last executing test programs: 5m49.439500181s ago: executing program 1 (id=1579): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x4) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff4000/0x9000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, 0x0, 0x42}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc89e, 0xc000, 0x8, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x10113}], 0x1) 5m49.144698647s ago: executing program 1 (id=1582): socket$nl_netfilter(0x10, 0x3, 0xc) socket$kcm(0x23, 0x5, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x832f, 0xc000, 0x7, 0x20002f3}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x0, 0xffff}}}, 0x24}}, 0x0) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='8', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845) io_uring_enter(r0, 0x1002219, 0x7721, 0x52, 0x0, 0x0) 5m48.82076841s ago: executing program 1 (id=1586): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000738000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000530000/0x3000)=nil, 0x0, 0x0, r1}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x400c804) r2 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) pselect6(0x40, &(0x7f0000000100), &(0x7f0000000000)={0x1f}, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000004"], 0x50) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) 5m47.796017044s ago: executing program 1 (id=1598): r0 = epoll_create(0x7) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='mountinfo\x00') epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x90000014}) sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, 0x0, 0x40) socket$inet6_udp(0xa, 0x2, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000002280)='./file0\x00', 0x0, 0x0, 0x1, 0x0, 0x0) mount$bind(&(0x7f0000000280)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) chroot(&(0x7f0000000580)='./file0/../file0\x00') mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000008c0)='./file0\x00', 0x0, 0x2a05004, 0x0) pivot_root(&(0x7f0000000600)='./file0\x00', &(0x7f00000001c0)='./file0/../file0\x00') 5m47.543933797s ago: executing program 1 (id=1600): bind$tipc(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000005580)=""/102392, 0x18ff8) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="380000000314010026bd700006dbdf250900020073797a300000000008004100736977001400330077673100"], 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0xedbde134798091f0) 5m44.040697454s ago: executing program 1 (id=1620): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050027bd7000000000000600000008000300", @ANYRES32=r3, @ANYBLOB="08004d01"], 0x24}, 0x1, 0x0, 0x0, 0x20040091}, 0x4) 5m42.036186597s ago: executing program 32 (id=1620): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050027bd7000000000000600000008000300", @ANYRES32=r3, @ANYBLOB="08004d01"], 0x24}, 0x1, 0x0, 0x0, 0x20040091}, 0x4) 5m16.692274813s ago: executing program 6 (id=1712): socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xf, 0x4, 0x4, 0x16, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) syz_clone3(&(0x7f0000000080)={0x180801400, &(0x7f0000000000), 0x0, 0x0, {0x3d}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pselect6(0x40, &(0x7f0000000240)={0x8, 0x2, 0x1ff, 0x80007d, 0xffffffff, 0x8000000008000, 0x8, 0x1000000001}, 0x0, &(0x7f0000000100)={0x3ff, 0x6, 0xffffffff, 0x1, 0x10000002, 0xb, 0xffffffffffffffff, 0x40000}, 0x0, 0x0) 5m14.350646086s ago: executing program 6 (id=1719): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d491009b3426c8928f3d97cb", 0x10) r2 = accept4(r1, 0x0, 0x0, 0x0) read$alg(r2, &(0x7f0000000000)=""/35, 0x23) recvmsg$qrtr(r2, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001080)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x2000}, 0x1c, 0x0) 5m12.834885533s ago: executing program 6 (id=1726): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x8}, {0xfff1, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x2c, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@TCA_CHAIN={0x8, 0xb, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008180}, 0x800) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x20, &(0x7f00000001c0)={&(0x7f0000000000)=@delchain={0x24, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}, 0x1, 0x0, 0x0, 0x4008000}, 0x0) 5m11.280179684s ago: executing program 6 (id=1729): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./bus\x00', 0x20081e, &(0x7f0000000040)={[{@nodelalloc}, {@orlov}, {@auto_da_alloc}]}, 0x1, 0x4ef, &(0x7f00000003c0)="$eJzs3U1vW1kZAODXzpeTyUwywywAAVOGgYKqOonbRlUXUFYIoUqILkFqQ+JGUew4ip3ShC7S/4BEJVaw5Aew7oo9GwQ7NmWBxEcEaiqxMLrXN6mb2k1oEjuKn0e6uvfcY/s9J849x36d+AQwsC5FxE5EjEbE/YiYys7nsi1ut7bkdi92Hy/u7T5ezEWzefefubQ+ORdt90m8lz1mISJ+9L2In+bejFvf2l5dqFTKG63i+Eyjuj5T39q+ulJdWC4vl9dKpfm5+dmb126UTq2vn1RHs6MvP//Dzrd+njRrMjvT3o/T1Or6yEGcxHBE/OAsgvXBUNaf0X43hHeSj4iPIuLT9PqfiqH02QQALrJmcyqaU+1lAOCiy6c5sFy+mOUCJiOfLxZbObyPYyJfqdUbVx7UNteWWrmy6RjJP1iplGezXOF0jOSS8lx6/KpcOlS+FhEfRsQvxsbTcnGxVlnq5wsfABhg7x2a//8z1pr/AYALrtDvBgAAPWf+B4DBY/4HgMFj/geAwWP+B4DBY/4HgMFj/geAgfLDO3eSrbmXff/10sOtzdXaw6tL5fpqsbq5WFysbawXl2u15fQ7e6pHPV6lVlufux6bj6a/vV5vzNS3tu9Va5trjXvp93rfK4/0pFcAwNt8+MmzP+ciYufWeLpF21oO5mq42PL9bgDQN0P9bgDQN1b7gsF1gvf40gNwQXRYovc1hYgYP3yy2Ww2z65JwBm7/AX5fxhUbfl/fwUMA0b+HwaX/D8MrmYzd9w1/+O4NwQAzjc5fqDL5/8fZfvfZh8O/GTp8C2enmWrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HzbX/+3mK0FPhn5fLEY8X5ETMdI7sFKpTwbER9ExJ/GRsaS8lyf2wwAnFT+b7ls/a/LU59NHq4dzb0cS/cR8bNf3f3lo4VGY+OPyfl/HZxvPM3Ol/rRfgDgKPvzdLpveyP/Yvfx4v7Wy/b8/bsRUWjF39sdjb2D+MMxnO4LMRIRE//OZeWWXFvu4iR2nkTE5zv1PxeTaQ6ktfLp4fhJ7Pd7Gj//Wvx8WtfaJz+Lz51CW2DQPEvGn9udrr98XEr3na//QjpCnVw2/iUPtbiXjoGv4u+Pf0Ndxr9Lx41x/fffbx2Nv1n3JOKLwxH7sffaxp/9+Lku8T87Zvy/fOkrn3ara/464nJ0jt8ea6ZRXZ+pb21fXakuLJeXy2ul0vzc/OzNazdKM2mOeqb7bPCPW1c+6FaX9H+iS/zCEf3/+jH7/5v/3v/xV98S/5tf6xQ/Hx+/JX4yJ37jmPEXJn5X6FaXxF/q0v+jnv8rx4z//K/bbywbDgD0T31re3WhUilv9PJg/4VET4M6uAAHyW/NOWhGx4Pv9CrWaPxf92o23ylWtxHjNLJuwHlwcNFHxMt+NwYAAAAAAAAAAAAAAOioF/+x1O8+AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHH9LwAA//89fM7W") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0xc41, 0x20) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000100)='./bus\x00', 0x0, 0x63d014, 0x0) r2 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r2, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0xc0185879, 0x0) truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000000), 0x1, 0x522, &(0x7f0000000680)="$eJzs3U9sY0cZAPDvvSRr7zZtUugBUKFLKSxotXbibaOqF8qpQggJ0SOHbUicKIodR7FTmrCH7JE7EpU4wYkzByQOSD1xR+IANy7lgFRgBWqQkDDys504f7y2snHcxr+f9OR5M7a/mbXejPV58yaAiXU7Ig4i4kZEvBMRc536pHPEm+2j9byPHz9cOXz8cCWJZvPtfyRZe6suel7T8kznPfMR8f23In6YnAr6x4j63v7mcqVS3ulUFRvV7WJ9b//eRnV5vbxe3iqVlhaXFl6//1rp0sb6UvXXH92MiN/99osf/uHgGz9udWu209Y7jsvUHvrMUZyW6Yj4ziiCjcFUZzw3LvLiC72Iy5RGxGci4uXs+p+LqezTPOnkx/TNK+wdADAKzeZcNOd6zwGA6y7NcmBJWujkAmYjTQuFdg7vhbiVVmr1xt212u7WajtXNh8z6dpGpbzQyRXOx0yytjFdXszK3fNKuZScPL8fEc9HxE9zN7PzwkqtsjrOLz4AMMGeObX+/zvXXv8BgGsuf1zMjbMfAMDVyY+7AwDAlbP+A8Dksf4DwOSx/gPA5LH+A8Dksf4DwET53ne7i3/7/ter7+7tbtbevbdarm8WqrsrhZXaznZhvVZbz+7ZUx30fpVabXvx1dh9r9go1xvF+t7+g2ptd6vxILuv94PyzMhHBAAM8vxLH/w5iYiDN25mR/Tc73/gWv3iqHsHjFI67g4AYzM17g4AY3N2ty9gUsjHw+T6X7PZjJ69eyPi0VGp52agff+L0PtDhUntGwqfPHc+/xT5f+BTTf4fJtfF8v++y8N1IP8Pk6vZTOz5DwATRo4fSAa09/7+v9DsORnu938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4lmazI0kLnb3AZyNNC4WIZyNiPmaStY1KeSEinouIP+Vmcq3zxYiwbxAAfJqlf0s6+3/dmXtl9nTrjdx/ctljRPzo52//7L3lRmNnMeJG8s+j+sb7nfrSOPoPAAzSXae763jXx48frnSPq+zPR99qby7ainvYOdot0zGdPeazXMOtfyWd87bW95WpS4h/8CgiPnfe+JMsNzLf2fn0dPxW7GevNH56In6atbUfW/8Wn72EvsCk+aA1/7x53vWXxu3s8fzrP5/NUE+vO/8dnpn/0qP5b6rP/Hd72Biv/v7bZyqbc+22RxFfmI447L55z/zTjZ/0if/KkPH/8uKXXu7X1vxFxJ04b/zJiVjFRnW7WN/bv7dRXV4vr5e3SqWlxaWF1++/VipmOepiN1N91t/fuPtcv/it8d/qEz8/YPxfHXL8v/zvOz/48hPif/0r53/+LzwhfmtN/NqQ8Zdv/Sbfr60Vf7XP+Ad9/neHjP/hX/dXz1QO2nAcABiZ+t7+5nKlUt55+kL+ic9JLyPEEIUk4mDEIY4LuV/95K3BT85dWX8uWIh+TVOflB5em0LuuCYZ9lX5y71OhyyMe2YCRu34oh93TwAAAAAAAAAAAAAAgH6u4s+Jxj1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArq//BwAA//82eNCr") fallocate(r0, 0x20, 0x4000, 0x3000000) 5m9.217370214s ago: executing program 6 (id=1739): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = add_key$fscrypt_provisioning(&(0x7f0000000380), &(0x7f0000000600)={'syz', 0x1}, &(0x7f0000000640)={0x1, 0x0, @b}, 0x48, 0xfffffffffffffffc) keyctl$chown(0x4, r2, 0x0, 0x0) 5m6.951797543s ago: executing program 6 (id=1745): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10) bind$tipc(r1, &(0x7f0000000440)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x3}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10) bind$tipc(r0, 0x0, 0x0) 5m5.865166s ago: executing program 33 (id=1745): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10) bind$tipc(r1, &(0x7f0000000440)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x3}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10) bind$tipc(r0, 0x0, 0x0) 2m39.642924716s ago: executing program 3 (id=2160): r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$usbfs(0x0, 0x77, 0x101301) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000600)={0xa0000013}) ppoll(&(0x7f0000000080)=[{r2, 0x1521}], 0x1, 0x0, 0x0, 0x0) close_range(r0, r1, 0x0) 2m37.054291765s ago: executing program 3 (id=2167): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x1e, 0x4, 0x0) connect$tipc(r3, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) sendmmsg$unix(r3, &(0x7f0000004400), 0x400000000000203, 0x0) 2m30.796670626s ago: executing program 3 (id=2177): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040), 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) 2m30.229403138s ago: executing program 3 (id=2181): mkdir(&(0x7f0000000080)='./file1\x00', 0x8) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f00000000c0)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f00000003c0)={0x8000000000000000, 0x4, 0x0, 0x3, 0x24, 0x6, 0x6, 0xfffffffffffffffc, 0x100fff}) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000000)='./bus\x00') creat(&(0x7f0000000ac0)='./file0\x00', 0x0) 2m28.041651954s ago: executing program 3 (id=2186): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) r4 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0xd3f, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0xfff1, 0xffe0}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6}, {0x4}}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x1}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) sendmsg$NL80211_CMD_START_P2P_DEVICE(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)={0x1c, 0x0, 0x1, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0xc000}, 0x0) r6 = socket(0x10, 0x3, 0x0) sendmmsg(r6, &(0x7f0000000000), 0x4000000000001f2, 0x0) 2m23.439978831s ago: executing program 3 (id=2194): socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r2 = io_uring_setup(0x64a, &(0x7f0000000040)={0x0, 0x8835c, 0xc000, 0x20000a, 0x33c}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x8, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0x4}, {0xe, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) r3 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) 2m8.068571197s ago: executing program 34 (id=2194): socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r2 = io_uring_setup(0x64a, &(0x7f0000000040)={0x0, 0x8835c, 0xc000, 0x20000a, 0x33c}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x8, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0x4}, {0xe, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) r3 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) 1m41.844959398s ago: executing program 7 (id=2270): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) landlock_create_ruleset(0x0, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c00)=ANY=[@ANYBLOB="14000000100001000000ddffffff00000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000d50900010073797a3000000000080003400000000114000000110001"], 0x64}}, 0x0) sendmsg$NFT_MSG_GETOBJ(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c000000150a0102"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x4389cf13bdbf833b, 0x0, 0x0, {0x5, 0x0, 0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}, 0x1, 0x0, 0x0, 0x40800}, 0x4000) recvmmsg(r1, &(0x7f0000004f40)=[{{0x0, 0x0, 0x0}, 0xff}], 0x1, 0x40000102, 0x0) 1m41.187563254s ago: executing program 7 (id=2273): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) syz_emit_ethernet(0x32, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x2, 0x9c, 0x0, @val=0x80}}}}}}}, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180200000000000000000000000000001800000001000400000000000700000095"], &(0x7f0000000200)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r1, &(0x7f0000000440), &(0x7f0000000040)=@udp=r0}, 0x20) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x21) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) recvmmsg(r0, &(0x7f0000003280)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/205, 0xcd}], 0x1}, 0x9}], 0x1, 0x7, 0x0) 1m34.269803128s ago: executing program 7 (id=2291): syz_socket_connect_nvme_tcp() io_setup(0x141, 0x0) io_getevents(0x0, 0x6, 0x0, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x48, 0x14, 0x509, 0x70bd2c, 0x0, {0x2, 0x18, 0x0, 0x0, r2}, [@IFA_BROADCAST={0x8, 0x4, @empty}, @IFA_LOCAL={0x8, 0x2, @multicast2}, @IFA_ADDRESS={0x8, 0x1, @remote}, @IFA_RT_PRIORITY={0x8, 0x9, 0x2}, @IFA_FLAGS={0x8}, @IFA_LOCAL={0x8, 0x2, @multicast1}]}, 0x48}}, 0x4000) r3 = socket$nl_route(0x10, 0x3, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0xa0142, 0x0) sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x70}}, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x891c, &(0x7f0000000540)={'batadv_slave_1\x00', {0x2, 0x0, @empty}}) 1m33.624483722s ago: executing program 7 (id=2283): syz_mount_image$exfat(&(0x7f0000000200), &(0x7f0000001540)='./file1\x00', 0x1000000, &(0x7f00000000c0)=ANY=[@ANYBLOB='iocharset=cp1251,utf8,allow_utime=00000000000000000000016,gid=', @ANYRESHEX=0x0, @ANYBLOB], 0x5, 0x14ec, &(0x7f0000003fc0)="$eJzs3AuYT9X6OPD1rrU2Y5r0bZL7ete7+abBMkmSS5JckiQJyT0haZIkSWLILQlJyHWSXMaE5DKYNO73S+6hyZEkSW65hfV/dDrHOaf+j99zfv2P/3nm/TzPema9e3/fd6897zPz3XvPM98fug6r0bhm1QZEJP4d6m8T+OuXZCFEjBBioBDiJiFEIIQoG182/sr+XAqS/62DsP9HGqZe7xWw64n7n71x/7M37n/2xv3P3rj/2Rv3P3vj/mdv3H/GsrW0AjfzyL6Dn/9nZ/z+/99P/y9yuf/ZG/c/e+P+Z2/c/+yN+5+9cf+zN+5/9sb9Zyxb+//gGfSfN/72LOx6r+O/aDDGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY/8B5/xVWgjxt/n1XhdjjDHGGGOMMcb+PD7nH27+462MMcYYY4wxxhj7LwVCCiW0CEQOkVPEiFwiVtwg4sSNIre4SUTEzSJe3CLyiFtFXpFP5BcFREFRSBQWRqCwgkQoioiiIipuE8XE7SJBFBclREnhRCmRKO4QpcWdooy4S5QVd4ty4h5RXlQQFUUlca+oLO4TVcT9oqp4QFQT1UUNUVM8KGqJh0Rt8bCoIx4RdcWjop54TNQXj4sGoqFoJJ4QjcWTooloKpqJ5qKFaCla/Vv5r4ke4nXRU/QSyaK36CPeEH1FP9FfDBADxZtikHhLDBZviyFiqBgm3hHDxbtihHhPjBSjxGjxvhgjxopxYryYICaKFPGBmCQ+FJPFR2KKmCqmiekiVcwQaeJjMVPMErPFJ2KO+FTMFfPEfLFApIuFYpFYLDLEZ2KJ+FxkiqVimVguVoiVYpVYLdaItWKdWC82iI1ik9gstogvxFaxTWwXO8ROsUvsFl+KPWKv2Ce+Elni69/yc/zWy2vln/2X/G4gQIAECRo05IAcEAMxEAuxEAdxkBtyQwQiEA/xkAfyQF7IC/khPxSEglAYCgMCAgFBESgCUYhCMSgGCZAAJaAEOHCQCIlQGu6EMlAGykJZKAfloDxUgApQCSpBZagMVaAKVIWqUA2qQQ2oAQ/Cg/AQ1IbaUAfqQF2oC/WgHtSH+tAAGkAjaASNoTE0gSbQDJpBC2gBraAVtIbW0AbaQDtoB+2hPXSADpAESdAROkIn6ASdoTN0gS7QFbpCN3gVXoXX4DV4HV6HXlBN9oY+0Af6Ql/oDwNgALwJg+AteAvehiEwFIbBO/AOvAsj4AyMhFEwGkZDZTkWxsF4IDkRUiAFJsEkmAyTYQpMhakwHVJhBqRBGsyEWTALPoE58Cl8CvNgHiyAdEiHRbAYMiADlsBZyISlsAyWwwpYCStgNayB1bAO1sM62AgbYTNshi/gC9gG22AH7IBdsAu+hC9hL+yFIZAFWbAf9sMBOAAH4SAcgkNwGA7DETgCR+EoHINjcBxOwEk4AafhNJyBs3AOzsEFuAAX4SJchstXfvjlFVpqmUPmkDEyRsbKWBkn42RumVtGZETGy3iZR+aReWVemV/mlwVlQVlYFpYoUZIMZRFZREZlVBaTxWSCTJAlZAnppJOJMlGWlqVlGVlGlpV3y3LyHlleVpBtXSVZSVaW7VwVeb+sKqvKarK6rCFrypqylqwla8vaso6sI+vKurKefEzWl72hPzSUVzrTWA6FJnIYNJPNZQvZUr4LT8nWcgS0kW1lO/mMHAUjoYNs7ZLk87KjHAed5ItyPLwku8iJ0FW+IrvJV2V3+ZrsIduonrKXnAK9ZR85HfrKfrK/HCBnQnV5pWM15NtyiBwqh8l35AJ4V46Q78mRcpQcLd+XY+RYOU6OlxPkRJkiP5CT5IdysvxITpFT5TQ5XabKGTJNfixnyllytvxEzpGfyrlynpwvF8h0uVAukotlhvxMLpGfy0y5VC6Ty+UKuVKukqvlGrlWrpPr5Qa5UW6Sm+UW+YXcKrfJ7XKH3Cl3yd3yS7lH7pX75FcyS34t98u/yAPyG3lQfisPye/kYfm9PCJ/kEflj/KY/EkelyfkSXlKnpY/yzPyrDwnz8sL8hd5UV6Sl6WXQoGSSimtApVD5VQxKpeKVTeoOHWjyq1uUhF1s4pXt6g86laVV+VT+VUBVVAVUoWVUaisIhWqIqqoiqrbVDF1u0pQxVUJVVI5VUolqjtUaXWnKqPuUmXV3aqcukeVVxVURVVJ3asqq/tUFXW/qqoeUNVUdVVD1VQPqlrqIVVbPazqqEdUXfWoqqceU/XV46qBaqgaqSdUY/WkaqKaqmaquWqhWqpW6inVWj2t2qi2qp16RrVXz6oO6jmVpJ5XHdULqpN6UXVWL6ku6mXVVb2iuqlXVXd1SV1WXvVUvVSy6q36qDdUX9VP9VcD1ED1phpEb6nB6m01RA1Vw9Q7arh6V41Q76mRapQard5XY9RYNU6NVxPURJWiPlCT1IdqsvpITVFT1TQ1XaWqGar/Xyup2f+D/A//IH/wr0ffrLaoL9RWtU1tVzvUTrVL7Va71R61R+1T+1SWylL71X51QB1QB9VBdUgdUofVYXVEHVFH1VF1TB1Tx9UJdV6dUqfVz+qMOqvOqvPqgrqgLv72PRAatNRKax3oHDqnjtG5dKy+QcfpG3VufZOO6Jt1vL5F59G36rw6n86vC+iCupAurI1GbTXpUBfRRXVU36aL6dt1gi6uS+iS2ulSOlHf8b/Ov9b6WulWurVurdvoNrqdbqfb6/a6g+6gk3SS7qg76k66k+6sO+suuovuqrvqbrqb7q676x66h+6pe+pknaz76Dd0X91P99cD9ED9ph6kB+nBerAeoofoYXqYHq6H6xF6hB6pR+rRerQeo8focXqcnqAn6BSdoifpSXqynqyn6Cl6mp6mU3WqTtNpeqaeqWfr2XqOnqPn6rl6vp6v03W6XqQX6QydoZfoJTpTL9VL9XK9XK/UK/VqvVqv1Wv1er1eb9QbdabeorforXqr3q636516p96td+s9eo/ep/fpLJ2l9+v9+oA+oA/qg/qQPqQP68P6iD6ij+qj+pg+po/r4/qkPqlP69P6jD6jz+lz+oK+oC/qi/qyvnzlsi+QgQx0oIMcQY4gJogJYoPYIC6IC3IHuYNIEAnig/ggT3BrkDfIF+QPCgQFg0JB4cAEGNiAgjAoEhQNosFtQbHg9iAhKB6UCEoGLigVJAZ3BKWDO4MywV1B2eDuoFxwT1A+qBBUDCoF9waVg/uCKsH9QdXggaBaUD2oEdQMHgxqBQ8FtYOHgzrBI0Hd4NGgXvBYUD94PGgQNAwaBU8EjYMngyZB06BZ0DxoEbQMWv2p9b0/k+9p19P0Msmmt+lj3jB9TT/T3wwwA82bZpB5yww2b5shZqgZZt4xw827ZoR5z4w0o8xo874ZY8aacWa8mWAmmhTzgZlkPjSTzUdmiplqppnpJtXMMGnmYzPTzDKzzSdmjvnUzDXzzHyzwKSbhWaRWWwyzGdmifncZJqlZplZblaYlWaVWW3WmLVmnVlvNpiNZpPZbLaYL8xWs81sNzvMTrPL7DZfmj1mr9lnvjJZ5muz3/zFHDDfmIPmW3PIfGcOm+/NEfODOWp+NMfMT+a4OWFOmlPmtPnZnDFnzTlz3lwwv5iL5pK5bPyVi/srb++oUWMOzIExGIOxGItxGIe5MTdGMILxGI95MA/mxbyYH/NjQSyIhbEwXkFIWASLYBSjWAyLYQImYAksgQ4dJmIilsbSWAbLYFksi+WwHJbH8lgRK+K9eC/eh/fh/Xg/PoAPYHWsjjWxJtbCWlgba2MdrIN1sS7Ww3pYH+tjA2yAjbARNsbG2ASbYDNshi2wBbbCVtgaW2MbbIPtsB22x/bYATtgEiZhR+yInbATdsbO2AW7YFfsit2wG3bH7tgDe2BP7InJmIx9sA/2xb7YH/vjQByIg3AQDsbBOASH4DAc5oUQOAJH4EgchaPxfRyDY3EcjscJOBFTMAUn4SScjJNxCk7BaTgNUzEV0zANZ+JMnI2zcQ7Owbk4F+fjfEzHdFyEizADM3AJLsFMzMRluAxX4ApchatwDa7BdbgON+AG3ISbcAtuwa24FbfjdtyJO3E37sY9uAf34T7Mwizcj/vxAB7Ag3gQD+EhPIyH8QgewaN4FI/hMTyOx/EknsTTeBrP4Bk8h+fwAv6CF/ESXkaPMTaXjbU32Dh7o81tb7L/Gue3BWxBW8gWtsbmtfn+KUZrbYItbkvYktbZUjbR3vG7uLytYCvaSvZeW9neZ6v8Lq5lH7K17cO2jn3E1rQP/lNc1z5q69knbX3b1DawzW0j29I2tk/aJrapbWab2xa2pW1vn7Ud7HM2yT5vO9oXfhcvsovtGrvWrrPr7R67156z5+0R+4O9YH+xPW0vO9C+aQfZt+xg+7YdYof+Lh5t37dj7Fg7zo63E+zE38XT7HSbamfYNPuxnWln/S5OtwvtHJth59p5dr5d8Gt8ZU0Z9jO7xH5uM+1Su8wutyvsSrvKrv77WpfbjXaT3Wx32y/tVrvNbrc77E6769f4ynnss1/ZLPu1PWy/twfsN/agPWoP2e9+ja+c31H7oz1mf7LH7Ql70p6yp+3P9ow9++v5Xzn3U/aSvWy9FQQkSZGmgHJQToqhXBRLN1Ac3Ui56SaK0M0UT7dQHrqV8lI+yk8FqCAVosJkCMkSUUhFqChF6TYqRrdTAhWnElSSHJWiRLqDStOdVIbuorJ0N5Wje6g8VaCKVInupcp0H1Wh+6kqPUDVqDrVoJr0INWih6g2PUx16BGqS49SPXqM6tPj1IAaUiN6ghrTk9SEmlIzak4tqCW1oqeoNT1NbagttaNnqD09Sx3oOUqi56kjvUCd6EXqTC9RF3qZutIr1I1epe70GvWg16kn9aJk6k196A3qS/2oPw2ggfQmDaK3aDC9TUNoKA2jd2g4vUsj6D0aSaNoNL1PY2gsjaPxNIEmUgp9QJPoQ5pMH9EUmkrTaDql0gxKo49pJs2i2fQJzaFPaS7No/m0gNJpIS2ixZRBn9ES+pwyaSkto+W0glbSKlpNa2gtraP1tIE20ibaTFvoC9pK22g77aCdtIt205e0h/bSPvqKsuhr2k9/oQP0DR2kb+kQfUeH6Xs6Qj/QUfqRjtFPdJxO0Ek6RafpZzpDZ+kcnacL9AtdpEt0mTyJEEIZqlCHQZgjzBnGhLnC2PCGMC68Mcwd3hRGwpvD+PCWME94a5g3zBfmDwuEBcNCYeHQhBjakMIwLBIWDaPhbWGx8PYwISwelghLhi4sFSaGd4SlwzvDMuFdYdnw7rBceE9YPqwQVgwrhfeGlcP7wirh/WHV8IGwWlg9rBHWDB8Ma4UPhbXDh8M64SNhmfDRsF74WFg/fDxsEDYMG4VPhI3DJ8MmYdOwWdg8bBG2DFuFT4Wtw6fDNmHbsF34TNg+fDbsED4XJoXPhx3DF665PznsHfYJ3wjfCL1/WM2PLoimRxdGF0UXRzOin0WXRD+PZkaXRpdFl0dXRFdGV0VXR9dE10bXRddHN0Q3RjdFN0e9r5lTOHDSKadd4HK4nC7G5XKx7gYX5250ud1NLuJudvHuFpfH3eryunwuvyvgCrpCrrAzDp115EJXxBV1UXebK+ZudwmuuCvhSjrnSrlE19K1cq1ca/e0a+PaunbuGfeMe9Y9655zz7nnXUf3guvkXnSd3Uuui3vZvexecd3cq667e831cK+7nq6XS3bJro/r4/q6vq6/6+8GuoFukBvkBrvBbogb4oa5YW64G+5GuBFupBvpRrvRbowb48a5cW6Cm+BSXIqb5Ca5yW6ym+KmuGlumkt1qS7NpbmZbqab7Wa7OW6Om+vmuvluvkt36W6RW+QyXIZb4pa4TJfplrllboVb4Va5VW6NW+PWuXVug9vgNrlNbovb4ra6rW672+52up1ut9vt9rg9bp/b57Jcltvv9rsD7oA76L51h9x37rD73h1xP7ij7kd3zP3kjrsT7qQ75U67n90Zd9adc+fdBfeLu+guucvOu5TIB5FJkQ8jkyMfRaZEpkamRaZHUiMzImmRjyMzI7MisyOfROZEPo3MjcyLzI8siKRHFkYWRRZHMiKfRZZEPo9kRpZGlkWWR1ZEVka8L7Q19EV8UR/1t/li/naf4Iv7Er6kd76UT/R3+NL+Tl/G3+XL+rt9OX+PL+8r+Iq+qW/mm/sWvqVv5Z/yrf3Tvo1v69v5Z3x7/6zv4J/zSf5539G/4Dv5F31n/5Lv4l/2Xf0rvpt/1Xf3r/ke/nXf0/fyyb637+Pf8H19P9/fD/AD/Zt+kH/LD/Zv+yF+qB/m3/HD/bt+hH/Pj/Sj/Gj/vh/jx/pxfryf4Cf6FP+Bn+Q/9JP9R36Kn+qn+ek+1c/waf5jP9PP8rP9J36O/9TP9fP8fL/Ap/uFfpFf7DP8Z36J/9xn+qV+mV/uV/iVfpVf7df4tX6dX+83+I1+k9/st/gv/Fa/zW/3O/xOv8vv9l/6PX6v3+e/8ln+a7/f/8Uf8N/4g/5bf8h/5w/77/0R/4M/6n/0x/xP/rg/4U/6U/60/9mf8Wf9OX/eX/C/+Iv+kr/M/7PGGGOMMfY/oq6xv/cfbJO/jSv6CCFu3Fbg0L/W3JD3r/N+vx3g+V5dG/5tNGyYnJz822szlQiKzhNCRK7m//rX7N/ipaKdeFYkibai9B+ur5+sCHSN+tG7hYj9h5wYcTW+Wv/O/0v9pguvWX+eEAlFr+bkElfjq/XL/EPV83+/Wu0nd7W/Rv1c36QI0eYfsuPE1fhq/UTxtHhBJP3TKxljjDHGGGOMsb/qJy90u9b97ZX784L6ak5OcTW+1v05Y4wxxhhjjDHGrr+XXu3+3FNJSW0784QnPOHJ3yfX+zcTY4wxxhhj7M929aL/eq+EMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLvv4THyd2vc+RMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYu97+TwAAAP//d2tliA==") syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003b40)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRES16=0x0, @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f82cf967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df4953f3497688b7b1ede6a2e529b25ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc46e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09edb44848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee4659d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2f0f78af72335c494f57f2414afe247e2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cbbae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183ddca2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c83481", @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e1bd33ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRES64], 