last executing test programs: 11.581346533s ago: executing program 2 (id=4057): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r5, 0x0, 0x0, 0x805, 0x0, 0x0) syz_emit_ethernet(0x46, &(0x7f00000001c0)={@broadcast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "010526", 0x10, 0x3a, 0x0, @private0, @mcast2, {[@hopopts={0x32}], @ndisc_rs}}}}}, 0x0) 9.785575524s ago: executing program 2 (id=4064): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r4, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xdd86, r6}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 9.319517711s ago: executing program 3 (id=4071): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) r4 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0xffffffffffffffff, r5) keyctl$chown(0x4, r3, 0x0, r5) 9.287898554s ago: executing program 3 (id=4073): syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x880, &(0x7f00000004c0)=ANY=[@ANYRES64=0x0], 0x1, 0x5531, &(0x7f0000000b00)="$eJzs3EtvG1UUAODrpOmbEiEW7DpShZRItVWnSQW7AK14iFQRjwUr6tiO5db2RLHjhKxYsEQs+CcIJFYs+Q0sWLNDLEDskIo89wY1PCpQHJsk3ydNz8yd6zPnjqpEZyZyAM6s+ezXn0vhWrgUQpgNIVwNodgvpa2wGsMLIYTrIYSZJ7ZSGv9j4HwI4XII4dooecxZSqc+vzm8sfLTW798892Fc1e++Pr76a0amLYXQwjdrbi/240xb8X4MI3Xhu0idpeHKcYT3UfpOI9xt7lRZNitHcyrFfF2K87Pt3b6o7jZqdVHsdXeLMa3evGC/WHrIE/xgYe17eK40dwoYrufF7G1H+va248/2/b7g5inkfJ9VKQPg8FBjOPNvWZcz9ajItZ7gzQe8+aN5t4oDlNMlwv1vNMo6tg4yp3+f3u73dvZy4bN7X4772UrlepLleqdcnU7bzQHzeVyrdu4s5wttDqjaeVBs9ZdbeV5q9Os1PPuYrbQqtfL1Wq2cLe50a71smq1crtyq7yymPZuZq/ffz/rNLKFUXy13dsZtDv9bDPfzuInFrOlyu2XF7Mb1ezdtfVs/Z1799bW3/vw7gf3X1l787U06S9lZQtLt5aWytVb5aXq4sld/+h3/X9a/yep6DGuH46k9LSTDyZXB8AJov8HpmGi/f9cGHv/H/T/Y6H/P7Prf5wc7QZytj21/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DT7Ye7LN4qd+Xh8JY0/k4aeS8elEMJMCOHx35gN5w/lnE155v5h/tyfavi2FIoMo2tcSNvlEMJq2n579rjvAgAAAJxeX318/bPYrcd/5qddEJMUH9rMXH0wpnylEMLc/I9jyBLSw6bw/NGrikb/v8+FvTFlKx5gXRxTsvjI7dy4sv0rs4fCxSdCKYaZg5nnJ1oXAABwnA53ApPtQgAAAJikT6ddANNRvGlNf4ufXvNdiCG9ELx06AgAAAA4gUrTLgAAAAA4dkX/7/v/AAAA4HSL3/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+zcze5aQNRAICfDS609AdV3fcq3cExeoQuu4y4CkcgV8gFOAPZZZtdBBH2JAoRhBAbE6Lvk+xhbOvxjPDijUcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABzTdTEbX1787teNs1zV08zdAAAAANssitm4/DCs+oN0/Fs69DP1s4jII2Jb7d6JTxsxOylOseP64lkOVxFlhPV39NL2JSL+pO3ux7F/BQAAAPi45pPpqKrWq93w1AnRpmrQJv/6t6F4WUQUw5uGouXr3a9XXbraPz60/n934/+Os9lhqZUDW1F7ysyDcsit21S0/TrpcX9s+k+arGry9tIBAADaslkJtFiFAAAA0LJ/p06A0yjfeqa5+GkCf69q0gvBzxs9AAAA4AwdOusZAAAAeI8GL54t6/8zWP/v+631/wAAAODNqvX/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOKZFMRvPJ9NR3TjLVT3N3A0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAPfvzjsIwDAZhcJMor07oAr7/Lc2C3bp1MwOCj38rAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABceRwvzzNejZlso9eZ5N3zSvLp1Ph2avw6N/5Jxrr7NwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF/3ul/8TU+NMMnfaWDoeSdauGltXjb0HjaMH4+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fvGzcVBwD8e+fzlRYQIaAMQYhKDLDQ9FpaujKAIgb+BKQovZbAlR9tBlpVoCxsKHMXBCNCSKCw9X/o3EpdytbhhiIxMYDss5PXo4iDKvaRfD7S8/vacvy+z4mifP2cAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA2fnMvzorNwiTuVsduP7i+XvR3pvrCze27y0Ur4s7fXP+L/Up8/r2Y7nSW2ksEAACAwyOr6/uIfuQ7q0XQXSjr/7w+p6j5v3l6Etf1/HTdX/d17V+0n3+6//zuQAuTcYqLXtgYDU/+NZVeto/znGfP/OMZvfLOl89esvIb0n1n67lxXt7Pzle3br3VL8MjTWQLAPwXJ+q+Cuq/h4p+0GZiABwavaoV7lX1f7bQbk4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATehvxZN13ImI5d5eXLjz4Pp62U/t39y+u1y3szdubKfXLC6RR8SFjdHwZFMT+R+4cvXah2uj0fBy88FLEdHe6FXw3gznRLSZoeBxg271sz7bVx2PiPZzbj9o+RcTAAAHTl61oq6/l++sFsc6ixF/fPtw/f9KEkda/0/1af1///2zt9Ox0vp/0NgM59/K5qVPVq5cvfbaxqW1i8OLw49ePzV4Y3D63Jkz51bKZyUrnpgAAADwePpVS+v/7mLEeGr9/1gSx4z1/6dfDz5Px8rU/4+0t+jXdiYAAACH27PHf/u184jjnX4/Plvb3Lw8mGx3909Nti2k+q8dqVpa/2eLbWcFAAAANGG81Xlo/f98EseM6/9PfffCD+k1s4g4Wq3/n1j/eHS+uem05PeZzmri34n3faoAAADMtaNVS9f/8/L9/+7uKw/diHj15UlcfQzgTPV/9vaX36djpe//n25uinOpuzS5H2W/FNFbajsjAAAADrInqlYU+7/kO6sf/Hjs3b73/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACa9mcAAAD//6vIRLE=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSARP(r4, 0x8955, &(0x7f0000000a80)={{0x2, 0x4e22, @empty}, {0x0, @remote}, 0x48, {0x2, 0x0, @empty}, 'lo\x00'}) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000240), 0x35c, 0x0) syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000000)='.\x00', 0x18424bc, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, &(0x7f0000000000)) 8.892718074s ago: executing program 2 (id=4078): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000052000102"], 0x14}}, 0x40044c4) recvmmsg$unix(r3, &(0x7f00000067c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40, 0x0) 7.825455061s ago: executing program 2 (id=4083): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) r5 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0xffffffffffffffff, r6) keyctl$chown(0x4, r4, 0x0, r6) 5.816147114s ago: executing program 3 (id=4092): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r3, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x2) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) 4.522463854s ago: