.830466][ T3577] kthread+0x6b9/0xef0 [ 660.834737][ T3577] ? __pfx_worker_thread+0x10/0x10 [ 660.840045][ T3577] ? __pfx_kthread+0x10/0x10 [ 660.844823][ T3577] ret_from_fork+0x6d/0x90 [ 660.849425][ T3577] ? __pfx_kthread+0x10/0x10 [ 660.854200][ T3577] ret_from_fork_asm+0x1a/0x30 [ 660.859162][ T3577] [ 660.862555][ T3577] Kernel Offset: disabled [ 660.866954][ T3577] Rebooting in 86400 seconds..