0x8, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) fdatasync(r0) creat(&(0x7f0000000040)='./bus\x00', 0x122dfb579e447c7a) mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000200)='./bus\x00', 0x0, 0x1000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x198) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x3, 0x0, 0x0, 0x4, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000007700000c00002000", "036c47c678082004cb59d654cb9b1b165263bdbcef549ba197fce47ddfdd753abd950100172a00ffffff00f7ffffff000000f3e7f20000000200000000000600", "b7326736181c208220fffff2ff00000000000000000e00", [0x4]}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 1m31.837742528s ago: executing program 7 (id=2288): sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x240540c7, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='veth1_to_batadv\x00', 0x10) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000000)={0x1, 0x1ff}, 0x8) close(r1) syz_open_dev$usbfs(0x0, 0x77, 0x101301) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) ioprio_set$pid(0x1, r0, 0x6000) 1m24.931981644s ago: executing program 7 (id=2302): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xfff}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)={0x14, 0x15, 0x301, 0x0, 0x25dfdbfd, {0xb}}, 0x14}}, 0x40088c0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 1m23.616886723s ago: executing program 35 (id=2302): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xfff}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)={0x14, 0x15, 0x301, 0x0, 0x25dfdbfd, {0xb}}, 0x14}}, 0x40088c0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 14.616626241s ago: executing program 4 (id=2472): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000340)='\x00', 0x1}], 0x1}}], 0x1, 0x4000000) setsockopt$sock_int(r1, 0x1, 0x20, &(0x7f0000000000)=0x7fffffff, 0x4) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38) writev(r0, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1) 14.076634962s ago: executing program 4 (id=2476): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_mount_image$f2fs(&(0x7f0000001080), &(0x7f0000000000)='./file1\x00', 0x2800000, &(0x7f0000000380)=ANY=[], 0x2, 0x5515, &(0x7f0000001300)="$eJzs3EtvG9UXAPDjpGnTx7//CLFg15EqpESqrTpNKtgFaMVDpIoKLFiBYzuWW9sTxY4TsmLBErHgmyCQWLHkM7BgzQ6xALFDAnlmAg0PqSh+0Ob3k8Zn7vX1mXOtqtKZiRzAmbWU/PxjKa7GxYiYj4grEdl5qTgyG3l4LiKuRcTcI0epmP994nxEXIqIq6Pkec5S8danN4bX139446evvrlw7vJnX347u10Ds/Z8RHR38/ODbh7TVh4fFPO1YTuL3bVhEfM3ug+LcZrHg+Z2luGgdryulsVbrXx9urvfH8WdTq0+iq32Tja/28sv2B+2jvNkH3hQ28vGjeZ2Ftv9NIuto7yuw6P8/7aj/iDP0yjyfZClj8HgOObzzcNmvp/dh1ms9wbFfJ43bTQPR3FYxOJyUU87jayO7dN80/9tb7Z7+4fJsLnXb6e9ZL1SfaFSvV2u7qWN5qC5Vq51G7fXkuVWZ7SsPGjWuhutNG11mpV62l1Jllv1erlaTZbvNLfbtV5SrVZuVW6W11eKsxvJq/feSTqNZHkUX2739gftTj/ZSfeS/BMrlyPixZXkejV5a3Mr2bp/9+7m1tvv3Xn33kubr79SLPpLWcny6s3V1XL1Znm1ujLB/S/GxPefrFZuPfb+PyqKHuP+4VRKsy4A4Mmj/wdmYXL9/979iMn3/6H/H4tZ9///qv+ddv9/BvYPp6L/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4s75b+Py17GQpH18u5v9XTD1TjEsRMRcRv/6N+Th/Iud8kWfhH9Yv/KmGr0uRZRhd40JxXIqIjeL45f+T/hYAAADg6fXFh9c+ybv1/GVp1gUxTflNm7kr748p32JELCx9P6Zsc6OXZ8eULPv3fS4Ox5Qtu4G1OKZk+S23c+PK9ljmT4TFR0IpD3NTLQcAAJiKk53AdLsQAAAApunjWRfAbJTi+FHm8bPg7C/v/3ggePHECAAAAHgClWZdAAAAADBxWf/v9/8AAADg6Zb//h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7FzP7eJA1EcgJ8NXtj/aLX3bWVvUMaWsMc9riggTVBADqSFNEAN5JYSIojwOAQiDpE8tpXo+yQzjGV+PCN8mBlpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC6dFetFzf/f121zdnt28lzNwAAAMAl22q9qN/MUv9zc/5rc+pH0y8iooyIS2P3UXw4yxw1OdXz9den11cvariNqBMO3zFpjk8R8bs5Hr53/SsAAADA+7VZruZptJ5eZkMXRJ/SpE355U+mvCIiqtl9prTykPczU1j9/x7Hv0xp9QTWt0xhacptnCvtVerH/ThrNz1pitSUFz92LHLaeYUAAEB+o7Om31EIAAAAffo7dAEMo4inpczjUuAkNc3y3sezHgAAAPAGFUMXAAAAAHSuHv/3tP/f3v5/AAAAMIy0/x8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABd2lbrxWa5mrfN2e3byXM3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI/szzsKhEAYhMHe9Z3J3P+w0qCpqUkVCB9/YzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG9+95f/E1PjTDL32lh6HknWTo2tU2Pv3Dj6w/j6NQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcLE/NykQwkAQRmvG/53k/oeVAj2DCO9B4EuaXgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAL/rdJ+cTU6O3Ocm/sfR5JFk7amwdNfYuNI4ujLd/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAH8zs7O1VXGNsoeIKHjQi91ua2tv4kEJHvwThJBua+zWH20OthQxF2+Scy+iRxFBibf+DzknkEu85bCHCJ6VmZ3JTn6A66+ZTfL5wJv33WGY932zEPKd9xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0ensSJ9mhM47j4tzm3sOlrN861Gcer23PZy2LozqTPhlerH6Ius0lAgAAwNmRlPV9CGEnXV/I+riT1/9peU1W83/79Dgu6/nDdX/Zl7V/1n75eff5/YE643Gym95cHg4uHU2l9f/NcrY985dXtPInn797SfIvJH5v9blRmj/P6OuNjXfaeXiujmwBgH/iYtkXQfn7UNb3m0wMgDOjVSm8y/o/6TSbEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAdRqvhyTKOQgjzrUmc2dp7uHRc/3hte75s1x49WgtfTu6Z3SINIdxcHg4u1Tqb2Xbv/oPbi8Ph4G79wUshhKZGf6uY/u0Pprg4hEaej+A/CuLiy56VfE5G0OAPJQAATqW0aFldv5OuL2TnorkQ/vjuYP3/aiUOU9b/ux9e26yOVa3/+7XNcPb1Vu582rt3/8Hry3cWbw1uDT5+43L/zf6V61evXu/l70p63pgAAADw77SLVq3/47mj6/8XKnGYsv7/7Jv+F9WxEvX/sSaLfk1nAgAAcLY9+/Lvv0XHnI/a7fD54srK3f74uP/58vjYQKp/27miVev/ZK7prAAAAIA6jFajA+v/NypxmHL9/6nvX/ixes8khHC+WP+/uPTJ8EZ905lpdfw5cdNzBAAAoFnni1Zd/0/z/f/x/paHOITw2ivjuPg3gFPV/8m7X/1QXN4Jh/b/X6l3mjMn7o6fR953Q2h1m84IAACA0+yJomXF/q/p+sJHP114v23/PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDd/gwAAP///ls9vA==") r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) ptrace$getenv(0x4201, 0x0, 0x3, &(0x7f0000000040)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001240)='freezer.self_freezing\x00', 0x275a, 0x0) 12.791650756s ago: executing program 2 (id=2480): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x2) ioctl$BLKTRACESTART(r3, 0x1261, 0x0) 10.72019546s ago: executing program 2 (id=2481): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d) recvmmsg(r3, &(0x7f00000021c0), 0x5b, 0x40, 0x0) 10.127301478s ago: executing program 0 (id=2483): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x11, 0x38}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit={0x95, 0x0, 0x33}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb8000000}, 0x70) 9.912687532s ago: executing program 4 (id=2484): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$netlink(0x10, 0x3, 0x4) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f0000000080)=0x1e, 0x4) 9.284960597s ago: executing program 2 (id=2485): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1e00}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14080, 0x10000}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r0}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r2 = socket(0x11, 0x3, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r2, &(0x7f0000000180)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) writev(0xffffffffffffffff, &(0x7f00000005c0)=[{&(0x7f0000000480)="57c761f654db5f3098ae64ce385ffcfed0ef110d93cbe7fa1f4f2327602a291192f5fe9863d527e303153f68b04c18db5a48756a583789e9895746c12b9d4e1224c9e17563edff39dd0b7d73fbb4b5a64e7b6db65b84b82f6c938205b2d8560f0da2f775e85175f74ed70033681e96d30fe8a7c2866c59e8f2e2d253ee55115be95aef4a8688989faa6f27db0ea71914ea8150aa35afc828c97af0ec5cc718ca2a58b3", 0xa3}], 0x1) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) sendmsg$netlink(r2, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000004c0)=ANY=[@ANYBLOB="020114004f0018000e3580009f0001140000002f0604ac14141de0000003808a8972bd0b72e41082b9a3d206"], 0xdd12}], 0x1}, 0x20040851) 7.061081607s ago: executing program 0 (id=2486): r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x2, 0x180000, 0x1}, 0x1c) recvmsg$unix(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) socket$inet6_sctp(0xa, 0x1, 0x84) recvmsg$unix(0xffffffffffffffff, 0x0, 0x20) 6.708411242s ago: executing program 4 (id=2487): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20020800}, 0x0) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000440)={0x28, 0x3, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x4844}, 0x20) 6.03203839s ago: executing program 2 (id=2489): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r0, {0x2, 0x4e21, @broadcast}, 0x2, 0x9800, 0xfffffffd}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2, 0x3}}, 0x26) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000500)=0x2) ioctl$PPPIOCBRIDGECHAN(r4, 0x40047435, &(0x7f0000000200)=0x1) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xfc, 0x7fff0026}]}) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, 0x0) 5.939864097s ago: executing program 2 (id=2490): r0 = syz_open_procfs(0x0, &(0x7f0000000480)='net/fib_triestat\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) pread64(r0, &(0x7f000004b680)=""/102363, 0x18fdb, 0x2) 5.447649678s ago: executing program 0 (id=2491): syz_open_dev$radio(0x0, 0xffffffffffffffff, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) munmap(&(0x7f0000c75000/0x4000)=nil, 0x4000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) read(r1, &(0x7f00000002c0)=""/153, 0x99) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x14032, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_MOVE(r1, 0xc028aa05, &(0x7f0000000140)={&(0x7f00000e9000/0x2000)=nil, &(0x7f0000c76000/0x1000)=nil, 0x2000, 0x1}) 4.688755026s ago: executing program 2 (id=2492): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)={0x5c, r4, 0x405, 0x70bd27, 0x25dfdbff, {}, [{{0x8, 0x1, r5}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000401}, 0x4c004) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x7, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104}, [@IFLA_IFNAME={0x14, 0x3, 'vlan0\x00'}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x3c}}, 0x0) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000440)={0x0, 0xa1ff, &(0x7f0000000400)={&(0x7f0000000280)={0x34, r1, 0x1, 0x0, 0x25dfdbff, {{}, {}, {0x18, 0x17, {0x0, 0x0, @l2={'eth', 0x3a, 'team0\x00'}}}}}, 0x34}}, 0x0) 4.617450541s ago: executing program 5 (id=2493): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x1d, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x5e}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2}, 0x94) r0 = socket$inet_icmp(0x2, 0x2, 0x1) unshare(0x400) r1 = socket(0x1, 0x80802, 0x0) shutdown(r1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000001c0)=@security={'security\x00', 0xe, 0x4, 0x2e8, 0xffffffff, 0x0, 0x220, 0x0, 0xffffffff, 0xffffffff, 0x340, 0x340, 0x340, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @empty, 0x0, 0x4, [0x31, 0x9, 0x2, 0x27, 0x31, 0x5, 0x1f, 0x40, 0xe, 0x1e, 0x34, 0x2a, 0xc, 0x16, 0x11, 0x2b], 0x2, 0x3, 0x7d5b}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b8a33e484489434e37e4b9e19fce6e644aec42c7c49114f38d8f61a7f92"}}, {{@ip={@loopback, @empty, 0xffffffff, 0x0, 'veth0_to_bridge\x00', 'netpci0\x00', {}, {0xff}, 0x29, 0x0, 0x47}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x7, 0x6, 0x1, 0x2], 0x1, 0xa}, {0x2, [0x4, 0x7, 0xe, 0x3, 0x0, 0x2], 0x3, 0x5}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x348) socket(0x15, 0x5, 0x0) r2 = socket(0x40000000015, 0x5, 0x0) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) bind$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) sendmsg$inet(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x40) getsockopt(r2, 0x200000000114, 0x2715, &(0x7f0000019580)=""/102385, &(0x7f0000000400)=0x19018) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000a80)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100180000000000000010000000100000000200000000000000000000010000000000004002000062a00019d558d9c41656cfe61c64b50b019ec32a235e53e7e3f8db2017cf96d63dce1b7e1c7cf3428e6564d913bf5612fa6b9c0addf2d26e7c4bc510a27e08e3b011709d4cfac4f61453a39302c9ccb3fdf4965b0db302070bb12516025d38cd851603d0e328571b9da0bad354202c86865acdda53c4"], 0x0, 0x2a, 0x0, 0x1, 0xfffff354}, 0x28) 4.172378103s ago: executing program 5 (id=2494): mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x1000, 0x103) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x80800, 0x0) r1 = signalfd(0xffffffffffffffff, &(0x7f0000000000)={[0x5]}, 0x8) mount$9p_fd(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000240), 0x10, &(0x7f00000004c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) poll(0x0, 0x0, 0x76) openat$dir(0xffffffffffffff9c, 0x0, 0x20a200, 0x1a1) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, r2) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0) sendmsg$DEVLINK_CMD_TRAP_SET(r1, 0x0, 0x20000010) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0) write$binfmt_elf32(r3, 0x0, 0x58) 3.619821692s ago: executing program 0 (id=2495): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(0x3) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x10, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 2.392508901s ago: executing program 5 (id=2496): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000380)={0xffffffffffffffff}, 0x2, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(r3, &(0x7f0000000980)={0x16, 0x98, 0xfa00, {0x0, 0x2, r4, 0x30, 0x1, @ib={0x1b, 0x1, 0x1, {"c6b7b7e198082124066b72a4ca8bf843"}, 0x7, 0x7, 0x3}}}, 0xa0) 1.371633381s ago: executing program 0 (id=2497): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x4, 0x9, 0x0, 0x1, 0xe7030000}, {0x16, 0x0, 0x0, 0x6}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x24, 0x9, 0x0, 0x4211}}], {{0x4, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.367896835s ago: executing program 4 (id=2498): r0 = io_uring_setup(0x650b, &(0x7f0000000180)={0x0, 0x2c3f, 0x0, 0x21, 0xab}) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r1) r2 = socket(0x28, 0x5, 0x0) r3 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r3, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r3, 0x4) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20) recvfrom$inet_nvme(r2, 0x0, 0x0, 0x40000002, 0x0, 0x0) ppoll(&(0x7f0000000100)=[{r2, 0x4458}], 0x1, &(0x7f0000000140), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1.01159732s ago: executing program 5 (id=2499): signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000d88000/0x1000)=nil, &(0x7f00007f2000/0x2000)=nil, &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff6000/0xa000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f00008f7000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x2405a045) r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xcaa1, 0xc000, 0x6, 0xbe}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) rseq(&(0x7f0000000080)={0x0, 0x0, 0x0, 0xf}, 0x20, 0x20000000, 0x0) rt_sigsuspend(&(0x7f0000000040)={[0x4]}, 0x8) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x12, r1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x11, 0x3, &(0x7f00000001c0)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68}, 0x94) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2000, 0x0) 275.215609ms ago: executing program 4 (id=2500): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1e00}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14080, 0x10000}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r0}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r2 = socket(0x11, 0x3, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r2, &(0x7f0000000180)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) writev(0xffffffffffffffff, &(0x7f00000005c0)=[{&(0x7f0000000480)="57c761f654db5f3098ae64ce385ffcfed0ef110d93cbe7fa1f4f2327602a291192f5fe9863d527e303153f68b04c18db5a48756a583789e9895746c12b9d4e1224c9e17563edff39dd0b7d73fbb4b5a64e7b6db65b84b82f6c938205b2d8560f0da2f775e85175f74ed70033681e96d30fe8a7c2866c59e8f2e2d253ee55115be95aef4a8688989faa6f27db0ea71914ea8150aa35afc828c97af0ec5cc718ca2a58b3", 0xa3}], 0x1) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) sendmsg$netlink(r2, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000004c0)=ANY=[@ANYBLOB="020114004f0018000e3580009f0001140000002f0604ac14141de0000003808a8972bd0b72e41082b9a3d206"], 0xdd12}], 0x1}, 0x20040851) 268.421939ms ago: executing program 5 (id=2501): syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000040)='./file1\x00', 0x10c00, &(0x7f0000000100)=ANY=[], 0x3, 0x150f, &(0x7f0000000780)="$eJzs3AnYTlX3MPC19t6Hhwx3knmvvQ53MmySJEOSDEmSJMmckCRJEpIpUxKSkDnJHJIpJPM8ZUqSvJIkCQlJ9nept9f7fvW/6r16/5/v/3/W77rOde917bP22fus57nPuc8zfN1hcOW6VSrUZmb4S/CXl+4AkAIA/QAgMwBEAFAiS4ksl/rTaez+1w4i/rMemHalZyCuJKl/6ib1T92k/qmb1D91k/qnblL/1E3qn7pJ/YVIzbZNz3m1bKl3++vP/1N+eZHn//8DyfU/dZP6/29zOt2/s7fU/3+TiyGEfy9D6p+6Sf1TN6l/6ib1T92k/qmb1F+I1OxKP3+W7a9t9RtOyfBX8q/0158QQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiNThXLjMAMCv7Ss9LyGEEEIIIYQQQvznhLRXegZCCCGEEEIIIYT474egQIOBCNJAWkiBdJAeroIMkBEyQWZIwNWQBa6BrHAtZIPskANyQi7IDXnAAoEDhhjyQj5IwnWQH66HAlAQCkFh8FAEisINUAxuhOJwE5SAm6Ek3AKloDSUgbJwK5SD26A83A4V4A6oCJWgMlSBO6Eq3AXV4G6oDvdADbgXasJ9UAvuh9rwANSBB6EuPAT1oD40gIbQCBpDk3/KT/nT+c9BF3geukI36A49oCe8AL2gN/SBvtAPXoT+8BIMgJdhIAyCwfAKDIFXYSi8BsNgOIyA12EkjILRMAbGwjgYD2/ABHgTJsJbMAkmwxSYCtNgOsyAt2EmzILZ8A7MgXdhLsyD+bAAFsJ7sAgWwxJ4H5bCB7AMlsMKWAmrYDWsgbWwDtbDBtgIm2AzbIGtsA0+hO2wA3bCLtgNH8Ee+Bj2wiewDz6F/fDZv5l/9l/zL4YQEFChQoMG02AaTMEUTI/pMQNmwEyYCROYwCyYBbNiVsyG2TAH5sBcmAvzYB4kJGRkzIt5MYlJzI/5sQAWwEJYCD16LIpFsRjeiMWxOJbAElgSS2IpLI2AZbEslkOA8lgeK2AFrIgVsTJWxjvxTrwLq2E1rI7VsQbWwJpYE2thLayNtbEO1sG6WBfrYT1sgA2wETbCJtgEm2JTbIbNsIUBbIktsRW2wtbYGttgG2yLbbEdtsP22B47YAfsiJ2wEz6Hz+Hz+Dx2w4qqB/bEntgLe2Ef7It98UXsjy/hS/gyDsRBOBhfwVfwVRyKZ3AYDscROALLqVE4Gscgq3E4HsfjBJyAE3EiTsLJOBmn4jScjjNwBs7EWTgL38E5+C6+i/NwHi7AhbgQF+FiXIJLcCmexWW4HFfgSlyFq3EVrsV1uBY34EbcgJtxM27Frfghfog7cAfuwl34EX6EH+PH+Al+ggNxP+7HA3gAD+JBPISH8DAexiN4BI/iUTyGx/A4HscTeBJP4Uk8jafxDJ7Fc3gOz+N5vIAX8CJevPTNry4xyqg0Ko1KUSkqvUqvMqgMKpPKpBIqobKoLCqryqqyqWwqh8qhcqlcKo/Ko0iRYhWrvCqvSqqkyq/yqwKqgCqkCimvvCqqiqpiqpgqroqrEupmVVLdokqp0qq5L6vKqnKqhS+vblcVVAVVUVVSlVUVVUVVVVVVNVVNVVfVVQ1VQ9VU96laqgf2wQfUpcrUVYOwnhqMDVRD1Ug1Vq/iw6qpGorNVHPVQj2qhuMwbKWa+tbqCdVGjca26ik1Bp9W7dU47KCeVR1VJ9VZPae6qGa+q+qmJmEP1VNNxV6qt+qj+qqZWEldqlhl9bIaqAapweoVtQBfVUPVa2qYGq5GqNfVSDVKjVZj1Fg1To1Xb6gJ6k01Ub2lJqnJaoqaqqap6WqGelvNVLPUbPWOmqPeVXPVPDVfLVAL1XtqkVqslqj31VL1gVqmlqsVaqVapVarNWqtWqfWqw1qo9qkNqstaqvapj5U29UOtVPtUruV+vVNW+1Tn6r96jN1QP1NHVSfq0PqC3VYfamOqK/UUfW1Oqa+UcfVt+qEOqlOqe/UafW9OqPOqnPqB3Ve/aguqJ/URRUU9AAArbXRkU6j0+oUnU6n11fpDDqjzqQz64S+WmfR1+is+lqdTWfXOXROnUvn1nm01aSdZh3rvDqfTurrdH59vS6gC+pCurD2uoguqm/QxfSNuri+SZfQN+uS+hZdSpfWZXRZfasup2/T5fXtuoK+Q1fUlXRlXUXfqavqu3Q1fbeuru/RNfS9uqa+T9fS9+va+gFdRz+o6+qHdD1dXzfQDXUj3Vg30Q/rpvoR3Uw31y30o7qlfky30o/r1voJ3UY/qdvqp3Q7/bRur5/RHfSzuqPupDvrn/RFHXRX3U131z10T/2C7qV76z66r+6nX9T99Ut6gH5ZD9SD9GD9ih6iX9VD9Wt6mB6uR+jX9Ug9So/WY/RYPU6P12/oCfpNPVG/pSfpyXqKnqqn6em6z99Hmv0n8t/8nfwBPx99q96mP9Tb9Q69U+/Su/VHeo/eo/fqvXqf3qf36/36gD6gD+qD+pA+pA/rw/qIPqKP6qP6mD6mj+vj+oQ+qX/Q3+nT+nt9Rp/VZ/UP+rw+ry/8/RyAQaOMNsZEJo1Ja1JMOpPeXGUymIwmk8lsEuZqk8VcY7Kaa002k93kMDlNLpPb5DHWkHGGTWzymnwmaa4z+c31poApaAqZwsabIqaoueEv5//R/JqYJqapaWqamWamhWlhWpqWppVpZVqb1qaNaWPamramnWln2pv2poPpYDqajqaz6Wy6mC4mAEB30930NC+YXqa36WP6mn7mRdPf9DcDzAAz0Aw0g81gM8QMMUPNUDPMDDMjzAgz0ow0o81oM9aMNePNeDPBTDATzUQzyUwyU8wUM81MMzPMDDPTzDSzzWwzx8wxc81cM9/MNwvNQrPILDJLzBKz1Cw1y8xys9ysNCvNarParDVrzXqz3mw0G81ms9ksM7/+guZOs9PsNrvNHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL932RSpSkYlMlCZKE6VEKVH6KH2UIcoQZYoyRYkoEWWJskRZo2ujbFH2KEeUM8oV5Y7yRDaiyEUcxVHeKF+UjK6L8kfXRwWiglGhqHDkoyJR0eiGqFh0Y1Q8uikqEd0clYxuiUpFpaMyUdno1qhcdFtUPro9qhDdEVWMKkWVoyrRnVHV6K6oWnR3VD26J6oR3RvVjO6LakX3R7WjB6I60YNR3eihqF5UP2oQNYwaRY2jJv/R8UM4k/0R39V2s91tD9vTvmB72d62j+1r+9kXbX/7kh1gX7YD7SA72L5ih9hX7VD7mh1mh9sR9nU70o6yo+0YO9aOs+PtG3aCfdNOtG/ZSXaynWKn2ml2up1h37Yz7Sw7275j59h37Vw7z863C+xC+55dZBfbJfZ9u9R+YJfZ5XaFXWlX2dV2jV1r19n1doPdaDfZzXaL3Wq32Q/tdrvD7rS77G77kd1jP7Z77Sd2n/3U7ref2QP2b/ag/dwesl/Yw/ZLe8R+ZY/ar+0x+409br+1J+xJe8p+Z0/b7+0Ze9aesz/Y8/ZHe8H+ZC/acOnm/tLlnQwZSkNpKIVSKD2lpwyUgTJRJkpQgrJQFspKWSkbZaMclINyUS7KQ3noEiamvJSXkpSk/JSfClABKkSFyJOnolSUilExKk7FqQSVoJJUkkpRKSpDly5tt9JtdBvdTrfTHXQHVaJKVIWqUFWqStWoGlWn6lSDalBNqkm1qBbVptpUh+pQXapL9ageNaAG1IgaURNqQk2pKTWjZtSCWlBLakmtqBW1ptbUhtpQW2pL7agdtaf21IE6UEfqSJ2pM3WhLtSVulJ36k49qSf1ol7Uh/pQP+pH/ak/DaABNJAG0mAaTENoCA2loTSMhtMIep1G0igaTWNoLI2j8TSeJtAEmkgTaRJNoik0habRNJpBM2gmzaTZNJvm0ByaS3NpPs2nhbSQFtEiWkJLaCktpWW0jFbQClpFq2gNraF1tI420AbaRJtoC22htLCNttN22kk7aTftpj20h/bSXtpH+2g/7acDdIAO0kE6RIfoMB2mI3SEjtJROkbH6DgdpxN0Ak/RKTpNp+kMnaFzdI7O0490gX6iixQoxaVz6d1VLoPL6DK5zC7FpesGAP+Ic7icLpfL7fI467K57P8Sk3OugCvoCrnCzrsirqi74TdxKVfalXFl3a2unLvNlf9NXNXd5aq5u111d4+r4u78l7iGu9fVdA+5Wq6+q+0aujqusavrHnL1XH3XwDV0jVxj19I95lq5x11r94Rr4578TbzILXbr3Hq3wW10e90n7pz7wR11X7vz7kfX1XVz/dyLrr97yQ1wL7uBbtBv4hHudTfSjXKj3Rg31o37TTzFTXXT3HQ3w73tZrpZv4kXuvfcHLfEzXXz3Hy34Of40pyWuPfdUveBW+aWuxVupVvlVrs1bu0/5rrSbXZb3Fa3x33strsdbqfb5Xa7j36OL61jn/vU7XefuSPuK3fQfe4OuWPusPvy5/jS+o65b9xx96074U66U+47d9p97864sz+v/9Lav3M/uYsuOGBkxZoNR5yG03IKp+P0fBVn4IyciTNzgq/mLHwNZ+VrORtn5xyck3Nxbs7DlokdM8ecl/NxMl9Gzs/XcwEuyIW4MHsuwkX5Bi7GN3JxvolL8M1ckm/hUlyay3BZvpXL8W1cnm/nCnwHV+RKXJmr8J1cle/ianw3V+d7uAbfyzX5Pq7F93NtfoDr8INclx/ielyfG3BDbsSNuQk/zE35EW7GzbkFP8ot+TFuxY9za36C2/CT3Jaf4nb8NLfnZ7gDP8sduRN35ue4Cz/PXbkbd+ce3JNf4F7cm/twX+7HL3J/fokH8Ms8kAfxYH6Fh/CrPJRf42E8nEfw6zySR/FoHsNjeRyP5zd4Ar/JE/ktnsSTeQpP5Wk8nWfw2zyTZ/Fsfofn8Ls8l+fxfF7AC/k9XsSLeQm/z0v5A17Gy3kFr+RVvJrX8Fpex+t5A2/kTbyZt/BW3sYf8nbewTt5F+/mj3gPf8x7+RPex5/yfv6MD/Df+CB/zof4Cz7MX/IR/oqP8td8jL/h4/wtn+CTfIq/49P8PZ/hs3yOf+Dz/CNf4J/4IgeGGGMV69jEUZwmThunxOni9PFVcYY4Y5wpzhwn4qvjLPE1cdb42jhbnD3OEeeMc8W54zyxjSl2McdxnDfOFyfj6+L88fVxgbhgXCguHPu4SFw0viEuFt8YF49vikvEN8cl41viUnHpuExcNr41LhffFpePb48rxHfEFeNKceW4SnxnXDW+K64W3x1Xj++Ji8f3xjXj++Ja8f1x7fiBuE78YFw3fiiuF9ePG8QN40Zx47hJ/HDcNH4kbhY3j1vEj8Yt48fiVvHjcev4ibhN/OQf9nePe8Q94xfiF+IQ7tbzkwuSC5PvJRclFyeXJN9PLk1+kFyWXJ5ckVyZXJVcnVyTXJtcl1yf3JDcmNyU3JzcktyaDKFKWvDoldfe+Min8Wl9ik/n0/urfAaf0WfymX3CX+2z+Gt8Vn+tz+az+xw+p8/lc/s83nryzrOPfV6fzyf9dT6/v94X8AV9IV/Ye1/EF/WNfRPfxDf1j/hmvrlv4R/1j/rH/GP+cf+4f8K38U/6tv4p384/7dv7Z/wz/lnf0Xfynf1zvot/3nf13Xx339339D19L9/L9/F9fD/fz/f3/f0AP8AP9AP9YD/YD/FD/FA/1A/zw/wIP8KP9CP9aD/aj/Vj/Xg/3k/wE/xEP9FP8pP8FD/FT/PT/Aw/w8/0M/1sP9vP8XP8XD/Xz/fz/UK/0C/yi/wSv8Qv9Uv9Mr/Mr/Ar/Cq/yq/xa/w6v85v8Bv8Jr/Jb/Fb/Da/zW/32/1Ov9Pv9rv9Hr/H71V7/T6/z+/3+/0Bf8Af9Af9If+FP+y/9Ef8V/6o/9of89/44/5bf8Kf9Kf8d/60/96f8Wf9Of+DP+9/9Bf8T/6iD3584o3EhMSbiYmJtxKTEpMTUxJTE9MS0xMzEm8nZiZmJWYn3knMSbybmJuYl5ifWJBYmHgvsSixOLEk8X5iaeKDxLLE8sSKxMrEqsTqRAi50wBAyBeS4bqQP1wfCoSCoVAoHHwoEoqGG0KxcGMoHm4KJcLNoWS4JZQKpUOZUD80CA1Do9A4NAkPh6bhkdAsNA8twqOhZXgstAqPh9bhidAmPBnahqdCu/B0aB+eCR3Cs6Fj6BQ6h+dCl/B86Bq6he6hR+gZXgi9Qu/QJ/QN/cKLoX94KQwIL4eBYVAYHF4JQ8KrYWh4LQwLw8OI8HoYGUaF0WFMGBvGhfHhjTAhvBkmhrfCpDA5TAlTw7QwPcwIb4eZYVaYHd4Jc8K7YW6YF+aHBWFheC8sCovDkvB+WBo+CMvC8rAirAyrwuqwJqwN68L6sCFsDJvC5rAlbA3bwodhe9gRdoZdYXf4KOwJH4e94ZOwL3wa9ofPwoHwt3AwfB4OhS/C4fBlOBK+CkfD1+FY+CYcD9+GE+FkOBW+C6fD9+FMOBvOhR/C+fBjuBB+Chflb9aEEEIIIf4U/Qf9Pf6LnF9/EtUTADLuyHn4/+7flO2Xdu+0uVomAOCJbh0e+HWrWLF79+5/33eZhijfPABIXM6/dBv9a7wcWsBj0BqaQ7F/9Kf807F6q07n+Q/GT94MkP6fclLU5fbl8W/83fX3VqPm/P74+OsuUXIeQIF8l3PSweX48vjF/4vxszf9g/mn+3w8QLN/yskAl+PL4xeFR+BJaP0vewohhBBCCCGEEL/orcq0gz/x+TyXuZyTFi7Hv/f5XAghhBBCCCGEEP9/ebpT58cfbt26ebv/eQ1zRY6OAD8/G0lEv5zAP84KmX/Z88qfMWlI4083ruS7khBCCCGEEOK/w+Wb/t/2DbkSExJCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIVKh/xf/TuyXI+GVXqoQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQghxxfyfAAAA//+wXi8u") openat(0xffffffffffffff9c, &(0x7f0000000f80)='./file1\x00', 