executing program 3 (id=4098): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r3, 0x0, 0x0) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) ptrace$poke(0x5, r5, 0x0, 0x0) 4.393542167s ago: executing program 1 (id=4100): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) sendmmsg$inet6(r2, &(0x7f00000075c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40804) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$pppl2tp(0x18, 0x1, 0x1) r5 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @dev}, 0x2}}, 0x2e) 4.393192708s ago: executing program 3 (id=4101): open(&(0x7f0000000040)='./file0\x00', 0x200180, 0x110) r0 = shmget$private(0x0, 0x400000, 0x184, &(0x7f0000c00000/0x400000)=nil) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r2, @ANYRES64=r1], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r2, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r3, 0x0, 0x0, 0x805, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r4, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) shmat(r0, &(0x7f0000d7d000/0x3000)=nil, 0x6000) shmdt(0x0) shmat(r0, &(0x7f0000e19000/0x2000)=nil, 0x4000) 4.383962799s ago: executing program 2 (id=4102): r0 = fsopen(&(0x7f0000001140)='hugetlbfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) fallocate(r2, 0x3, 0xc, 0x8000c62) 4.342816923s ago: executing program 1 (id=4103): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6f, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r3, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) 4.229449804s ago: executing program 1 (id=4104): rt_sigaction(0xd, &(0x7f0000000040)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r4, 0x29, 0x2a, &(0x7f00000001c0)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f700000000000000000000000000000000000000000000000000000000000000060000000000000000050000000a004e200e8a34c38f"], 0x310) 4.228805274s ago: executing program 1 (id=4105): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYBLOB="010000"], 0x14}}, 0x0) 4.149991672s ago: executing program 1 (id=4107): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) tkill(0x0, 0x7) 2.961563561s ago: executing program 2 (id=4113): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) r5 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0xffffffffffffffff, r6) keyctl$chown(0x4, r4, 0x0, r6) 1.536110535s ago: executing program 0 (id=4133): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x24040080) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, {0x4}, {0xffff}, {0x2, 0xf}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x9, 0x0, 0x6, 0x10, 0x2, 0x6, 0x2, 0x8, 0x6, 0x4, 0x1, 0x8, 0x9, 0x10, 0x4], 0x3, [0xb, 0x101, 0x7fff, 0x2002, 0x1, 0x4, 0x0, 0xd06, 0x1000, 0x3, 0xb, 0x0, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x7, 0x9, 0x401, 0x5, 0xc, 0x40, 0xfffc, 0x3, 0x4]}}]}}]}, 0x8c}}, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, 0x0) r9 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r9, &(0x7f00000005c0)="ba", 0x1, 0x40, &(0x7f00000001c0)={0x11, 0x8100, 0x0, 0x1, 0xd8, 0x6, @multicast}, 0x14) 1.459707133s ago: executing program 4 (id=4135): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto(r3, 0x0, 0x0, 0x50, 0x0, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r4, &(0x7f0000000b80)=[{0x0}, {&(0x7f0000000880)="1dfd", 0x2}], 0x2) 1.374122622s ago: executing program 4 (id=4136): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r3, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x2) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) 1.309541868s ago: executing program 0 (id=4137): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x6, &(0x7f0000000000)=0x9, 0x4) getsockopt$inet6_tcp_int(r1, 0x6, 0x17, 0x0, &(0x7f00000001c0)) sched_setscheduler(0x0, 0x6, &(0x7f00000000c0)=0x2) r2 = syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r3, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811) r4 = socket$kcm(0x2, 0x1, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000040)={r4}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000040)={r3}) close(0xffffffffffffffff) syz_pidfd_open(r2, 0x0) r5 = fsopen(&(0x7f0000000300)='tracefs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r6, &(0x7f0000001fc0)={0x42, 0x3, 0x0, {0x0, 0x21, 0x0, '/proc/sys/net/ipv4/vs/secure_tcp\x00'}}, 0x42) 1.29248422s ago: executing program 4 (id=4138): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) r2 = dup(r0) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x4004}, 0x10000) socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000080)=0x454a, 0x4) connect$inet(r4, &(0x7f0000000480)={0x2, 0x4e22, @local}, 0x10) sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0) 361.224913ms ago: executing program 0 (id=4139): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) syz_open_procfs(0x0, 0x0) 273.522313ms ago: executing program 3 (id=4140): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r2, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x0, 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r6, 0x0, 0x0, 0x805, 0x0, 0x0) 269.609503ms ago: executing program 1 (id=4141): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x3}) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000000000/0x800000)=nil, 0x800000}) 203.37545ms ago: executing program 4 (id=4142): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r3 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r3, 0x0, 0x0, 0x80, 0x0, 0x0) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) 183.942942ms ago: executing program 0 (id=4143): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r4, 0x0, 0x0, 0x805, 0x0, 0x0) syz_emit_ethernet(0x46, &(0x7f00000001c0)={@broadcast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "010526", 0x10, 0x3a, 0x0, @private0, @mcast2, {[@hopopts={0x32}], @ndisc_rs}}}}}, 0x0) 109.145579ms ago: executing program 0 (id=4144): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = dup(r0) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x4004}, 0x10000) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYBLOB="010000"], 0x14}}, 0x0) 33.389577ms ago: executing program 4 (id=4145): rt_sigaction(0xd, 0x0, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) rt_sigaction(0xd, 0x0, 0x0, 0x8, &(0x7f0000000300)) 32.976987ms ago: executing program 4 (id=4146): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000280)=[{&(0x7f0000000440)="580000001400192340834b80040d8c560a06ffffff7f000000000000000058000b480400945f64009400050038925a01000000800000008004000000ff0109000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r1) 0s ago: executing program 0 (id=4147): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x101401, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x4}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) r4 = socket$inet6(0xa, 0x2, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000027c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r7, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x0, 0xb870cb50772e38c8}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x0) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r8) socket(0x2, 0x5, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) r9 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmmsg$inet(r4, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)}}], 0x1, 0x0) kernel console output (not intermixed with test programs): of data journaling mode [ 396.834503][T11160] EXT4-fs (loop4): 1 truncate cleaned up [ 396.848792][T11160] EXT4-fs (loop4): mounted filesystem without journal. Opts: barrier=0x0000000000000101,errors=remount-ro,. Quota mode: none. [ 397.263068][ T2138] Bluetooth: hci2: command 0x041b tx timeout [ 397.420734][ T4946] team0 (unregistering): Port device team_slave_1 removed [ 397.447860][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 397.454181][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 397.488703][ T4946] team0 (unregistering): Port device team_slave_0 removed [ 397.601537][ T4946] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 397.665757][ T4946] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 397.876613][ T4946] bond0 (unregistering): Released all slaves [ 397.988876][T11163] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2805'. [ 398.035633][T11169] device syzkaller0 entered promiscuous mode [ 398.226273][T11071] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 398.415516][T11071] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 398.438990][T11071] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 398.522285][T11071] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 398.678283][T11202] loop0: detected capacity change from 0 to 1024 [ 398.698298][T11200] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2812'. [ 398.799969][T11202] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 398.999589][T11071] 8021q: adding VLAN 0 to HW filter on device bond0 [ 399.049838][T11071] 8021q: adding VLAN 0 to HW filter on device team0 [ 399.093141][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 399.101989][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 399.137989][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 399.263609][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 399.489620][ T4786] bridge0: port 1(bridge_slave_0) entered blocking state [ 399.496785][ T4786] bridge0: port 1(bridge_slave_0) entered forwarding state [ 400.278070][ T2138] Bluetooth: hci2: command 0x040f tx timeout [ 400.296274][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 400.323904][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 400.354186][ T4786] bridge0: port 2(bridge_slave_1) entered blocking state [ 400.361328][ T4786] bridge0: port 2(bridge_slave_1) entered forwarding state [ 400.462127][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 400.506638][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 400.602053][T11071] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 400.656259][T11071] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 401.068620][T11071] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 