0x183802, 0x15) socket$igmp6(0xa, 0x3, 0x2) mount(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x98}}, 0x4008014) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) clock_settime(0x0, &(0x7f0000000240)={0x77359400}) clock_adjtime(0x0, &(0x7f0000000640)={0x7, 0x9, 0x380000, 0x8, 0xfffffffffffffff9, 0xfffffffffffffff7, 0x9, 0x0, 0xae, 0x6, 0x7, 0x4, 0xfffffffffffff04f, 0x7, 0x80000000, 0xfffffffffffffff8, 0xffffffffffffffff, 0x6, 0x0, 0x100, 0x4, 0x2, 0x5, 0x3, 0x8, 0x8}) 90.056518ms ago: executing program 0 (id=2502): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=ANY=[@ANYBLOB="10000000080211000001080211000000080211"], 0x20) 0s ago: executing program 5 (id=2503): openat$tun(0xffffffffffffff9c, 0x0, 0x40, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x10000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r1 = syz_clone(0x20000000, 0x0, 0x8, 0x0, 0x0, 0x0) ptrace(0x10, r1) ptrace(0x8, r1) r2 = syz_pidfd_open(r1, 0x0) process_mrelease(r2, 0x700000000000000) kernel console output (not intermixed with test programs): overlayfs: failed to clone lowerpath [ 254.181644][ T8668] overlayfs: failed to clone upperpath [ 254.801297][ T8603] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1314: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 255.048167][ T1310] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.060167][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.257466][ T8679] netlink: 8 bytes leftover after parsing attributes in process `syz.0.822'. [ 255.278261][ T8679] netlink: 8 bytes leftover after parsing attributes in process `syz.0.822'. [ 255.759399][ T8693] fuse: fd is not a fuse device [ 255.975623][ T5633] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 256.494321][ T8699] VFS: Mount too revealing [ 256.650501][ T8721] loop2: detected capacity change from 0 to 512 [ 256.679131][ T8721] EXT4-fs: Ignoring removed mblk_io_submit option [ 256.741609][ T8721] EXT4-fs error (device loop2): ext4_iget_extra_inode:5127: inode #15: comm syz.2.834: corrupted in-inode xattr: e_value size too large [ 256.833903][ T5649] Bluetooth: hci1: unexpected event for opcode 0x2012 [ 256.847038][ T8721] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 256.850909][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 256.866683][ C1] EXT4-fs (loop2): initial error at time 1778890670: ext4_iget_extra_inode:5127: inode 15 [ 256.876654][ C1] EXT4-fs (loop2): last error at time 1778890670: ext4_iget_extra_inode:5127: inode 15 [ 256.895287][ T8721] EXT4-fs error (device loop2): ext4_orphan_get:1400: comm syz.2.834: couldn't read orphan inode 15 (err -117) [ 256.923904][ T8721] loop2: lost filesystem error report for type 5 error -117 [ 256.977284][ T8721] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 257.441873][ T5634] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 257.893223][ T8744] netlink: 8 bytes leftover after parsing attributes in process `syz.2.842'. [ 257.954619][ T8744] netlink: 8 bytes leftover after parsing attributes in process `syz.2.842'. [ 258.401682][ T8755] netlink: 8 bytes leftover after parsing attributes in process `syz.1.849'. [ 258.433393][ T8755] netlink: 8 bytes leftover after parsing attributes in process `syz.1.849'. [ 259.461833][ T8779] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 259.708640][ T8774] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 260.306490][ T8805] loop1: detected capacity change from 0 to 64 [ 260.868679][ T8810] fuse: fd is not a fuse device [ 260.877908][ T5649] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 260.889700][ T5649] Bluetooth: hci1: Injecting HCI hardware error event [ 260.899433][ T5652] Bluetooth: hci1: hardware error 0x00 [ 261.719308][ T8827] overlayfs: failed to set uuid (133/file1, err=-1); falling back to uuid=null. [ 261.764477][ T8827] overlayfs: failed to verify upper root origin [ 261.882874][ T8823] loop1: detected capacity change from 0 to 8192 [ 262.176604][ T8833] faux_driver vgem: [drm] Unknown color mode 181; guessing buffer size. [ 263.110931][ T5652] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 263.964158][ T8868] : entered promiscuous mode [ 265.183291][ T8888] netlink: 8 bytes leftover after parsing attributes in process `syz.5.888'. [ 265.287715][ T8888] netlink: 8 bytes leftover after parsing attributes in process `syz.5.888'. [ 265.833876][ T8892] fuse: fd is not a fuse device [ 266.644973][ T8909] loop1: detected capacity change from 0 to 64 [ 267.697809][ T8922] netlink: 27 bytes leftover after parsing attributes in process `syz.4.902'. [ 268.132560][ T8928] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 268.265059][ T8928] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 269.124505][ T8948] fuse: fd is not a fuse device [ 271.335315][ T8999] fuse: fd is not a fuse device [ 271.889859][ T9007] overlayfs: failed to clone upperpath [ 272.216461][ T9012] ref_ctr_offset mismatch. inode: 0x37b offset: 0x0 ref_ctr_offset(old): 0xffffffff00 ref_ctr_offset(new): 0x0 [ 272.734387][ T9021] overlayfs: failed to clone upperpath [ 272.827416][ T9023] loop3: detected capacity change from 0 to 2048 [ 272.874429][ T9023] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 272.967267][ T9026] netlink: 'syz.1.932': attribute type 1 has an invalid length. [ 273.178943][ T9032] bond3: (slave veth3): Enslaving as an active interface with a down link [ 273.222930][ T9037] netlink: 'syz.1.932': attribute type 10 has an invalid length. [ 273.259629][ T9037] netlink: 40 bytes leftover after parsing attributes in process `syz.1.932'. [ 273.349525][ T9026] bond3: (slave dummy0): making interface the new active one [ 273.369611][ T9026] bond3: (slave dummy0): Enslaving as an active interface with an up link [ 273.396382][ T9037] dummy0: entered promiscuous mode [ 273.423036][ T9037] bond3: (slave dummy0): Releasing active interface [ 273.825777][ T9055] netlink: 1272 bytes leftover after parsing attributes in process `syz.4.938'. [ 274.536256][ T9061] sd 0:0:1:0: PR command failed: 1026 [ 274.571155][ T9061] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 274.620310][ T9061] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 276.976670][ T9100] netlink: 'syz.5.955': attribute type 1 has an invalid length. [ 277.084453][ T9105] loop3: detected capacity change from 0 to 128 [ 277.188853][ T9100] bond2: entered promiscuous mode [ 277.228092][ T9100] 8021q: adding VLAN 0 to HW filter on device bond2 [ 277.268230][ T9105] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 277.349903][ T9105] ext4 filesystem being mounted at /170/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 277.425959][ T9103] bond2: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 277.502316][ T9103] bond2: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 277.607919][ T9103] bond2: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode [ 279.345533][ T31] audit: type=1800 audit(1778890693.011:12): pid=9105 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.957" name="file1" dev="loop3" ino=12 res=0 errno=0 [ 279.627445][ T5633] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 280.025752][ T9150] netlink: 8 bytes leftover after parsing attributes in process `syz.3.972'. [ 280.084456][ T9150] netlink: 8 bytes leftover after parsing attributes in process `syz.3.972'. [ 280.559174][ T9161] loop3: detected capacity change from 0 to 8 [ 280.747896][ T9161] SQUASHFS error: zlib decompression failed, data probably corrupt [ 280.819197][ T9161] SQUASHFS error: Failed to read block 0x9b: -5 [ 280.852780][ T9161] SQUASHFS error: Unable to read metadata cache entry [99] [ 280.897906][ T9161] SQUASHFS error: Unable to read inode 0x127 [ 282.279356][ T9180] loop3: detected capacity change from 0 to 32768 [ 282.286822][ T9180] btrfs: Deprecated parameter 'usebackuproot' [ 282.292969][ T9180] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 282.318316][ T9180] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.981 (9180) [ 282.353599][ T9180] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 282.363779][ T9180] BTRFS info (device loop3): using crc32c checksum algorithm [ 282.445494][ T37] BTRFS warning (device loop3): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 282.598677][ T9180] BTRFS error (device loop3): failed to load root extent [ 282.605844][ T9180] BTRFS warning (device loop3): try to load backup roots slot 1 [ 282.614489][ T6998] BTRFS warning (device loop3): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 282.677542][ T9180] BTRFS warning (device loop3): couldn't read tree root [ 282.688811][ T9180] BTRFS warning (device loop3): try to load backup roots slot 2 [ 282.701562][ T3337] BTRFS error (device loop3): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 282.785098][ T9180] BTRFS warning (device loop3): couldn't read tree root [ 282.793516][ T9180] BTRFS warning (device loop3): try to load backup roots slot 3 [ 282.824681][ T9180] BTRFS info (device loop3): rebuilding free space tree [ 282.997573][ T9180] BTRFS info (device loop3): checking UUID tree [ 283.005997][ T9180] BTRFS info (device loop3): enabling ssd optimizations [ 283.013049][ T9180] BTRFS info (device loop3): turning on async discard [ 283.019893][ T9180] BTRFS info (device loop3): enabling free space tree [ 283.026830][ T9180] BTRFS info (device loop3): force clearing of disk cache [ 283.034804][ T9180] BTRFS info (device loop3): enabling auto defrag [ 283.041308][ T9180] BTRFS info (device loop3): trying to use backup root at mount time [ 283.049410][ T9180] BTRFS info (device loop3): use zlib compression, level 3 [ 283.946885][ T5633] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 284.031005][ T9229] syz.0.986 uses obsolete (PF_INET,SOCK_PACKET) [ 284.970326][ T9247] loop2: detected capacity change from 0 to 8 [ 285.005353][ T9247] SQUASHFS error: zlib decompression failed, data probably corrupt [ 285.050097][ T9247] SQUASHFS error: Failed to read block 0x9b: -5 [ 285.069782][ T9247] SQUASHFS error: Unable to read metadata cache entry [99] [ 285.097731][ T9247] SQUASHFS error: Unable to read inode 0x127 [ 285.874282][ T9269] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 285.920440][ T9269] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 285.963369][ T9271] fuse: fd is not a fuse device [ 286.171057][ T9273] fuse: fd is not a fuse device [ 286.449600][ T9279] fuse: fd is not a fuse device [ 287.982585][ T9299] fuse: fd is not a fuse device [ 289.330070][ T9317] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 289.486495][ T9321] netlink: 'syz.3.1017': attribute type 39 has an invalid length. [ 290.631751][ T9343] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1024'. [ 292.130092][ T9359] loop2: detected capacity change from 0 to 512 [ 292.162452][ T9361] loop1: detected capacity change from 0 to 128 [ 292.202014][ T9359] EXT4-fs error (device loop2): ext4_get_journal_inode:5896: comm syz.2.1031: inode #1792: comm syz.2.1031: iget: illegal inode # [ 292.236813][ T9361] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 292.291692][ T9359] loop2: lost filesystem error report for type 5 error -117 [ 292.292232][ T9359] EXT4-fs (loop2): Remounting filesystem read-only [ 292.306282][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 292.306316][ C0] EXT4-fs (loop2): initial error at time 1778890705: ext4_get_journal_inode:5896 [ 292.306367][ C0] EXT4-fs (loop2): last error at time 1778890705: ext4_get_journal_inode:5896 [ 292.334933][ T9361] ext4 filesystem being mounted at /153/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 292.430871][ T9359] EXT4-fs (loop2): no journal found [ 292.448047][ T9359] EXT4-fs (loop2): can't get journal size [ 292.509598][ T9359] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 292.539012][ T9359] EXT4-fs (loop2): Errors on filesystem, clearing orphan list. [ 292.611921][ T9359] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 292.657770][ T5640] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 292.851742][ T5634] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 293.237684][ T9385] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 293.437314][ T3282] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 293.981353][ T24] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 294.153120][ T24] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 294.185002][ T24] usb 3-1: config 1 has an invalid interface number: 247 but max is 65 [ 294.213627][ T24] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 294.239373][ T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 294.258756][ T24] usb 3-1: config 1 has no interface number 0 [ 294.274402][ T24] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 294.292246][ T24] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 294.310744][ T24] usb 3-1: Product: syz [ 294.324233][ T24] usb 3-1: Manufacturer: syz [ 294.559073][ T9397] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 294.606721][ T9397] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 294.641416][ T24] usb 3-1: USB disconnect, device number 6 [ 296.594217][ T9437] loop1: detected capacity change from 0 to 4096 [ 296.764644][ T31] audit: type=1800 audit(1778890710.431:13): pid=9437 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1067" name="file1" dev="loop1" ino=33 res=0 errno=0 [ 297.692681][ T9453] netlink: 1276 bytes leftover after parsing attributes in process `syz.5.1058'. [ 299.416653][ T9472] fuse: fd is not a fuse device [ 301.227247][ T9518] overlayfs: failed to clone upperpath [ 301.592943][ T9528] netlink: 'syz.4.1078': attribute type 1 has an invalid length. [ 301.631526][ T31] audit: type=1800 audit(1778890715.291:14): pid=9507 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1072" name="/" dev="fuse" ino=9 res=0 errno=0 [ 301.884194][ T9528] bond4: entered promiscuous mode [ 301.913373][ T9528] 8021q: adding VLAN 0 to HW filter on device bond4 [ 301.991530][ T9532] bond4: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 302.088462][ T9532] bond4: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 302.126766][ T9532] bond4: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode [ 303.831520][ T9563] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 304.526339][ T9560] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 304.568820][ T9568] ***************************************************** [ 304.630528][ T9568] ORANGEFS Device Error: You cannot open the device file [ 304.630556][ T9568] [ 304.630556][ T9568] /dev/pvfs2-req more than once. Please make sure that [ 304.630556][ T9568] there are no [ 304.688687][ T9568] instances of a program using this device [ 304.688687][ T9568] currently running. (You must verify this!) [ 304.810699][ T9568] For example, you can use the lsof program as follows: [ 304.900754][ T9568] 'lsof | grep pvfs2-req' (run this as root) [ 304.987908][ T9568] open_access_count = 1 [ 305.020937][ T9568] ***************************************************** [ 305.558014][ T9593] binder: 9591:9593 unknown command 0 [ 305.609959][ T9593] binder: 9591:9593 ioctl c0306201 200000000080 returned -22 [ 305.646813][ T9598] Bluetooth: (null): Out-of-order packet arrived (4 != 0) [ 306.651431][ T5782] usb 2-1: new low-speed USB device number 6 using dummy_hcd [ 306.823347][ T5782] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 306.837409][ T5782] usb 2-1: config 0 has no interface number 0 [ 306.845857][ T5782] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 306.858180][ T5782] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 306.869367][ T5782] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 306.881669][ T5782] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.982993][ T5782] usb 2-1: config 0 descriptor?? [ 307.462784][ T9612] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 307.560495][ T5782] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 307.942604][ T5873] usb 2-1: USB disconnect, device number 6 [ 307.942698][ C0] iowarrior 2-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 311.462251][ T9724] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1116'. [ 314.623186][ T9793] overlayfs: failed to clone upperpath [ 315.116604][ T9809] random: crng reseeded on system resumption [ 315.725774][ T9824] ***************************************************** [ 315.755325][ T9824] ORANGEFS Device Error: You cannot open the device file [ 315.755351][ T9824] [ 315.755351][ T9824] /dev/pvfs2-req more than once. Please make sure that [ 315.755351][ T9824] there are no [ 315.782266][ T9824] instances of a program using this device [ 315.782266][ T9824] currently running. (You must verify this!) [ 315.850320][ T9824] For example, you can use the lsof program as follows: [ 315.880165][ T9824] 'lsof | grep pvfs2-req' (run this as root) [ 315.895196][ T9824] open_access_count = 1 [ 315.915523][ T9824] ***************************************************** [ 316.070508][ T9835] fuse: fd is not a fuse device [ 316.323047][ T9802] loop1: detected capacity change from 0 to 32768 [ 316.409907][ T9802] loop1: p1 < > p3 < p5 p6 > p4 [ 316.479903][ T1310] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.488292][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.489636][ T9802] loop1: p4 start 4294967295 is beyond EOD, truncated [ 316.547283][ T9802] loop1: p6 start 2164271104 is beyond EOD, truncated [ 316.998610][ T9815] bond2: left promiscuous mode [ 317.028523][ T9815] bond3: left promiscuous mode [ 317.039602][ T9815] bond3: left allmulticast mode [ 317.063799][ T9815] erspan1: left allmulticast mode [ 317.136891][ T9825] pimreg: entered allmulticast mode [ 317.191584][ T9826] pimreg: left allmulticast mode [ 318.092313][ T9886] overlayfs: failed to clone upperpath [ 318.253636][ T6998] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.399851][ T6998] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.418995][ T6389] udevd[6389]: inotify_add_watch(7, /dev/loop1p5, 10) failed: No such file or directory [ 318.436540][ T6061] udevd[6061]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 318.452563][ T5901] udevd[5901]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 318.479769][ T6998] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.541617][ T9893] fuse: fd is not a fuse device [ 318.630000][ T6998] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 319.016672][ T9910] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1161'. [ 319.503449][ T9927] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1167'. [ 319.602112][ T9930] overlayfs: failed to clone lowerpath [ 322.040494][ T9981] fuse: fd is not a fuse device [ 322.445885][ T9992] fuse: fd is not a fuse device [ 323.754319][T10018] fuse: fd is not a fuse device [ 325.118490][T10040] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1205'. [ 325.156167][T10040] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1205'. [ 325.990547][T10045] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 327.843050][T10066] loop1: detected capacity change from 0 to 8 [ 327.911046][T10066] SQUASHFS error: zlib decompression failed, data probably corrupt [ 327.933308][T10066] SQUASHFS error: Failed to read block 0x9b: -5 [ 327.946797][T10066] SQUASHFS error: Unable to read metadata cache entry [99] [ 327.976000][T10066] SQUASHFS error: Unable to read inode 0x127 [ 329.472098][T10084] input: syz0 as /devices/virtual/input/input9 [ 331.583046][T10107] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1225'. [ 333.983205][T10136] dummy0: entered allmulticast mode [ 334.043876][T10135] dummy0: left allmulticast mode [ 334.179278][T10140] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1235'. [ 334.254225][T10140] unsupported nlmsg_type 40 [ 337.754001][T10190] binder: 10189:10190 unknown command 0 [ 337.790199][T10190] binder: 10189:10190 ioctl c0306201 200000000080 returned -22 [ 338.441252][T10200] Cannot find add_set index 2 as target [ 339.716844][T10215] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1259'. [ 341.477883][T10237] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1279'. [ 342.310246][T10246] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1279'. [ 343.860723][ T24] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 344.058610][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 344.084852][ T24] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 344.111553][ T24] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 344.129087][ T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 344.158642][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 344.175882][ T24] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 344.204324][ T24] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 344.237552][ T24] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 344.255757][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.289846][ T24] usb 4-1: config 0 descriptor?? [ 344.598841][ T24] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 7 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 344.673464][ T24] usb 4-1: USB disconnect, device number 7 [ 344.804896][ T24] usblp0: removed [ 344.890943][ T5782] usb 3-1: new low-speed USB device number 7 using dummy_hcd [ 345.074507][ T5782] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 345.097130][ T5782] usb 3-1: config 0 has no interface number 0 [ 345.130432][ T5782] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 345.177954][ T5782] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 345.210522][ T5782] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 345.239360][ T5782] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.282928][ T5782] usb 3-1: config 0 descriptor?? [ 345.302323][T10280] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 345.354030][ T5782] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 345.379640][ T24] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 345.601590][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 345.666895][ T24] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 345.717411][ T24] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 345.768671][ T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 345.818128][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 345.867218][ T24] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 345.870793][ T5782] usb 3-1: USB disconnect, device number 7 [ 345.877343][ C1] iowarrior 3-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 345.949428][ T24] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 345.996536][ T24] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 346.044917][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 346.087528][ T24] usb 4-1: config 0 descriptor?? [ 346.393845][ T24] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 8 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 347.270031][T10302] loop2: detected capacity change from 0 to 1024 [ 347.476633][T10302] hfsplus: request for non-existent node 33423360 in B*Tree [ 347.529042][T10302] hfsplus: request for non-existent node 33423360 in B*Tree [ 347.647165][T10304] hfsplus: request for non-existent node 33423360 in B*Tree [ 347.691029][T10304] hfsplus: request for non-existent node 33423360 in B*Tree [ 347.724210][T10307] syz_tun: entered allmulticast mode [ 347.807226][T10307] dvmrp1: entered allmulticast mode [ 347.826779][ T5820] usb 4-1: USB disconnect, device number 8 [ 347.874158][ T5820] usblp0: removed [ 347.918403][T10305] hfsplus: request for non-existent node 33423360 in B*Tree [ 347.932358][T10306] syz_tun: left allmulticast mode [ 347.976870][T10305] hfsplus: request for non-existent node 33423360 in B*Tree [ 348.059032][T10302] hfsplus: request for non-existent node 33423360 in B*Tree [ 348.103956][T10302] hfsplus: request for non-existent node 33423360 in B*Tree [ 348.187925][T10303] hfsplus: request for non-existent node 33423360 in B*Tree [ 348.210887][T10303] hfsplus: request for non-existent node 33423360 in B*Tree [ 348.297751][T10304] hfsplus: request for non-existent node 33423360 in B*Tree [ 348.313773][T10304] hfsplus: request for non-existent node 33423360 in B*Tree [ 348.368922][T10315] hfsplus: request for non-existent node 33423360 in B*Tree [ 348.396372][T10315] hfsplus: request for non-existent node 33423360 in B*Tree [ 348.757371][T10335] fuse: fd is not a fuse device [ 349.916698][T10341] vlan0: left allmulticast mode [ 349.930408][T10341] veth0_vlan: left allmulticast mode [ 349.944560][T10341] vlan0: left promiscuous mode [ 350.009228][ T1119] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.024151][ T1119] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.045690][ T1119] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.079321][ T1119] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.279267][T10359] fuse: fd is not a fuse device [ 350.378883][T10361] Bluetooth: MGMT ver 1.23 [ 350.428456][T10363] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1312'. [ 350.629901][T10369] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1314'. [ 350.814647][T10374] xt_hashlimit: size too large, truncated to 1048576 [ 351.926091][T10388] loop3: detected capacity change from 0 to 8192 [ 352.001578][T10388] loop3: p1 p2[DM] p3 p4 [ 352.019101][T10388] loop3: p1 size 196608 extends beyond EOD, truncated [ 352.056249][T10388] loop3: p2 start 4292936063 is beyond EOD, truncated [ 352.062437][ T24] libceph: connect (1)[c::]:6789 error -101 [ 352.071372][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 352.077422][T10388] loop3: p3 start 83886144 is beyond EOD, truncated [ 352.087655][T10388] loop3: p4 size 50331648 extends beyond EOD, truncated [ 352.135361][T10402] ceph: No mds server is up or the cluster is laggy [ 352.757344][ T5901] udevd[5901]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 352.768272][ T6061] udevd[6061]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 353.037278][ T5652] Bluetooth: hci0: Unknown advertising packet type: 0x19 [ 353.037341][ T5652] Bluetooth: hci0: Unknown advertising packet type: 0x1f [ 353.613605][T10427] dummy0: left promiscuous mode [ 354.139986][T10448] mmap: syz.4.1343 (10448) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 355.219891][T10427] ip6gre1: left promiscuous mode [ 355.325965][T10427] 8021q: adding VLAN 0 to HW filter on device bond3 [ 355.713528][T10439] loop3: detected capacity change from 0 to 32768 [ 355.755112][T10439] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1338 (10439) [ 355.828976][ T1113] bond3: (slave veth3): link status definitely up, 10000 Mbps full duplex [ 355.850903][T10467] loop1: detected capacity change from 0 to 512 [ 355.851507][T10439] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 355.888803][T10467] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 355.901885][ T1113] bond3: (slave veth3): making interface the new active one [ 355.935937][T10439] BTRFS info (device loop3): using blake2b checksum algorithm [ 355.969156][T10467] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz.1.1349: iget: bad i_size value: 38620345925642 [ 355.993109][ T1113] bond3: active interface up! [ 356.054993][T10467] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 356.058298][T10467] EXT4-fs error (device loop1): ext4_orphan_get:1400: comm syz.1.1349: couldn't read orphan inode 15 (err -117) [ 356.067561][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 356.067596][ C1] EXT4-fs (loop1): initial error at time 1778890769: ext4_orphan_get:1397: inode 15 [ 356.067652][ C1] EXT4-fs (loop1): last error at time 1778890769: ext4_orphan_get:1397: inode 15 [ 356.106643][T10467] loop1: lost filesystem error report for type 5 error -117 [ 356.114660][T10467] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 356.204063][T10439] BTRFS info (device loop3): enabling ssd optimizations [ 356.214969][T10439] BTRFS info (device loop3): turning on async discard [ 356.222494][T10439] BTRFS info (device loop3): enabling free space tree [ 356.231802][T10439] BTRFS info (device loop3): use zstd compression, level 3 [ 356.439876][T10467] EXT4-fs error (device loop1): ext4_validate_block_bitmap:431: comm syz.1.1349: bg 0: block 5: invalid block bitmap [ 356.492953][T10467] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 368 with error 28 [ 356.557131][T10467] EXT4-fs (loop1): This should not happen!! Data will be lost [ 356.557131][T10467] [ 356.621057][T10467] EXT4-fs (loop1): Total free blocks count 0 [ 356.629670][T10467] EXT4-fs (loop1): Free/Dirty block details [ 356.655800][T10467] EXT4-fs (loop1): free_blocks=0 [ 356.704660][T10467] EXT4-fs (loop1): dirty_blocks=368 [ 356.733176][T10467] EXT4-fs (loop1): Block reservation details [ 356.752707][T10467] EXT4-fs (loop1): i_reserved_data_blocks=368 [ 357.025401][ T5640] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 357.156576][ T5633] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 358.543433][ T31] audit: type=1804 audit(1778890772.211:15): pid=10523 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.1362" name="file0" dev="tmpfs" ino=1301 res=1 errno=0 [ 361.218529][T10552] loop2: detected capacity change from 0 to 256 [ 362.200342][T10565] io-wq is not configured for unbound workers [ 362.212894][T10568] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.1379'. [ 362.238976][ T5782] IPVS: starting estimator thread 0... [ 362.266585][T10567] IPVS: sed: FWM 3 0x00000003 - no destination available [ 362.370753][T10572] IPVS: using max 22 ests per chain, 52800 per kthread [ 362.844874][T10583] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1383'. [ 363.057137][T10586] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1383'. [ 363.512363][T10592] geneve2: entered promiscuous mode [ 364.478089][ T9] IPVS: starting estimator thread 0... [ 364.487882][T10616] IPVS: sed: FWM 3 0x00000003 - no destination available [ 364.580800][T10617] IPVS: using max 30 ests per chain, 72000 per kthread [ 366.088490][T10630] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1400'. [ 366.281684][T10636] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1400'. [ 366.636608][T10643] binder: 10642:10643 ioctl c0306201 200000000080 returned -14 [ 366.669957][T10643] binder: 10642:10643 ioctl c0306201 2000000003c0 returned -14 [ 371.407785][T10692] fuse: fd is not a fuse device [ 373.570143][ T13] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 373.590172][ T13] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 373.612521][ T13] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 373.636627][ T13] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 375.357887][T10766] loop1: detected capacity change from 0 to 512 [ 375.624459][T10774] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 376.743814][T10787] loop3: detected capacity change from 0 to 16 [ 376.919476][T10787] erofs (device loop3): mounted with root inode @ nid 36. [ 377.914293][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.809869][T10814] fuse: fd is not a fuse device [ 380.483151][T10820] binder: 10819:10820 ioctl c0306201 200000000680 returned -14 [ 380.639234][T10810] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1456'. [ 382.292482][T10853] netlink: 'syz.4.1473': attribute type 10 has an invalid length. [ 382.353730][T10853] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 382.625457][T10861] loop3: detected capacity change from 0 to 512 [ 382.760902][T10861] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 382.867073][T10861] EXT4-fs (loop3): orphan cleanup on readonly fs [ 382.916636][T10861] EXT4-fs error (device loop3): ext4_orphan_get:1423: comm syz.3.1477: bad orphan inode 15 [ 382.970200][T10861] loop3: lost filesystem error report for type 5 error -117 [ 382.970974][ C1] EXT4-fs (loop3): initial error at time 1778890796: ext4_orphan_get:1423 [ 382.986954][ C1] EXT4-fs (loop3): last error at time 1778890796: ext4_orphan_get:1423 [ 383.025384][T10861] ext4_test_bit(bit=14, block=18) = 1 [ 383.052301][T10861] is_bad_inode(inode)=0 [ 383.090750][T10861] NEXT_ORPHAN(inode)=1023 [ 383.125668][T10861] max_ino=32 [ 383.140515][T10861] i_nlink=0 [ 383.197947][T10861] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2972: inode #15: comm syz.3.1477: corrupted xattr block 19: e_value size too large [ 383.256251][T10861] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 383.259080][T10861] EXT4-fs warning (device loop3): ext4_evict_inode:287: xattr delete (err -117) [ 383.339257][T10861] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0009-000000000000 ro without journal. Quota mode: none. [ 383.603910][T10861] EXT4-fs error (device loop3): ext4_lookup:1787: inode #2: comm syz.3.1477: deleted inode referenced: 15 [ 383.737675][T10883] erspan0: entered promiscuous mode [ 384.265517][ T5633] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0009-000000000000. [ 384.405758][T10899] overlayfs: failed to clone upperpath [ 384.644278][T10904] overlayfs: failed to clone upperpath [ 384.682402][T10906] netlink: 'syz.1.1491': attribute type 10 has an invalid length. [ 384.758157][T10906] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 384.815316][T10911] fuse: fd is not a fuse device [ 385.311091][T10735] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 385.474481][T10735] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 385.538267][T10735] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 385.566797][T10735] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 385.604293][T10735] usb 2-1: Product: syz [ 385.623043][T10735] usb 2-1: Manufacturer: syz [ 385.653388][T10735] usb 2-1: SerialNumber: syz [ 385.950269][T10735] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 386.266669][T10738] usb 2-1: USB disconnect, device number 7 [ 386.349651][T10738] usblp0: removed [ 387.269293][T10938] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1503'. [ 387.594901][T10940] tipc: Started in network mode [ 387.617193][T10940] tipc: Node identity 4, cluster identity 4711 [ 387.658478][T10940] tipc: Node number set to 4 [ 387.688894][T10938] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1503'. [ 387.726542][T10938] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1503'. [ 388.125678][T10949] ref_ctr increment failed for inode: 0x4aa offset: 0x5 ref_ctr_offset: 0x1000 of mm: 0xffff8880372fa4c0 [ 388.841903][T10968] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1515'. [ 389.178478][T10975] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1515'. [ 391.286638][T10983] loop1: detected capacity change from 0 to 4096 [ 391.526279][T10983] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 391.558792][T10983] ntfs3(loop1): ino=3, ntfs_set_state failed, -22. [ 391.578358][T10983] ntfs3(loop1): Failed to initialize $Extend/$ObjId. [ 391.872433][ T31] audit: type=1800 audit(1778890805.541:16): pid=11001 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1519" name="file1" dev="loop1" ino=33 res=0 errno=0 [ 392.056039][ T6005] ntfs3(loop1): ino=3, ntfs3_write_inode failed, -22. [ 392.204491][T11007] fuse: fd is not a fuse device [ 393.584345][T10710] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 393.766763][T10710] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 393.819452][T10710] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 393.850141][T10710] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 393.877101][T10710] usb 4-1: Product: syz [ 393.886806][T11021] loop1: detected capacity change from 0 to 32768 [ 393.894976][T10710] usb 4-1: Manufacturer: syz [ 393.905088][T10710] usb 4-1: SerialNumber: syz [ 393.918066][T11021] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1530 (11021) [ 394.020307][T11021] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 394.057383][T11021] BTRFS info (device loop1): using blake2b checksum algorithm [ 394.317791][T10710] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 9 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 394.365659][T11021] BTRFS info (device loop1): enabling ssd optimizations [ 394.405651][T11021] BTRFS info (device loop1): turning on async discard [ 394.440745][T11021] BTRFS info (device loop1): enabling free space tree [ 394.461067][T11021] BTRFS info (device loop1): use zstd compression, level 3 [ 394.890676][T10735] usb 4-1: USB disconnect, device number 9 [ 394.922905][ T31] audit: type=1804 audit(1778890808.591:17): pid=11063 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1530" name="/newroot/223/file0/bus" dev="loop1" ino=264 res=1 errno=0 [ 394.955793][T10735] usblp0: removed [ 395.053044][ T31] audit: type=1804 audit(1778890808.611:18): pid=11021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1530" name="/newroot/223/file0/bus" dev="loop1" ino=264 res=1 errno=0 [ 395.352411][T11069] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1543'. [ 395.382183][ T5640] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 395.816188][ T1113] bond0: (slave bridge0): interface is now down [ 395.864403][T11074] ref_ctr increment failed for inode: 0x54c offset: 0x5 ref_ctr_offset: 0x1000 of mm: 0xffff888022370000 [ 395.925484][ T1113] bond0: now running without any active interface! [ 396.257027][T11088] fuse: fd is not a fuse device [ 396.550937][ T986] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 396.737581][ T986] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 396.805157][ T986] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 396.889506][ T986] usb 2-1: New USB device found, idVendor=18d1, idProduct=503c, bcdDevice= 0.00 [ 396.911738][ T986] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 397.732797][ T986] usb 2-1: config 0 descriptor?? [ 398.298981][ T986] hid-generic 0003:18D1:503C.0004: hidraw0: USB HID ve6.e6 Device [HID 18d1:503c] on usb-dummy_hcd.1-1/input0 [ 398.538458][ T986] usb 2-1: USB disconnect, device number 8 [ 398.652221][T11122] fido_id[11122]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 398.912676][T11144] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1570'. [ 399.650431][T11173] fuse: fd is not a fuse device [ 399.679936][T11173] overlayfs: failed to clone upperpath [ 400.057043][T11181] trusted_key: encrypted_key: keyword 'load' not allowed when called from .update method [ 400.116339][T11181] netlink: 'syz.4.1584': attribute type 7 has an invalid length. [ 400.326891][T11192] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1588'. [ 400.669721][T11208] netlink: 124 bytes leftover after parsing attributes in process `syz.5.1594'. [ 400.859676][T11215] fuse: fd is not a fuse device [ 400.938791][T11217] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1596'. [ 401.031764][T11212] bond3: (slave veth3): Enslaving as an active interface with an up link [ 401.077262][T11217] bond3: entered promiscuous mode [ 401.103876][T11217] veth3: entered promiscuous mode [ 401.120673][T11217] bond3: entered allmulticast mode [ 401.134024][T11217] veth3: entered allmulticast mode [ 401.148113][T11217] 8021q: adding VLAN 0 to HW filter on device bond3 [ 403.113742][T11250] fuse: fd is not a fuse device [ 403.314294][ T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 403.357313][ T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 403.725624][ T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 403.749352][ T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 404.003399][ T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 404.035567][ T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 404.261849][ T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 404.294979][ T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 406.277553][T11286] sg_write: data in/out 404444/42 bytes for SCSI command 0x0-- guessing data in; [ 406.277553][T11286] program syz.3.1621 not setting count and/or reply_len properly [ 406.363603][ T5862] kernel read not supported for file inotify (pid: 5862 comm: kworker/1:7) [ 406.937562][T11304] netlink: 164 bytes leftover after parsing attributes in process `syz.4.1625'. [ 407.241091][ T5649] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 407.276358][ T5649] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 407.285288][ T5649] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 407.299752][ T5649] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 407.308333][ T5649] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 407.613298][ T13] bond1 (unregistering): (slave geneve2): Releasing active interface [ 407.659713][ T13] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 407.818471][ T13] bond0 (unregistering): Released all slaves [ 407.834516][ T13] bond1 (unregistering): Released all slaves [ 407.854838][ T13] team0: Port device bond2 removed [ 407.865004][ T13] bond2 (unregistering): Released all slaves [ 407.889138][ T13] bond3 (unregistering): (slave veth3): Releasing active interface [ 407.901814][ T13] bond3 (unregistering): Released all slaves [ 407.928284][ T5287] 8021q: adding VLAN 0 to HW filter on device eth1 [ 408.050870][ T13] tipc: Left network mode [ 408.620074][ T13] hsr_slave_0: left promiscuous mode [ 408.626840][ T13] hsr_slave_1: left promiscuous mode [ 408.664407][ T13] veth1_macvtap: left promiscuous mode [ 408.671307][ T13] veth0_macvtap: left promiscuous mode [ 408.676982][ T13] veth1_vlan: left promiscuous mode [ 408.687519][ T13] ve: left promiscuous mode [ 409.258002][ T5287] 8021q: adding VLAN 0 to HW filter on device eth2 [ 409.350797][ T5652] Bluetooth: hci5: command tx timeout [ 409.712469][T11314] bridge0: port 1(bridge_slave_0) entered blocking state [ 409.719842][T11314] bridge0: port 1(bridge_slave_0) entered disabled state [ 409.727246][T11314] bridge_slave_0: entered allmulticast mode [ 409.735506][T11314] bridge_slave_0: entered promiscuous mode [ 409.749165][T11314] bridge0: port 2(bridge_slave_1) entered blocking state [ 409.764160][T11314] bridge0: port 2(bridge_slave_1) entered disabled state [ 409.771950][T11314] bridge_slave_1: entered allmulticast mode [ 409.780179][T11314] bridge_slave_1: entered promiscuous mode [ 409.845755][T11314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 409.863604][T11314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 409.951632][T11314] team0: Port device team_slave_0 added [ 409.960209][T11314] team0: Port device team_slave_1 added [ 410.018920][T11314] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 410.026867][T11314] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 410.053935][T11314] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 410.067355][T11314] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 410.074974][T11314] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 410.104280][T11314] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 410.170821][T11314] hsr_slave_0: entered promiscuous mode [ 410.177739][T11314] hsr_slave_1: entered promiscuous mode [ 410.184754][T11314] debugfs: 'hsr0' already exists in 'hsr' [ 410.192561][T11314] Cannot create hsr debugfs directory [ 410.349753][ T5287] 8021q: adding VLAN 0 to HW filter on device eth3 [ 410.488290][T11314] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 410.500417][T11314] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 410.509228][T11314] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 410.530270][T11314] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 410.552002][T11314] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 410.570008][T11314] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 410.579549][T11314] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 410.592261][T11314] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 410.717030][T11314] 8021q: adding VLAN 0 to HW filter on device bond0 [ 410.752696][T11314] 8021q: adding VLAN 0 to HW filter on device team0 [ 410.768353][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 410.775593][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 410.803924][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 410.811138][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 411.126505][ T5287] 8021q: adding VLAN 0 to HW filter on device eth4 [ 411.431139][ T5652] Bluetooth: hci5: command tx timeout [ 411.512074][T11314] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 411.884762][T11314] veth0_vlan: entered promiscuous mode [ 411.900401][T11314] veth1_vlan: entered promiscuous mode [ 411.953446][T11314] veth0_macvtap: entered promiscuous mode [ 411.966114][T11314] veth1_macvtap: entered promiscuous mode [ 412.003066][T11314] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 412.027313][T11314] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 412.046798][ T136] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.066022][ T136] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.076640][ T136] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.087918][ T136] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.283226][ T6005] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 412.300696][ T6005] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 412.351764][ T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 412.360820][ T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 412.576857][T11434] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1644'. [ 412.607775][T11437] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1643'. [ 413.510960][ T5652] Bluetooth: hci5: command tx timeout [ 415.590969][ T5652] Bluetooth: hci5: command tx timeout [ 418.351219][T11539] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1656'. [ 418.864456][T11545] fuse: fd is not a fuse device [ 419.211029][T11534] bond4: (slave veth3): Enslaving as an active interface with an up link [ 419.375529][T11539] bond4: entered promiscuous mode [ 419.404303][T11539] veth3: entered promiscuous mode [ 419.422770][T11539] bond4: entered allmulticast mode [ 419.435271][T11545] overlayfs: failed to clone upperpath [ 419.514192][T11539] veth3: entered allmulticast mode [ 419.663685][T11539] 8021q: adding VLAN 0 to HW filter on device bond4 [ 420.538779][T11546] mac80211_hwsim hwsim4 syzkaller0: entered promiscuous mode [ 420.825854][T11563] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1663'. [ 420.860714][T11563] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1663'. [ 420.906062][T11569] fuse: fd is not a fuse device [ 425.760071][T11610] fuse: fd is not a fuse device [ 425.836596][T11610] overlayfs: failed to clone upperpath [ 425.906477][T11614] fuse: fd is not a fuse device [ 425.997957][T11618] binder: 11617:11618 ioctl c0306201 200000000080 returned -14 [ 426.079048][T11618] binder: 11617:11618 ioctl c0306201 2000000003c0 returned -14 [ 426.676950][T11638] fuse: fd is not a fuse device [ 426.760872][T10736] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 426.929336][T10736] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 426.964497][T10736] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 426.990415][T10736] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 427.036911][T10736] usb 4-1: config 220 has no interface number 2 [ 427.073942][T10736] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 427.142135][T10736] usb 4-1: config 220 interface 0 has no altsetting 0 [ 427.205441][T10736] usb 4-1: config 220 interface 76 has no altsetting 0 [ 427.250825][T10736] usb 4-1: config 220 interface 1 has no altsetting 0 [ 427.308825][T10736] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 427.357230][T10736] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 427.386918][T10736] usb 4-1: Product: syz [ 427.405665][T10736] usb 4-1: Manufacturer: syz [ 427.423229][T10736] usb 4-1: SerialNumber: syz [ 427.701176][T11662] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1694'. [ 427.725030][T11634] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 427.745815][T11634] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 427.815159][T11634] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 427.859298][T11634] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 427.862630][T11667] fuse: fd is not a fuse device [ 427.935450][T11662] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1694'. [ 427.979681][T10736] uvcvideo 4-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 428.013268][T10736] uvcvideo 4-1:220.0: No valid video chain found. [ 428.036007][T10736] usb 4-1: selecting invalid altsetting 0 [ 428.120159][T10736] usb 4-1: selecting invalid altsetting 0 [ 428.130023][T10736] usbtest 4-1:220.1: probe with driver usbtest failed with error -22 [ 428.153713][T10736] usb 4-1: USB disconnect, device number 10 [ 429.644576][T11688] 8021q: adding VLAN 0 to HW filter on device bond0 [ 429.814709][T11688] 8021q: adding VLAN 0 to HW filter on device team0 [ 430.030485][T11688] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 430.132727][ T986] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 430.332320][ T986] usb 4-1: Using ep0 maxpacket: 8 [ 430.349895][ T986] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 430.378014][ T986] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 430.417570][T11688] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 430.420906][ T986] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 430.483298][ T986] usb 4-1: config 0 descriptor?? [ 430.541177][T11688] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 430.748061][T11688] veth1_vlan: left promiscuous mode [ 430.771558][ T986] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 430.879343][T11688] veth0_vlan: left promiscuous mode [ 430.953818][T11688] veth0_vlan: entered promiscuous mode [ 431.045405][T11688] veth1_vlan: entered promiscuous mode [ 431.227759][T11716] loop6: detected capacity change from 0 to 512 [ 431.307948][T11688] veth1_macvtap: left promiscuous mode [ 431.339575][T11716] EXT4-fs error (device loop6): ext4_iget_extra_inode:5127: inode #15: comm syz.6.1709: corrupted in-inode xattr: invalid ea_ino [ 431.376510][ T986] usb 4-1: USB disconnect, device number 11 [ 431.407393][T11716] loop6: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 431.410577][ C1] EXT4-fs (loop6): error count since last fsck: 1 [ 431.426357][ C1] EXT4-fs (loop6): initial error at time 1778890845: ext4_iget_extra_inode:5127: inode 15 [ 431.436345][ C1] EXT4-fs (loop6): last error at time 1778890845: ext4_iget_extra_inode:5127: inode 15 [ 431.437664][T11688] veth0_macvtap: left promiscuous mode [ 431.450908][T11716] EXT4-fs error (device loop6): ext4_orphan_get:1400: comm syz.6.1709: couldn't read orphan inode 15 (err -117) [ 431.470522][T11716] loop6: lost filesystem error report for type 5 error -117 [ 431.483392][T11716] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 431.542920][T11688] veth0_macvtap: entered promiscuous mode [ 431.588658][T11688] veth1_macvtap: entered promiscuous mode [ 431.687556][T11688] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 431.742859][T11688] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 431.804085][T11688] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 431.857865][T11688] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 431.914340][T11688] 8021q: adding VLAN 0 to HW filter on device bond1 [ 431.987200][T11688] 8021q: adding VLAN 0 to HW filter on device bond2 [ 432.046524][T11688] bond3: left promiscuous mode [ 432.067664][T11688] 8021q: adding VLAN 0 to HW filter on device bond3 [ 432.134170][T11688] bond4: left promiscuous mode [ 432.168537][T11688] 8021q: adding VLAN 0 to HW filter on device bond4 [ 432.341783][T11314] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 432.555569][ T49] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 432.595381][ T49] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 432.709250][ T49] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 432.788680][ T49] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 433.953789][ T49] bond1: (slave veth3): link status definitely up, 10000 Mbps full duplex [ 433.988465][ T49] bond1: (slave veth3): making interface the new active one [ 434.106754][ T49] bond1: active interface up! [ 434.145130][ T58] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 434.175279][ T58] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.246838][ T58] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 434.296294][ T58] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 435.118206][T11752] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1721'. [ 435.248330][T11758] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1722'. [ 436.198781][T11774] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1726'. [ 436.298977][T11774] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1726'. [ 436.435456][T10716] Process accounting resumed [ 437.131106][T11777] Process accounting resumed [ 438.075195][T11790] loop6: detected capacity change from 0 to 512 [ 438.094742][T11790] EXT4-fs: Ignoring removed orlov option [ 438.765094][T11790] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 438.847585][T11799] fuse: fd is not a fuse device [ 438.869791][T11790] ext4 filesystem being mounted at /18/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 439.361460][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.030579][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 440.090580][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 440.210582][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 440.330580][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 440.447092][T11314] EXT4-fs error (device loop6): ext4_lookup:1785: inode #12: comm syz-executor: iget: bad i_size value: 2533274857506816 [ 440.553519][T11314] EXT4-fs error (device loop6): ext4_lookup:1785: inode #12: comm syz-executor: iget: bad i_size value: 2533274857506816 [ 441.618949][T11314] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 442.079207][T11837] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1744'. [ 442.153588][ T136] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.344795][T10719] Process accounting resumed [ 442.362673][T11844] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1744'. [ 442.387948][T11842] Process accounting resumed [ 442.961234][ T136] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.339331][ T136] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.489329][T11858] erspan0: left promiscuous mode [ 444.075142][ T5649] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 444.093823][ T5649] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 444.107423][ T5649] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 444.123435][ T5649] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 444.134213][ T5649] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 445.208468][T11858] bond1: left promiscuous mode [ 445.299400][T11858] macvtap1: left promiscuous mode [ 445.330225][T11858] vlan0: left promiscuous mode [ 445.403875][T11886] netlink: 'syz.2.1757': attribute type 1 has an invalid length. [ 445.419985][T11858] bond2: left promiscuous mode [ 445.465372][T11858] geneve2: left promiscuous mode [ 445.541554][T11858] bond3: left promiscuous mode [ 445.564697][T11858] veth3: left promiscuous mode [ 445.690031][T11886] 8021q: adding VLAN 0 to HW filter on device bond5 [ 445.732756][T11888] bond5: entered allmulticast mode [ 445.809360][T11890] bond5: (slave ip6gretap1): making interface the new active one [ 445.833564][T11890] ip6gretap1: entered allmulticast mode [ 445.866642][T11890] bond5: (slave ip6gretap1): Enslaving as an active interface with an up link [ 446.045705][ T136] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.231054][ T5652] Bluetooth: hci5: command tx timeout [ 448.311426][ T5652] Bluetooth: hci5: command tx timeout [ 448.403858][T11908] 8021q: adding VLAN 0 to HW filter on device bond0 [ 448.466103][T11908] 8021q: adding VLAN 0 to HW filter on device team0 [ 448.677905][T11908] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 448.864066][T10736] Process accounting resumed [ 448.901585][T11924] Process accounting resumed [ 449.426294][T11908] veth1_vlan: left promiscuous mode [ 449.461277][T11908] veth0_vlan: left promiscuous mode [ 449.482947][T11908] veth0_vlan: entered promiscuous mode [ 449.585947][T11908] veth1_vlan: entered promiscuous mode [ 449.866622][T11908] veth1_macvtap: left promiscuous mode [ 450.058365][T11908] veth0_macvtap: left promiscuous mode [ 450.101207][T11908] veth0_macvtap: entered promiscuous mode [ 450.123769][T11908] veth1_macvtap: entered promiscuous mode [ 450.176044][T11908] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 450.203200][T11908] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 450.244184][T11908] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 450.285795][T11908] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 450.326991][T11908] 8021q: adding VLAN 0 to HW filter on device bond1 [ 450.359427][T11908] 8021q: adding VLAN 0 to HW filter on device bond2 [ 450.393764][T11908] 8021q: adding VLAN 0 to HW filter on device bond3 [ 450.401738][ T5652] Bluetooth: hci5: command tx timeout [ 450.434600][T11908] 8021q: adding VLAN 0 to HW filter on device bond4 [ 450.471466][T11908] mac80211_hwsim hwsim4 syzkaller0: left promiscuous mode [ 450.534862][T11908] 8021q: adding VLAN 0 to HW filter on device bond5 [ 452.472721][ T5652] Bluetooth: hci5: command tx timeout [ 459.977084][ T58] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.039349][ T58] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.110490][ T58] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.377518][ T58] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.435294][ T58] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.561156][ T58] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.604669][ T5820] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 460.687054][ T58] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.152728][T10717] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 461.177375][ T58] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.553106][ T136] bridge_slave_1: left allmulticast mode [ 461.601571][ T136] bridge_slave_1: left promiscuous mode [ 461.650861][T11996] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1781'. [ 461.663011][ T136] bridge0: port 2(bridge_slave_1) entered disabled state [ 461.776303][ T136] bridge_slave_0: left allmulticast mode [ 461.805432][T11997] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1781'. [ 461.856084][ T136] bridge_slave_0: left promiscuous mode [ 461.912098][ T136] bridge0: port 1(bridge_slave_0) entered disabled state [ 466.563325][T12020] overlayfs: failed to clone upperpath [ 467.528104][ T136] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 467.622546][ T136] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 467.697059][ T136] bond0 (unregistering): Released all slaves [ 469.165641][T12047] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1794'. [ 469.511750][T12052] ptrace attach of "ci-upstream-kasan-badwrites-root/syz-executor exec"[5638] was attempted by "ci-upstream-kasan-badwrites-root/syz-executor exec"[12052] [ 471.168122][ T6995] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 471.194014][ T6995] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 471.274787][ T6995] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 471.300994][ T6995] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 471.419953][T12065] fuse: fd is not a fuse device [ 471.914441][T12079] overlayfs: failed to clone upperpath [ 472.554546][T12098] tmpfs: Bad value for 'nr_blocks' [ 472.713301][ T136] hsr_slave_0: left promiscuous mode [ 472.818350][ T136] hsr_slave_1: left promiscuous mode [ 472.888316][ T136] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 472.920013][ T136] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 472.960026][ T136] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 473.003972][ T136] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 473.132550][ T136] veth1_macvtap: left promiscuous mode [ 473.156495][ T136] veth0_macvtap: left promiscuous mode [ 473.180823][ T136] veth1_vlan: left promiscuous mode [ 473.222467][ T136] veth0_vlan: left promiscuous mode [ 477.306999][ T136] team0 (unregistering): Port device team_slave_1 removed [ 477.438540][ T136] team0 (unregistering): Port device team_slave_0 removed [ 482.021125][T12188] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1827'. [ 482.032954][T11871] bridge0: port 1(bridge_slave_0) entered blocking state [ 482.065467][T11871] bridge0: port 1(bridge_slave_0) entered disabled state [ 482.088771][T11871] bridge_slave_0: entered allmulticast mode [ 482.114792][T11871] bridge_slave_0: entered promiscuous mode [ 482.168723][T11871] bridge0: port 2(bridge_slave_1) entered blocking state [ 482.193949][T12188] loop3: detected capacity change from 0 to 128 [ 482.203535][T11871] bridge0: port 2(bridge_slave_1) entered disabled state [ 482.245118][T11871] bridge_slave_1: entered allmulticast mode [ 482.278168][T12188] FAT-fs (loop3): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 482.315790][T11871] bridge_slave_1: entered promiscuous mode [ 483.918777][T11871] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 483.954238][T11871] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 484.554510][T11871] team0: Port device team_slave_0 added [ 484.613899][T11871] team0: Port device team_slave_1 added [ 484.864031][T11871] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 484.894632][T11871] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 485.017639][T11871] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 485.122649][T11871] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 485.151502][T11871] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 485.270632][T11871] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 486.487115][T11871] hsr_slave_0: entered promiscuous mode [ 486.542715][T11871] hsr_slave_1: entered promiscuous mode [ 486.582320][T11871] debugfs: 'hsr0' already exists in 'hsr' [ 486.623991][T11871] Cannot create hsr debugfs directory [ 489.317271][T11871] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 489.366939][T11871] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 489.412029][T11871] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 489.496069][T11871] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 489.525445][T11871] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 489.576691][T11871] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 489.619656][T11871] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 489.720184][T11871] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 490.347584][T11871] 8021q: adding VLAN 0 to HW filter on device bond0 [ 490.502104][T11871] 8021q: adding VLAN 0 to HW filter on device team0 [ 490.583612][ T6009] bridge0: port 1(bridge_slave_0) entered blocking state [ 490.592182][ T6009] bridge0: port 1(bridge_slave_0) entered forwarding state [ 490.644362][ T5287] 8021q: adding VLAN 0 to HW filter on device eth5 [ 490.709021][ T6009] bridge0: port 2(bridge_slave_1) entered blocking state [ 490.717419][ T6009] bridge0: port 2(bridge_slave_1) entered forwarding state [ 490.825760][T12288] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1849'. [ 491.033365][T12289] bridge1: port 1(veth5) entered blocking state [ 491.063233][T12289] bridge1: port 1(veth5) entered disabled state [ 491.075108][T12289] veth5: entered allmulticast mode [ 491.094716][T12289] veth5: entered promiscuous mode [ 491.268960][T12298] fuse: fd is not a fuse device [ 497.419149][ T5287] 8021q: adding VLAN 0 to HW filter on device eth6 [ 498.220705][T12385] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1871'. [ 498.274236][T11871] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 499.347807][T12414] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1879'. [ 500.730955][T11871] veth0_vlan: entered promiscuous mode [ 500.777987][T11871] veth1_vlan: entered promiscuous mode [ 500.797703][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.002991][T11871] veth0_macvtap: entered promiscuous mode [ 501.065154][T11871] veth1_macvtap: entered promiscuous mode [ 501.248076][T11871] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 501.388953][T11871] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 501.506396][ T6009] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 501.553610][ T6009] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 501.618563][ T6009] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 501.659841][ T6009] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 501.773281][ T5652] Bluetooth: hci4: unexpected event for opcode 0x0c22 [ 501.902831][ T5287] 8021q: adding VLAN 0 to HW filter on device eth7 [ 502.440240][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 503.084572][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 503.539462][T12470] fuse: fd is not a fuse device [ 504.478506][ T5649] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 505.440176][ T5649] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 505.454047][ T5649] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 505.464898][ T5649] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 505.475001][ T5649] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 506.660545][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 506.701937][T12521] fuse: fd is not a fuse device [ 506.776989][T12521] fuse: fd is not a fuse device [ 507.547350][T12535] fuse: fd is not a fuse device [ 507.588680][ T3307] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.592078][ T5649] Bluetooth: hci6: command tx timeout [ 507.720935][ T5287] 8021q: adding VLAN 0 to HW filter on device eth8 [ 507.985548][ T3307] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.193304][T12551] netlink: 'syz.3.1910': attribute type 1 has an invalid length. [ 508.237082][T12551] netlink: 'syz.3.1910': attribute type 4 has an invalid length. [ 508.276926][T12551] netlink: 15334 bytes leftover after parsing attributes in process `syz.3.1910'. [ 508.535119][ T3307] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 509.688371][ T5649] Bluetooth: hci6: command tx timeout [ 510.093606][ T3307] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.465290][T12578] netlink: 'syz.0.1918': attribute type 1 has an invalid length. [ 510.606808][T12582] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1918'. [ 511.038325][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 511.180616][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 511.230535][ T0] NOHZ tick-stop error: local softirq work is pending, handler #284!!! [ 511.494435][T12581] bond5: (slave vxcan3): The slave device specified does not support setting the MAC address [ 511.518599][T12581] bond5: (slave vxcan3): Error -95 calling set_mac_address [ 511.736615][T12582] bond5: (slave bridge2): Enslaving as an active interface with a down link [ 511.761584][ T5649] Bluetooth: hci6: command tx timeout [ 512.543164][T12616] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 512.578970][T12612] tipc: Started in network mode [ 512.599388][T12612] tipc: Node identity ac14142f, cluster identity 4711 [ 512.635730][T12612] tipc: New replicast peer: 0.0.0.0 [ 512.676361][T12612] tipc: Enabled bearer , priority 10 [ 512.787797][T12620] tipc: New replicast peer: 0000:0000:0000:0000:0000:0000:0000:0000 [ 513.110209][ T3307] bridge_slave_1: left allmulticast mode [ 513.142214][ T3307] bridge_slave_1: left promiscuous mode [ 513.170411][ T3307] bridge0: port 2(bridge_slave_1) entered disabled state [ 513.259905][ T3307] bridge_slave_0: left allmulticast mode [ 513.308245][ T3307] bridge_slave_0: left promiscuous mode [ 513.403427][ T3307] bridge0: port 1(bridge_slave_0) entered disabled state [ 513.800992][T12646] ptrace attach of "ci-upstream-kasan-badwrites-root/syz-executor exec"[5634] was attempted by "ci-upstream-kasan-badwrites-root/syz-executor exec"[12646] [ 514.138875][ T5649] Bluetooth: hci6: command tx timeout [ 515.070535][ T0] NOHZ tick-stop error: local softirq work is pending, handler #04!!! [ 515.550613][T12660] fuse: fd is not a fuse device [ 518.377204][T12688] overlayfs: failed to clone upperpath [ 518.759594][T12693] fuse: fd is not a fuse device [ 518.892315][ T3307] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 518.956108][ T3307] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 519.021646][ T3307] bond0 (unregistering): Released all slaves [ 519.255850][ T5873] tipc: Node number set to 2886997039 [ 522.570534][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 523.081767][ T31] audit: type=1326 audit(1778890936.741:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12727 comm="syz.3.1956" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff762b9ce59 code=0x0 [ 523.720301][ T3307] hsr_slave_0: left promiscuous mode [ 523.785898][ T3307] hsr_slave_1: left promiscuous mode [ 523.826582][ T3307] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 523.864269][ T3307] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 523.924475][ T3307] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 523.952591][ T3307] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 524.059278][ T3307] veth1_macvtap: left promiscuous mode [ 524.086543][ T3307] veth0_macvtap: left promiscuous mode [ 524.109222][ T3307] veth1_vlan: left promiscuous mode [ 524.131921][ T3307] veth0_vlan: left promiscuous mode [ 525.040858][ T31] audit: type=1804 audit(1778890938.701:20): pid=12770 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1967" name="bus" dev="ramfs" ino=29089 res=1 errno=0 [ 525.150827][ T31] audit: type=1804 audit(1778890938.731:21): pid=12770 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1967" name="bus" dev="ramfs" ino=29089 res=1 errno=0 [ 526.058456][ T3307] team0 (unregistering): Port device team_slave_1 removed [ 526.166811][ T3307] team0 (unregistering): Port device team_slave_0 removed [ 526.223891][T12787] netlink: 'syz.4.1970': attribute type 1 has an invalid length. [ 526.256755][T12787] netlink: 'syz.4.1970': attribute type 4 has an invalid length. [ 526.308901][T12787] netlink: 15334 bytes leftover after parsing attributes in process `syz.4.1970'. [ 529.435393][T12492] bridge0: port 1(bridge_slave_0) entered blocking state [ 529.490105][T12492] bridge0: port 1(bridge_slave_0) entered disabled state [ 529.530065][T12492] bridge_slave_0: entered allmulticast mode [ 529.584988][T12492] bridge_slave_0: entered promiscuous mode [ 529.626060][T12492] bridge0: port 2(bridge_slave_1) entered blocking state [ 529.662991][T12492] bridge0: port 2(bridge_slave_1) entered disabled state [ 529.695734][T12492] bridge_slave_1: entered allmulticast mode [ 529.741740][T12492] bridge_slave_1: entered promiscuous mode [ 530.022399][T12492] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 530.105441][T12492] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 530.377960][T12492] team0: Port device team_slave_0 added [ 530.407497][T12492] team0: Port device team_slave_1 added [ 530.683836][T12492] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 530.756605][T12492] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 530.921202][T12492] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 531.007039][T12492] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 531.054241][T12492] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 531.167526][T12492] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 532.114142][T12839] netlink: 'syz.3.1986': attribute type 11 has an invalid length. [ 534.276937][T12492] hsr_slave_0: entered promiscuous mode [ 534.318329][T12492] hsr_slave_1: entered promiscuous mode [ 534.356521][T12492] debugfs: 'hsr0' already exists in 'hsr' [ 534.386867][T12492] Cannot create hsr debugfs directory [ 534.914512][T12860] netlink: 'syz.4.1993': attribute type 4 has an invalid length. [ 535.013444][T12862] netlink: 'syz.4.1993': attribute type 4 has an invalid length. [ 537.554807][T12884] fuse: fd is not a fuse device [ 537.808107][ T5287] 8021q: adding VLAN 0 to HW filter on device eth9 [ 538.972461][T12902] fuse: fd is not a fuse device [ 538.998711][T12905] fuse: fd is not a fuse device [ 539.377919][T12917] fuse: fd is not a fuse device [ 540.371746][T12929] Device name cannot be null; rc = [-22] [ 542.144118][T12938] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 542.558143][T12947] ªªªªªª: renamed from vlan0 [ 542.781384][T12492] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 542.847321][T12492] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 542.877046][T12492] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 542.920453][T12492] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 542.962771][T12492] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 543.210625][T12492] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 543.246945][T12492] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 543.307532][T12492] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 543.441246][T12963] fuse: fd is not a fuse device [ 543.836647][T12492] 8021q: adding VLAN 0 to HW filter on device bond0 [ 544.071382][T12492] 8021q: adding VLAN 0 to HW filter on device team0 [ 544.214518][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 544.221745][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 544.352136][T11502] bridge0: port 2(bridge_slave_1) entered blocking state [ 544.359381][T11502] bridge0: port 2(bridge_slave_1) entered forwarding state [ 546.478321][T13010] netlink: 666 bytes leftover after parsing attributes in process `syz.5.2029'. [ 547.170890][ T5873] IPVS: starting estimator thread 0... [ 547.290693][T13024] IPVS: using max 23 ests per chain, 55200 per kthread [ 547.480403][ T31] audit: type=1326 audit(1778890961.141:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13026 comm="syz.0.2035" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f13c1b9ce59 code=0x0 [ 548.306192][T13036] fuse: fd is not a fuse device [ 549.719507][T13044] netlink: 'syz.2.2051': attribute type 11 has an invalid length. [ 549.820760][ T31] audit: type=1804 audit(1778890963.481:23): pid=13046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.2041" name="bus" dev="ramfs" ino=29898 res=1 errno=0 [ 550.032626][ T31] audit: type=1804 audit(1778890963.521:24): pid=13046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2041" name="bus" dev="ramfs" ino=29898 res=1 errno=0 [ 550.331823][T12492] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 550.921414][T13065] kernel read not supported for file /file0 (pid: 13065 comm: syz.3.2044) [ 550.963666][ T31] audit: type=1800 audit(1778890964.631:25): pid=13065 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2044" name="file0" dev="mqueue" ino=30764 res=0 errno=0 [ 552.439740][T13087] batman_adv: batadv0: Adding interface: dummy0 [ 552.469571][T13087] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 552.602498][T13087] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 554.216748][T12492] veth0_vlan: entered promiscuous mode [ 554.299461][T12492] veth1_vlan: entered promiscuous mode [ 555.468364][T12492] veth0_macvtap: entered promiscuous mode [ 555.538177][T12492] veth1_macvtap: entered promiscuous mode [ 555.634502][T13110] 9p: Bad value for 'rfdno' [ 555.694516][T12492] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 555.727965][T13115] netlink: 'syz.5.2055': attribute type 11 has an invalid length. [ 555.789436][T12492] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 555.878738][ T6995] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 555.939573][ T6995] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 556.016818][ T6995] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 556.041616][ T6995] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 556.375474][T11502] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 556.412011][T11502] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 556.696524][T13126] netlink: 'syz.2.2059': attribute type 4 has an invalid length. [ 557.571612][ T6009] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 557.645566][ T6009] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 559.504585][T13159] fuse: fd is not a fuse device [ 562.251453][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.778607][T13180] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2074'. [ 562.833325][T13180] netlink: 43 bytes leftover after parsing attributes in process `syz.5.2074'. [ 562.903287][T13180] netlink: 'syz.5.2074': attribute type 5 has an invalid length. [ 562.958637][T13180] netlink: 43 bytes leftover after parsing attributes in process `syz.5.2074'. [ 563.823721][T13191] fuse: fd is not a fuse device [ 566.207717][T13223] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2091'. [ 567.463473][T13240] netlink: 'syz.3.2094': attribute type 27 has an invalid length. [ 567.598654][T13240] netlink: 'syz.3.2094': attribute type 4 has an invalid length. [ 567.659156][T13240] netlink: 144 bytes leftover after parsing attributes in process `syz.3.2094'. [ 568.734706][T13255] Device name cannot be null; rc = [-22] [ 569.484675][T13266] Invalid option length (57448) for dns_resolver key [ 570.554716][T13278] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0 [ 575.421994][T13315] netlink: 312 bytes leftover after parsing attributes in process `syz.7.2111'. [ 575.775640][T13318] fuse: fd is not a fuse device [ 580.835618][T13369] netlink: 'syz.0.2127': attribute type 1 has an invalid length. [ 580.926382][T13371] loop7: detected capacity change from 0 to 1024 [ 580.965221][T13371] EXT4-fs: Ignoring removed bh option [ 581.036823][T13371] EXT4-fs (loop7): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 581.258274][T13371] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 581.328334][T13381] netlink: 'syz.5.2129': attribute type 1 has an invalid length. [ 581.497364][T13381] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2129'. [ 581.753184][T13375] bond6: (slave bridge3): Enslaving as a backup interface with an up link [ 581.921830][T13377] bond6: (slave bridge4): Enslaving as a backup interface with a down link [ 582.185144][T13383] bond4: (slave vxcan1): The slave device specified does not support setting the MAC address [ 582.240968][T13383] bond4: (slave vxcan1): Setting fail_over_mac to active for active-backup mode [ 582.298638][T13383] bond4: (slave vxcan1): making interface the new active one [ 582.372800][T13383] bond4: (slave vxcan1): Enslaving as an active interface with an up link [ 582.507773][T13381] bond4 (unregistering): (slave vxcan1): Releasing backup interface [ 582.640874][T13381] bond4 (unregistering): Released all slaves [ 582.808682][T12492] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 583.010434][ T5649] Bluetooth: hci2: Malformed MSFT vendor event: 0x02 [ 586.683141][T13440] 9pnet: p9_errstr2errno: server reported unknown error 0x000000000 [ 587.253770][T13452] fuse: fd is not a fuse device [ 588.570747][T13461] fuse: fd is not a fuse device [ 589.243130][T13475] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2158'. [ 597.807280][T13542] fuse: fd is not a fuse device [ 600.192467][T13577] overlayfs: failed to clone upperpath [ 602.494638][T13602] netlink: 'syz.4.2188': attribute type 1 has an invalid length. [ 603.317430][T13615] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2188'. [ 605.198493][T13613] bond5: (slave vxcan3): The slave device specified does not support setting the MAC address [ 605.293923][T13613] bond5: (slave vxcan3): Setting fail_over_mac to active for active-backup mode [ 605.366801][T13613] bond5: (slave vxcan3): making interface the new active one [ 605.415881][T13613] bond5: (slave vxcan3): Enslaving as an active interface with an up link [ 605.469806][T13615] bond5 (unregistering): (slave vxcan3): Releasing backup interface [ 605.897638][T13615] bond5 (unregistering): Released all slaves [ 606.834669][T13629] batadv_slave_0: entered promiscuous mode [ 616.844576][T13697] Set syz0 is full, maxelem 0 reached [ 620.739247][T13710] netlink: 'syz.7.2216': attribute type 1 has an invalid length. [ 621.034163][T13710] bond1: (slave bridge1): Enslaving as a backup interface with an up link [ 621.376653][T13713] bond1: (slave bridge2): Enslaving as a backup interface with a down link [ 623.686315][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.675739][T13730] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 624.695272][T13730] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 624.705070][T13730] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 624.715660][T13730] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 624.724539][T13730] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 626.919745][ T5649] Bluetooth: hci5: command tx timeout [ 628.764647][T13767] fuse: fd is not a fuse device [ 628.775225][T13762] SQUASHFS error: Failed to read block 0x0: -5 [ 628.887478][T13762] unable to read squashfs_super_block [ 629.270617][ T5649] Bluetooth: hci5: command tx timeout [ 629.991198][ T31] audit: type=1804 audit(1778891043.651:26): pid=13779 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.2237" name="file0" dev="tmpfs" ino=2195 res=1 errno=0 [ 630.189757][T13779] uprobe: syz.5.2237:13779 failed to unregister, leaking uprobe [ 630.870622][ T5649] Bluetooth: hci6: command 0x0406 tx timeout [ 631.689250][ T5649] Bluetooth: hci5: command tx timeout [ 633.965933][T13730] Bluetooth: hci5: command tx timeout [ 636.087366][T13728] bridge0: port 1(bridge_slave_0) entered blocking state [ 636.097383][T13728] bridge0: port 1(bridge_slave_0) entered disabled state [ 636.105106][T13728] bridge_slave_0: entered allmulticast mode [ 636.170362][T13728] bridge_slave_0: entered promiscuous mode [ 636.656292][T13728] bridge0: port 2(bridge_slave_1) entered blocking state [ 636.688598][T13728] bridge0: port 2(bridge_slave_1) entered disabled state [ 636.721290][T13818] xt_connbytes: Forcing CT accounting to be enabled [ 636.735657][T13728] bridge_slave_1: entered allmulticast mode [ 636.761553][T13728] bridge_slave_1: entered promiscuous mode [ 639.135111][T13728] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 639.318200][T13728] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 643.024926][T13728] team0: Port device team_slave_0 added [ 643.359599][T13728] team0: Port device team_slave_1 added [ 644.751175][T13856] fuse: fd is not a fuse device [ 644.969185][T13728] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 645.020172][T13728] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 645.113454][T13728] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 645.494442][T13728] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 645.548315][T13728] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 646.037456][T13728] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 647.016813][T13728] hsr_slave_0: entered promiscuous mode [ 647.045169][T13728] hsr_slave_1: entered promiscuous mode [ 647.077406][T13728] debugfs: 'hsr0' already exists in 'hsr' [ 647.115062][T13728] Cannot create hsr debugfs directory [ 647.233688][T13889] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2270'. [ 647.296285][T13891] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2270'. [ 650.487726][T13909] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2275'. [ 650.517878][T13909] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2275'. [ 653.158580][ T6999] bond3 (unregistering): (slave geneve2): Releasing active interface [ 653.637442][ T6999] bond0 (unregistering): Released all slaves [ 653.747113][ T6999] bond1 (unregistering): Released all slaves [ 653.844478][ T6999] bond2 (unregistering): Released all slaves [ 653.982984][ T6999] bond3 (unregistering): Released all slaves [ 654.712499][ T6999] IPVS: stopping backup sync thread 13278 ... [ 654.742234][T13929] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2291'. [ 655.418402][T13943] loop7: detected capacity change from 0 to 256 [ 655.507826][T13943] exfat: Deprecated parameter 'utf8' [ 655.779408][T13943] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0xf8a64500, utbl_chksum : 0xe619d30d) [ 656.049803][ T6999] hsr_slave_0: left promiscuous mode [ 656.103632][ T6999] hsr_slave_1: left promiscuous mode [ 656.127610][ T6999] batman_adv: batadv0: Removing interface: dummy0 [ 656.366629][T13943] loop7: detected capacity change from 256 to 0 [ 657.553263][T12492] buffer_io_error: 138 callbacks suppressed [ 657.553320][T12492] Buffer I/O error on dev loop7, logical block 0, lost sync page write [ 657.915684][T13971] Set syz0 is full, maxelem 0 reached [ 663.787353][ T5287] 8021q: adding VLAN 0 to HW filter on device eth9 [ 664.348710][T14013] fuse: fd is not a fuse device [ 664.800024][T13728] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 664.899872][T13728] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 664.960979][T13728] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 665.024179][T13728] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 665.058460][T13728] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 665.121642][T13728] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 665.154864][T13728] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 665.208060][T13728] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 665.272251][ T6999] IPVS: stop unused estimator thread 0... [ 665.585618][T14030] Set syz0 is full, maxelem 0 reached [ 667.172822][T14036] ptrace attach of "ci-upstream-kasan-badwrites-root/syz-executor exec"[5639] was attempted by ""[14036] [ 668.354832][T13728] 8021q: adding VLAN 0 to HW filter on device bond0 [ 668.626282][T13728] 8021q: adding VLAN 0 to HW filter on device team0 [ 668.683409][ T5649] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 668.700858][ T5649] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 668.711749][ T5649] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 668.726352][ T5649] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 668.740649][ T5649] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 668.835530][T11504] bridge0: port 1(bridge_slave_0) entered blocking state [ 668.843615][T11504] bridge0: port 1(bridge_slave_0) entered forwarding state [ 669.826721][ T6999] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 670.197509][T11499] bridge0: port 2(bridge_slave_1) entered blocking state [ 670.204746][T11499] bridge0: port 2(bridge_slave_1) entered forwarding state [ 670.791359][ T5649] Bluetooth: hci1: command tx timeout [ 670.830919][ T6999] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 671.223274][ T6999] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 671.690011][ T6999] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 672.870680][ T5649] Bluetooth: hci1: command tx timeout [ 673.887133][ T5287] 8021q: adding VLAN 0 to HW filter on device eth10 [ 675.030613][T13730] Bluetooth: hci1: command tx timeout [ 675.651935][ T6999] bridge_slave_1: left allmulticast mode [ 675.657655][ T6999] bridge_slave_1: left promiscuous mode [ 675.666428][ T6999] bridge0: port 2(bridge_slave_1) entered disabled state [ 675.690571][ T6999] bridge_slave_0: left allmulticast mode [ 675.696281][ T6999] bridge_slave_0: left promiscuous mode [ 675.702009][ T6999] bridge0: port 1(bridge_slave_0) entered disabled state [ 676.216442][ T6999] bond1 (unregistering): (slave bridge1): Releasing backup interface [ 676.224554][ T6999] bond1 (unregistering): (slave bridge1): the permanent HWaddr of slave - b6:d0:c6:f3:c4:84 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 676.445855][ T6999] bond1 (unregistering): (slave bridge2): Releasing backup interface [ 676.548026][ T6999] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 676.568271][ T6999] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 676.581389][ T6999] bond0 (unregistering): Released all slaves [ 676.593529][ T6999] bond1 (unregistering): Released all slaves [ 677.110791][T13730] Bluetooth: hci1: command tx timeout [ 680.667229][T14145] Set syz0 is full, maxelem 0 reached [ 682.476955][ T5649] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 682.532129][ T5649] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 682.570994][ T5649] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 682.633154][ T5649] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 682.665028][ T5649] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 684.161266][ T5287] 8021q: adding VLAN 0 to HW filter on device eth11 [ 684.196252][ T6999] hsr_slave_0: left promiscuous mode [ 684.370038][ T6999] hsr_slave_1: left promiscuous mode [ 684.376316][ T6999] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 684.383710][ T6999] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 684.411161][ T6999] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 684.430871][ T6999] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 684.758384][ T6999] veth1_macvtap: left promiscuous mode [ 684.763955][ T6999] veth0_macvtap: left promiscuous mode [ 684.771109][ T6999] veth1_vlan: left promiscuous mode [ 684.778220][ T6999] veth0_vlan: left promiscuous mode [ 684.876514][T13730] Bluetooth: hci6: command tx timeout [ 685.560582][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.435716][T13730] Bluetooth: hci6: command tx timeout [ 687.977703][ T6999] team0 (unregistering): Port device team_slave_1 removed [ 687.999193][ T6999] team0 (unregistering): Port device team_slave_0 removed [ 688.473697][T14044] bridge0: port 1(bridge_slave_0) entered blocking state [ 688.557511][T14044] bridge0: port 1(bridge_slave_0) entered disabled state [ 688.564810][T14044] bridge_slave_0: entered allmulticast mode [ 688.606129][T14044] bridge_slave_0: entered promiscuous mode [ 688.661445][T14044] bridge0: port 2(bridge_slave_1) entered blocking state [ 688.668624][T14044] bridge0: port 2(bridge_slave_1) entered disabled state [ 688.675865][T14044] bridge_slave_1: entered allmulticast mode [ 688.683880][T14044] bridge_slave_1: entered promiscuous mode [ 689.184066][T14253] fuse: fd is not a fuse device [ 689.611475][T13730] Bluetooth: hci6: command tx timeout [ 689.769283][T14044] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 689.795741][T14044] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 689.950300][T14044] team0: Port device team_slave_0 added [ 690.014518][T14044] team0: Port device team_slave_1 added [ 690.513847][T14044] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 690.579407][T14044] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 690.864586][T14044] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 690.887953][T14044] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 690.896105][T14044] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 690.922372][T14044] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 691.685729][T14044] hsr_slave_0: entered promiscuous mode [ 691.692717][T14044] hsr_slave_1: entered promiscuous mode [ 691.699820][T14044] debugfs: 'hsr0' already exists in 'hsr' [ 691.705920][T14044] Cannot create hsr debugfs directory [ 691.740860][ T5649] Bluetooth: hci6: command tx timeout [ 693.333536][T14299] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2366'. [ 693.975264][ T5287] 8021q: adding VLAN 0 to HW filter on device eth12 [ 694.732391][T14338] fuse: fd is not a fuse device [ 694.953431][T14044] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 695.022577][T14044] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 695.181104][T14044] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 695.239572][T14044] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 695.334587][T14044] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 695.401478][T14044] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 695.664024][T14044] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 695.975053][T14044] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 696.687045][T14165] bridge0: port 1(bridge_slave_0) entered blocking state [ 696.709599][T14165] bridge0: port 1(bridge_slave_0) entered disabled state [ 696.758099][T14165] bridge_slave_0: entered allmulticast mode [ 696.788903][T14165] bridge_slave_0: entered promiscuous mode [ 697.609470][T14165] bridge0: port 2(bridge_slave_1) entered blocking state [ 697.649450][T14165] bridge0: port 2(bridge_slave_1) entered disabled state [ 697.758328][T14165] bridge_slave_1: entered allmulticast mode [ 697.779885][T14165] bridge_slave_1: entered promiscuous mode [ 697.922428][T14385] fuse: fd is not a fuse device [ 698.044951][T14165] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 698.093973][T14165] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 698.759025][T14165] team0: Port device team_slave_0 added [ 699.994176][T14165] team0: Port device team_slave_1 added [ 700.083039][T14044] 8021q: adding VLAN 0 to HW filter on device bond0 [ 700.378515][T14165] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 700.405441][T14165] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 700.725997][T14165] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 700.769083][T14044] 8021q: adding VLAN 0 to HW filter on device team0 [ 701.569252][T14165] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 701.590578][T14165] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 701.688835][T14165] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 701.802511][ T6009] bridge0: port 1(bridge_slave_0) entered blocking state [ 701.809763][ T6009] bridge0: port 1(bridge_slave_0) entered forwarding state [ 704.528472][T14165] hsr_slave_0: entered promiscuous mode [ 704.535213][T14165] hsr_slave_1: entered promiscuous mode [ 704.669015][T14165] debugfs: 'hsr0' already exists in 'hsr' [ 704.687762][T14165] Cannot create hsr debugfs directory [ 704.725454][ T6999] bridge_slave_1: left allmulticast mode [ 704.740487][ T6999] bridge_slave_1: left promiscuous mode [ 704.766369][ T6999] bridge0: port 2(bridge_slave_1) entered disabled state [ 704.791311][T14459] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2397'. [ 704.838756][ T6999] bridge_slave_0: left allmulticast mode [ 704.864019][ T6999] bridge_slave_0: left promiscuous mode [ 704.898091][ T6999] bridge0: port 1(bridge_slave_0) entered disabled state [ 708.612616][ T31] audit: type=1326 audit(1778891137.271:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14492 comm="syz.4.2404" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e39ce59 code=0x7ffc0000 [ 708.644802][ T31] audit: type=1326 audit(1778891137.291:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14492 comm="syz.4.2404" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e39ce59 code=0x7ffc0000 [ 708.670016][ T31] audit: type=1326 audit(1778891137.291:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14492 comm="syz.4.2404" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e39ce59 code=0x7ffc0000 [ 709.505060][ T31] audit: type=1326 audit(1778891137.291:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14492 comm="syz.4.2404" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e39ce59 code=0x7ffc0000 [ 709.540756][ T31] audit: type=1326 audit(1778891137.291:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14492 comm="syz.4.2404" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f446e39ce59 code=0x7ffc0000 [ 710.042203][T14509] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2407'. [ 710.235161][ T31] audit: type=1326 audit(1778891137.301:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14492 comm="syz.4.2404" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e39ce59 code=0x7ffc0000 [ 710.260655][ T31] audit: type=1326 audit(1778891137.371:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14492 comm="syz.4.2404" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f446e35d68e code=0x7ffc0000 [ 710.285848][ T31] audit: type=1326 audit(1778891137.861:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14492 comm="syz.4.2404" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e39ce59 code=0x7ffc0000 [ 710.347040][ T31] audit: type=1326 audit(1778891137.861:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14492 comm="syz.4.2404" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e39ce59 code=0x7ffc0000 [ 710.372546][ T31] audit: type=1326 audit(1778891138.351:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14492 comm="syz.4.2404" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f446e39ce59 code=0x7ffc0000 [ 711.439044][ T6999] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 711.499602][ T6999] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 711.522198][ T6999] bond0 (unregistering): Released all slaves [ 711.605673][ T6009] bridge0: port 2(bridge_slave_1) entered blocking state [ 711.612847][ T6009] bridge0: port 2(bridge_slave_1) entered forwarding state [ 712.407171][ T6999] hsr_slave_0: left promiscuous mode [ 712.461883][ T6999] hsr_slave_1: left promiscuous mode [ 712.477393][ T6999] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 712.515450][ T6999] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 714.038781][ T6999] team0 (unregistering): Port device team_slave_1 removed [ 714.116073][ T6999] team0 (unregistering): Port device team_slave_0 removed [ 716.205110][T14556] A link change request failed with some changes committed already. Interface bond1 may have been left with an inconsistent configuration, please check. [ 717.336492][T14044] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 717.346905][T14044] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 717.472955][T14566] netlink: 'syz.5.2425': attribute type 2 has an invalid length. [ 717.497720][T14566] netlink: 'syz.5.2425': attribute type 2 has an invalid length. [ 720.015783][ T5287] 8021q: adding VLAN 0 to HW filter on device eth13 [ 722.109917][T14631] fuse: fd is not a fuse device [ 722.197673][T14635] fuse: fd is not a fuse device [ 722.343288][T14044] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 724.039112][T14652] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 724.046370][T14652] overlayfs: failed to set xattr on upper [ 724.052094][T14652] overlayfs: ...falling back to redirect_dir=nofollow. [ 724.058939][T14652] overlayfs: ...falling back to index=off. [ 724.064739][T14652] overlayfs: ...falling back to uuid=null. [ 724.110356][ T5287] 8021q: adding VLAN 0 to HW filter on device eth15 [ 724.146641][T14652] overlayfs: overlay with incompat feature 'volatile' cannot be mounted [ 725.222590][ T31] kauditd_printk_skb: 1 callbacks suppressed [ 725.222617][ T31] audit: type=1326 audit(1778891158.387:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14655 comm="syz.0.2451" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13c1b9ce59 code=0x7ffc0000 [ 725.345638][T14165] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 725.483702][ T31] audit: type=1326 audit(1778891158.387:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14655 comm="syz.0.2451" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13c1b9ce59 code=0x7ffc0000 [ 725.517680][ T31] audit: type=1326 audit(1778891158.387:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14655 comm="syz.0.2451" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13c1b9ce59 code=0x7ffc0000 [ 725.548056][ T31] audit: type=1326 audit(1778891158.387:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14655 comm="syz.0.2451" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13c1b9ce59 code=0x7ffc0000 [ 725.573247][T14165] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 725.580234][T14165] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 725.615287][ T31] audit: type=1326 audit(1778891158.387:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14655 comm="syz.0.2451" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f13c1b9ce59 code=0x7ffc0000 [ 725.640463][ T31] audit: type=1326 audit(1778891158.957:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14655 comm="syz.0.2451" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f13c1b5d68e code=0x7ffc0000 [ 725.672760][T14165] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 725.684256][ T31] audit: type=1326 audit(1778891159.347:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14655 comm="syz.0.2451" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f13c1b9ce59 code=0x7ffc0000 [ 725.725896][T14165] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 725.782182][T14165] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 726.087010][ T31] audit: type=1326 audit(1778891159.407:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14655 comm="syz.0.2451" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f13c1b9ce59 code=0x7ffc0000 [ 726.745968][T14165] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 727.064721][T13730] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 727.164234][T13730] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 727.173929][T13730] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 727.533999][T13730] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 727.579183][T14165] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 727.600625][T13730] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 727.857135][T14690] 8021q: adding VLAN 0 to HW filter on device bond0 [ 727.914264][T14690] 8021q: adding VLAN 0 to HW filter on device team0 [ 727.978275][T14690] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 729.152066][T14690] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 729.183163][T14690] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 729.210873][ T31] audit: type=1326 audit(1778891162.867:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14714 comm="syz.5.2453" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09af19ce59 code=0x7ffc0000 [ 729.306129][T14690] veth1_vlan: left promiscuous mode [ 729.312688][T14690] veth0_vlan: left promiscuous mode [ 729.318896][T14690] veth0_vlan: entered promiscuous mode [ 729.328146][T14690] veth1_vlan: entered promiscuous mode [ 729.339483][T14690] veth1_macvtap: left promiscuous mode [ 729.346228][T14690] veth0_macvtap: left promiscuous mode [ 729.352918][T14690] veth0_macvtap: entered promiscuous mode [ 729.359940][T14690] veth1_macvtap: entered promiscuous mode [ 729.360673][ T31] audit: type=1326 audit(1778891162.867:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14714 comm="syz.5.2453" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09af19ce59 code=0x7ffc0000 [ 729.431463][T14690] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 729.439999][T14690] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 729.448506][T14690] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 729.456972][T14690] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 729.467473][T14690] 8021q: adding VLAN 0 to HW filter on device bond1 [ 729.476259][T14690] 8021q: adding VLAN 0 to HW filter on device bond2 [ 729.485291][T14690] vlan0: entered allmulticast mode [ 729.490427][T14690] veth0_vlan: entered allmulticast mode [ 729.496111][T14690] vlan0: entered promiscuous mode [ 729.633518][T14690] 8021q: adding VLAN 0 to HW filter on device bond3 [ 729.651633][T14690] 8021q: adding VLAN 0 to HW filter on device bond5 [ 729.661103][T14690] 8021q: adding VLAN 0 to HW filter on device bond6 [ 729.669844][T14690] A link change request failed with some changes committed already. Interface syzkaller0 may have been left with an inconsistent configuration, please check. [ 729.810767][T13730] Bluetooth: hci5: command tx timeout [ 729.831956][T11499] bond6: (slave bridge3): link status up again after 0 ms [ 729.855175][T11499] bond6: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 729.871992][T11499] bond6: (slave bridge3): link status up again after 0 ms [ 729.915647][ T6327] bond6: (slave bridge3): link status up again after 0 ms [ 730.058541][ T6327] bond6: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 730.181733][T11499] bond6: (slave bridge3): link status up again after 0 ms [ 730.240456][ T58] bond6: (slave bridge3): link status up again after 0 ms [ 730.338280][ T6327] bond6: (slave bridge3): link status up again after 0 ms [ 730.494483][T11499] bond6: (slave bridge3): link status up again after 0 ms [ 730.879319][T14739] fuse: fd is not a fuse device [ 731.108979][T11504] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 731.138563][T11504] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 731.158122][T14749] fuse: fd is not a fuse device [ 731.164581][T14744] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2461'. [ 731.179184][ T5287] 8021q: adding VLAN 0 to HW filter on device eth14 [ 731.201276][T11504] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 731.218707][T11504] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 731.282471][T14755] fuse: fd is not a fuse device [ 731.859929][T13730] Bluetooth: hci5: command tx timeout [ 732.025789][T14773] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2467'. [ 733.910704][T13730] Bluetooth: hci5: command tx timeout [ 734.570674][T14165] 8021q: adding VLAN 0 to HW filter on device bond0 [ 734.642380][T14165] 8021q: adding VLAN 0 to HW filter on device team0 [ 735.991135][T13730] Bluetooth: hci5: command tx timeout [ 736.653617][ T58] net_ratelimit: 17 callbacks suppressed [ 737.579491][ T58] bond6: (slave bridge3): failed to get link speed/duplex [ 738.112928][ T6999] bridge0: port 1(bridge_slave_0) entered blocking state [ 738.120168][ T6999] bridge0: port 1(bridge_slave_0) entered forwarding state [ 738.421506][ T6009] bond6: (slave bridge3): failed to get link speed/duplex [ 738.570569][ T6995] bond6: (slave bridge3): failed to get link speed/duplex [ 739.314660][ T6999] bridge0: port 2(bridge_slave_1) entered blocking state [ 739.321895][ T6999] bridge0: port 2(bridge_slave_1) entered forwarding state [ 742.427367][T14850] A link change request failed with some changes committed already. Interface bond2 may have been left with an inconsistent configuration, please check. [ 742.443546][ T5649] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 742.452400][ T5649] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 742.460941][ T5649] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 742.496936][ T5649] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 742.509862][ T5649] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 742.642083][ T5287] 8021q: adding VLAN 0 to HW filter on device eth16 [ 743.297988][ T6009] bond6: (slave bridge3): failed to get link speed/duplex [ 744.051994][ T6327] bond6: (slave bridge3): failed to get link speed/duplex [ 744.589112][T11504] bridge_slave_1: left allmulticast mode [ 744.594962][T11504] bridge_slave_1: left promiscuous mode [ 744.600779][T11504] bridge0: port 2(bridge_slave_1) entered disabled state [ 744.617282][T11504] bridge_slave_0: left allmulticast mode [ 744.622952][T11504] bridge_slave_0: left promiscuous mode [ 744.675989][ T5649] Bluetooth: hci1: command tx timeout [ 744.683191][T11504] bridge0: port 1(bridge_slave_0) entered disabled state [ 746.611839][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 746.739411][ T5649] Bluetooth: hci1: command tx timeout [ 747.449623][T11504] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 747.508510][T11504] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 747.747981][T11504] bond0 (unregistering): Released all slaves [ 747.783737][T14880] bond5: (slave ip6gretap1): Releasing active interface [ 747.800595][T14880] ip6gretap1: left allmulticast mode [ 747.813520][T14880] veth5: left allmulticast mode [ 747.849294][T14880] veth5: left promiscuous mode [ 747.854486][T14880] bridge1: port 1(veth5) entered disabled state [ 748.086383][ T3321] bond6: (slave bridge3): failed to get link speed/duplex [ 748.111727][T14883] team0: Mode changed to "random" [ 748.349629][T14886] vlan0: entered promiscuous mode [ 748.471284][ T6327] bond6: (slave bridge3): failed to get link speed/duplex [ 748.604475][ T58] bond6: (slave bridge3): failed to get link speed/duplex [ 748.664828][T14917] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 853.764487][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 853.771473][ C0] rcu: (detected by 0, t=10502 jiffies, g=96449, q=670 ncpus=2) [ 853.779200][ C0] rcu: All QSes seen, last rcu_preempt kthread activity 10502 (4295022562-4295012060), jiffies_till_next_fqs=1, root ->qsmask 0x0 [ 853.792926][ C0] rcu: rcu_preempt kthread timer wakeup didn't happen for 10501 jiffies! g96449 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x200 [ 853.805263][ C0] rcu: Possible timer handling issue on cpu=1 timer-softirq=42367 [ 853.813175][ C0] rcu: rcu_preempt kthread starved for 10502 jiffies! g96449 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x200 ->cpu=1 [ 853.824556][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 853.834522][ C0] rcu: RCU grace-period kthread stack dump: [ 853.840410][ C0] task:rcu_preempt state:R stack:27752 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000 [ 853.852395][ C0] Call Trace: [ 853.855675][ C0] [ 853.858611][ C0] __schedule+0x1295/0x67a0 [ 853.863148][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 853.868829][ C0] ? __pfx___schedule+0x10/0x10 [ 853.873707][ C0] ? find_held_lock+0x2b/0x80 [ 853.878423][ C0] ? schedule+0x2bf/0x390 [ 853.882776][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 853.888440][ C0] schedule+0xdd/0x390 [ 853.892536][ C0] schedule_timeout+0x127/0x280 [ 853.897414][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 853.902811][ C0] ? __pfx_process_timeout+0x10/0x10 [ 853.908138][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 853.913791][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 853.919628][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 853.925281][ C0] ? prepare_to_swait_event+0xdf/0x4a0 [ 853.930769][ C0] rcu_gp_fqs_loop+0x1a9/0x900 [ 853.935552][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 853.941209][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 853.946518][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 853.952172][ C0] ? __pfx_rcu_gp_init+0x10/0x10 [ 853.957133][ C0] ? __pfx_rcu_gp_cleanup+0x10/0x10 [ 853.962391][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 853.968238][ C0] rcu_gp_kthread+0x179/0x230 [ 853.972940][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 853.978153][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 853.983991][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 853.989735][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 853.995390][ C0] ? __kthread_parkme+0x18c/0x230 [ 854.000462][ C0] ? kthread+0x13a/0x450 [ 854.004722][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 854.009936][ C0] kthread+0x370/0x450 [ 854.014028][ C0] ? __pfx_kthread+0x10/0x10 [ 854.018639][ C0] ret_from_fork+0x72b/0xd50 [ 854.023255][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 854.028392][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 854.034053][ C0] ? __switch_to+0x800/0x1100 [ 854.038763][ C0] ? __switch_to_asm+0x39/0x70 [ 854.043554][ C0] ? __pfx_kthread+0x10/0x10 [ 854.048165][ C0] ret_from_fork_asm+0x1a/0x30 [ 854.052978][ C0] [ 854.055996][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 854.062311][ C0] Sending NMI from CPU 0 to CPUs 1: [ 854.067520][ C1] NMI backtrace for cpu 1 [ 854.067545][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G L syzkaller #0 PREEMPT(full) [ 854.067590][ C1] Tainted: [L]=SOFTLOCKUP [ 854.067601][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 854.067621][ C1] RIP: 0010:enqueue_hrtimer+0x226/0x2f0 [ 854.067676][ C1] Code: 3c 02 00 0f 85 ce 00 00 00 48 89 6b 48 e8 b2 45 14 00 44 89 e0 5b 5d 41 5c 41 5d 41 5e e9 ed f8 1b ff e8 9d 45 14 00 48 89 da <48> b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 9f 00 [ 854.067709][ C1] RSP: 0018:ffffc90000a08e58 EFLAGS: 00000046 [ 854.067735][ C1] RAX: 0000000080010002 RBX: ffff8880b8528600 RCX: ffffffff81f44658 [ 854.067756][ C1] RDX: ffff8880b8528600 RSI: ffffffff81f44823 RDI: ffff88801e2c8000 [ 854.067778][ C1] RBP: ffff888025b31300 R08: 0000000000000005 R09: 0000000000000000 [ 854.067799][ C1] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 [ 854.067819][ C1] R13: 0000000000000000 R14: 0000000000000001 R15: ffff8880b8528650 [ 854.067842][ C1] FS: 0000000000000000(0000) GS:ffff888124470000(0000) knlGS:0000000000000000 [ 854.067871][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 854.067897][ C1] CR2: 00007f09af185b00 CR3: 000000000e596000 CR4: 0000000000350ef0 [ 854.067919][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 854.067939][ C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 854.067960][ C1] Call Trace: [ 854.067970][ C1] [ 854.067985][ C1] __hrtimer_run_queues+0x73d/0xa00 [ 854.068039][ C1] ? rcu_is_watching+0x12/0xc0 [ 854.068096][ C1] hrtimer_interrupt+0x3e5/0x940 [ 854.068163][ C1] __sysvec_apic_timer_interrupt+0x10b/0x460 [ 854.068212][ C1] sysvec_apic_timer_interrupt+0x9e/0xc0 [ 854.068265][ C1] [ 854.068275][ C1] [ 854.068287][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 854.068325][ C1] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 854.068375][ C1] Code: c6 93 02 e9 ae e8 86 f5 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e3 21 22 00 fb f4 87 e8 86 f5 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 854.068407][ C1] RSP: 0018:ffffc90000197df0 EFLAGS: 00000246 [ 854.068431][ C1] RAX: 0000000000c37faf RBX: ffff88801e2c8000 RCX: ffffffff8b897095 [ 854.068453][ C1] RDX: 0000000000000000 RSI: ffffffff8df1fd6b RDI: ffffffff8c1c3900 [ 854.068475][ C1] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed10170a67b5 [ 854.068495][ C1] R10: ffff8880b8533dab R11: 0000000000000000 R12: 0000000000000001 [ 854.068516][ C1] R13: ffffed1003c59000 R14: 0000000000000001 R15: ffffffff90d7f250 [ 854.068545][ C1] ? ct_kernel_exit+0x125/0x180 [ 854.068603][ C1] default_idle+0x9/0x10 [ 854.068634][ C1] default_idle_call+0x6c/0xb0 [ 854.068672][ C1] do_idle+0x464/0x590 [ 854.068725][ C1] ? __pfx_do_idle+0x10/0x10 [ 854.068774][ C1] ? finish_task_switch.isra.0+0x152/0x1010 [ 854.068836][ C1] cpu_startup_entry+0x4f/0x60 [ 854.068889][ C1] start_secondary+0x21d/0x2d0 [ 854.068924][ C1] ? __pfx_start_secondary+0x10/0x10 [ 854.068965][ C1] common_startup_64+0x13e/0x148 [ 854.069024][ C1] [ 991.845439][ C0] watchdog: BUG: soft lockup - CPU#0 stuck for 246s! [kworker/u8:12:3321] [ 991.845481][ C0] Modules linked in: [ 991.845499][ C0] irq event stamp: 2491232 [ 991.845512][ C0] hardirqs last enabled at (2491231): [] irqentry_exit+0x24d/0x7e0 [ 991.845582][ C0] hardirqs last disabled at (2491232): [] sysvec_apic_timer_interrupt+0xe/0xc0 [ 991.845645][ C0] softirqs last enabled at (2491230): [] __irq_exit_rcu+0x162/0x210 [ 991.845704][ C0] softirqs last disabled at (2491199): [] __irq_exit_rcu+0x162/0x210 [ 991.845774][ C0] CPU: 0 UID: 0 PID: 3321 Comm: kworker/u8:12 Tainted: G L syzkaller #0 PREEMPT(full) [ 991.845825][ C0] Tainted: [L]=SOFTLOCKUP [ 991.845838][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 991.845862][ C0] Workqueue: events_unbound toggle_allocation_gate [ 991.845912][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0xb/0x70 [ 991.845956][ C0] Code: 60 00 be 03 00 00 00 5b e9 32 9c ef 02 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 65 8b 05 65 72 02 12 <48> 8b 34 24 65 48 8b 15 41 72 02 12 a9 00 01 ff 00 74 1b f6 c4 01 [ 991.845991][ C0] RSP: 0018:ffffc90010387868 EFLAGS: 00000202 [ 991.846018][ C0] RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff81fc0abd [ 991.846041][ C0] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff8880344f3d80 [ 991.846064][ C0] RBP: ffff8880b8541080 R08: 0000000000000005 R09: 0000000000000000 [ 991.846087][ C0] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000003 [ 991.846109][ C0] R13: ffffed10170a8211 R14: 0000000000000001 R15: ffff8880b843c700 [ 991.846135][ C0] FS: 0000000000000000(0000) GS:ffff888124370000(0000) knlGS:0000000000000000 [ 991.846166][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 991.846191][ C0] CR2: 00007f14618354ac CR3: 000000000e596000 CR4: 0000000000350ef0 [ 991.846214][ C0] Call Trace: [ 991.846225][ C0] [ 991.846237][ C0] smp_call_function_many_cond+0x587/0x1700 [ 991.846289][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 991.846350][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 991.846394][ C0] ? __pfx_text_poke_memcpy+0x10/0x10 [ 991.846455][ C0] ? __pfx___text_poke+0x10/0x10 [ 991.846513][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 991.846564][ C0] on_each_cpu_cond_mask+0x40/0x90 [ 991.846608][ C0] ? kmem_cache_alloc_from_sheaf_noprof+0x39/0x190 [ 991.846664][ C0] smp_text_poke_batch_finish+0x337/0xc60 [ 991.846731][ C0] ? __pfx_smp_text_poke_batch_finish+0x10/0x10 [ 991.846796][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 991.846841][ C0] ? arch_jump_label_transform_queue+0xc0/0x120 [ 991.846902][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 991.846945][ C0] ? find_held_lock+0x2b/0x80 [ 991.847015][ C0] arch_jump_label_transform_apply+0x1c/0x30 [ 991.847075][ C0] jump_label_update+0x37a/0x550 [ 991.847139][ C0] static_key_enable_cpuslocked+0x1bc/0x270 [ 991.847201][ C0] static_key_enable+0x1a/0x20 [ 991.847276][ C0] toggle_allocation_gate+0xfe/0x2d0 [ 991.847329][ C0] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 991.847382][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 991.847429][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 991.847476][ C0] ? rcu_is_watching+0x12/0xc0 [ 991.847530][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 991.847582][ C0] process_one_work+0xa0e/0x1980 [ 991.847648][ C0] ? __pfx_process_one_work+0x10/0x10 [ 991.847692][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 991.847751][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 991.847802][ C0] worker_thread+0x5ef/0xe50 [ 991.847865][ C0] ? kthread+0x13a/0x450 [ 991.847903][ C0] ? __pfx_worker_thread+0x10/0x10 [ 991.847945][ C0] kthread+0x370/0x450 [ 991.847985][ C0] ? __pfx_kthread+0x10/0x10 [ 991.848028][ C0] ret_from_fork+0x72b/0xd50 [ 991.848074][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 991.848119][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 991.848163][ C0] ? __switch_to+0x800/0x1100 [ 991.848214][ C0] ? __switch_to_asm+0x39/0x70 [ 991.848264][ C0] ? __pfx_kthread+0x10/0x10 [ 991.848307][ C0] ret_from_fork_asm+0x1a/0x30 [ 991.848381][ C0] [ 991.848395][ C0] Sending NMI from CPU 0 to CPUs 1: [ 992.255178][ C1] NMI backtrace for cpu 1 [ 992.255205][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G L syzkaller #0 PREEMPT(full) [ 992.255251][ C1] Tainted: [L]=SOFTLOCKUP [ 992.255263][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 992.255282][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0x22/0x80 [ 992.255339][ C1] Code: 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 46 22 58 f6 48 89 df e8 1e 72 58 f6 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 bf 01 00 00 00 e8 a5 [ 992.255372][ C1] RSP: 0018:ffffc90000a08d88 EFLAGS: 00000046 [ 992.255398][ C1] RAX: 0000000000000001 RBX: ffffffff9b407be0 RCX: ffffffff81e4c363 [ 992.255419][ C1] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff9b407be0 [ 992.255439][ C1] RBP: 0000000000000016 R08: 0000000000000000 R09: fffffbfff3680f7c [ 992.255460][ C1] R10: ffffffff9b407be3 R11: 0000000000000001 R12: 0000000000000003 [ 992.255481][ C1] R13: dffffc0000000000 R14: ffff888025b31300 R15: 1ffff920001411b6 [ 992.255506][ C1] FS: 0000000000000000(0000) GS:ffff888124470000(0000) knlGS:0000000000000000 [ 992.255536][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 992.255557][ C1] CR2: 00007f09af185b00 CR3: 000000000e596000 CR4: 0000000000350ef0 [ 992.255579][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 992.255598][ C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 992.255619][ C1] Call Trace: [ 992.255631][ C1] [ 992.255645][ C1] debug_object_deactivate+0x2e4/0x3b0 [ 992.255701][ C1] ? __pfx_debug_object_deactivate+0x10/0x10 [ 992.255764][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 992.255805][ C1] ? timerqueue_linked_add+0x260/0x430 [ 992.255842][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 992.255887][ C1] __hrtimer_run_queues+0x2f0/0xa00 [ 992.255941][ C1] ? rcu_is_watching+0x12/0xc0 [ 992.255995][ C1] hrtimer_interrupt+0x3e5/0x940 [ 992.256059][ C1] __sysvec_apic_timer_interrupt+0x10b/0x460 [ 992.256107][ C1] sysvec_apic_timer_interrupt+0x9e/0xc0 [ 992.256158][ C1] [ 992.256168][ C1] [ 992.256180][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 992.256217][ C1] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 992.256267][ C1] Code: c6 93 02 e9 ae e8 86 f5 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e3 21 22 00 fb f4 87 e8 86 f5 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 992.256299][ C1] RSP: 0018:ffffc90000197df0 EFLAGS: 00000246 [ 992.256324][ C1] RAX: 0000000000c37faf RBX: ffff88801e2c8000 RCX: ffffffff8b897095 [ 992.256346][ C1] RDX: 0000000000000000 RSI: ffffffff8df1fd6b RDI: ffffffff8c1c3900 [ 992.256367][ C1] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed10170a67b5 [ 992.256388][ C1] R10: ffff8880b8533dab R11: 0000000000000000 R12: 0000000000000001 [ 992.256408][ C1] R13: ffffed1003c59000 R14: 0000000000000001 R15: ffffffff90d7f250 [ 992.256437][ C1] ? ct_kernel_exit+0x125/0x180 [ 992.256494][ C1] default_idle+0x9/0x10 [ 992.256526][ C1] default_idle_call+0x6c/0xb0 [ 992.256560][ C1] do_idle+0x464/0x590 [ 992.256613][ C1] ? __pfx_do_idle+0x10/0x10 [ 992.256661][ C1] ? finish_task_switch.isra.0+0x152/0x1010 [ 992.256729][ C1] cpu_startup_entry+0x4f/0x60 [ 992.256782][ C1] start_secondary+0x21d/0x2d0 [ 992.256816][ C1] ? __pfx_start_secondary+0x10/0x10 [ 992.256857][ C1] common_startup_64+0x13e/0x148 [ 992.256916][ C1] [ 992.591286][ C0] Kernel panic - not syncing: softlockup: hung tasks [ 992.597966][ C0] CPU: 0 UID: 0 PID: 3321 Comm: kworker/u8:12 Tainted: G L syzkaller #0 PREEMPT(full) [ 992.609093][ C0] Tainted: [L]=SOFTLOCKUP [ 992.613414][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 992.623483][ C0] Workqueue: events_unbound toggle_allocation_gate [ 992.630022][ C0] Call Trace: [ 992.633301][ C0] [ 992.636147][ C0] dump_stack_lvl+0x100/0x190 [ 992.640844][ C0] vpanic+0x552/0x970 [ 992.644841][ C0] ? __pfx_vpanic+0x10/0x10 [ 992.649789][ C0] ? __entry_text_end+0x1020b5/0x1020b9 [ 992.655361][ C0] ? do_raw_spin_unlock+0x145/0x1e0 [ 992.660597][ C0] panic+0xd1/0xe0 [ 992.664330][ C0] ? __pfx_panic+0x10/0x10 [ 992.668756][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 992.674422][ C0] ? __pfx_printk_trigger_flush+0x10/0x10 [ 992.680170][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 992.685825][ C0] ? wq_watchdog_touch+0xec/0x1a0 [ 992.690869][ C0] ? watchdog_timer_fn.cold+0x5/0x25 [ 992.696171][ C0] ? watchdog_timer_fn+0x702/0x7a0 [ 992.701394][ C0] watchdog_timer_fn.cold+0x16/0x25 [ 992.706613][ C0] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 992.712095][ C0] __hrtimer_run_queues+0x142/0xa00 [ 992.717343][ C0] hrtimer_interrupt+0x3e5/0x940 [ 992.722334][ C0] __sysvec_apic_timer_interrupt+0x10b/0x460 [ 992.728347][ C0] sysvec_apic_timer_interrupt+0x9e/0xc0 [ 992.734014][ C0] [ 992.736940][ C0] [ 992.739870][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 992.745868][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0xb/0x70 [ 992.751952][ C0] Code: 60 00 be 03 00 00 00 5b e9 32 9c ef 02 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 65 8b 05 65 72 02 12 <48> 8b 34 24 65 48 8b 15 41 72 02 12 a9 00 01 ff 00 74 1b f6 c4 01 [ 992.771572][ C0] RSP: 0018:ffffc90010387868 EFLAGS: 00000202 [ 992.777658][ C0] RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff81fc0abd [ 992.785632][ C0] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff8880344f3d80 [ 992.793608][ C0] RBP: ffff8880b8541080 R08: 0000000000000005 R09: 0000000000000000 [ 992.801587][ C0] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000003 [ 992.809567][ C0] R13: ffffed10170a8211 R14: 0000000000000001 R15: ffff8880b843c700 [ 992.817563][ C0] ? smp_call_function_many_cond+0x5ad/0x1700 [ 992.823668][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 992.829325][ C0] smp_call_function_many_cond+0x587/0x1700 [ 992.835245][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 992.840306][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 992.846651][ C0] ? __pfx_text_poke_memcpy+0x10/0x10 [ 992.852060][ C0] ? __pfx___text_poke+0x10/0x10 [ 992.857027][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 992.862078][ C0] on_each_cpu_cond_mask+0x40/0x90 [ 992.867211][ C0] ? kmem_cache_alloc_from_sheaf_noprof+0x39/0x190 [ 992.873768][ C0] smp_text_poke_batch_finish+0x337/0xc60 [ 992.879539][ C0] ? __pfx_smp_text_poke_batch_finish+0x10/0x10 [ 992.885819][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 992.891478][ C0] ? arch_jump_label_transform_queue+0xc0/0x120 [ 992.897761][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 992.903420][ C0] ? find_held_lock+0x2b/0x80 [ 992.908151][ C0] arch_jump_label_transform_apply+0x1c/0x30 [ 992.914169][ C0] jump_label_update+0x37a/0x550 [ 992.919149][ C0] static_key_enable_cpuslocked+0x1bc/0x270 [ 992.925080][ C0] static_key_enable+0x1a/0x20 [ 992.929879][ C0] toggle_allocation_gate+0xfe/0x2d0 [ 992.935194][ C0] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 992.941118][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 992.946774][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 992.952431][ C0] ? rcu_is_watching+0x12/0xc0 [ 992.957228][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 992.962890][ C0] process_one_work+0xa0e/0x1980 [ 992.967875][ C0] ? __pfx_process_one_work+0x10/0x10 [ 992.973266][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 992.978932][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 992.984589][ C0] worker_thread+0x5ef/0xe50 [ 992.989220][ C0] ? kthread+0x13a/0x450 [ 992.993480][ C0] ? __pfx_worker_thread+0x10/0x10 [ 992.998610][ C0] kthread+0x370/0x450 [ 993.002697][ C0] ? __pfx_kthread+0x10/0x10 [ 993.007310][ C0] ret_from_fork+0x72b/0xd50 [ 993.011923][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 993.017060][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 993.022718][ C0] ? __switch_to+0x800/0x1100 [ 993.027423][ C0] ? __switch_to_asm+0x39/0x70 [ 993.032313][ C0] ? __pfx_kthread+0x10/0x10 [ 993.036923][ C0] ret_from_fork_asm+0x1a/0x30 [ 993.041740][ C0] [ 994.210382][ C0] Shutting down cpus with NMI [ 994.215485][ C0] Kernel Offset: disabled [ 994.219816][ C0] Rebooting in 86400 seconds..