401.189911][T11223] device syzkaller0 entered promiscuous mode [ 401.214250][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 401.229798][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 401.270915][T11232] loop0: detected capacity change from 0 to 512 [ 401.270921][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 401.271558][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 401.357241][T11232] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 401.361392][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 401.419101][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 401.447249][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 401.457599][T11232] EXT4-fs (loop0): 1 truncate cleaned up [ 401.463255][T11232] EXT4-fs (loop0): mounted filesystem without journal. Opts: barrier=0x0000000000000101,errors=remount-ro,. Quota mode: none. [ 401.504618][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 401.545118][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 401.631295][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 401.647068][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 401.682623][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 401.726407][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 401.736230][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 401.744122][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 401.801617][T11071] device veth0_vlan entered promiscuous mode [ 401.813275][T11071] device veth1_vlan entered promiscuous mode [ 401.825206][ T5327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 401.846013][ T5327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 401.877837][ T5327] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 401.920696][ T5327] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 401.944341][ T5327] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 402.006277][T11241] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2821'. [ 402.079321][T11071] device veth0_macvtap entered promiscuous mode [ 402.125033][ T5327] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 402.138452][ T5327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 402.183286][ T5327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 402.231874][ T5327] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 402.251249][T11071] device veth1_macvtap entered promiscuous mode [ 402.299202][ T5327] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 402.347505][T11071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.369624][T11071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.402049][T11071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.438741][T11071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.465762][T11071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.476184][T11071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.487253][ T13] Bluetooth: hci2: command 0x0419 tx timeout [ 402.514958][T11071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.542905][T11071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.563053][T11071] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 402.596181][T11071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.624589][T11071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.641996][T11071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.653904][T11071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.664733][T11071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.701554][T11071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.711686][T11071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.722379][T11071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.733976][T11071] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 402.745833][T11256] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2828'. [ 402.755802][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 402.779434][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 402.788415][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 402.797230][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 402.811495][T11071] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.844977][T11071] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.863008][T11071] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.881357][T11071] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.168762][ T4786] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 403.181270][ T492] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 403.235547][ T4786] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 403.250250][ T492] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 403.315524][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 403.341196][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 405.199124][T11292] loop4: detected capacity change from 0 to 1024 [ 405.209059][T11296] device syzkaller0 entered promiscuous mode [ 405.265210][T11298] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2841'. [ 405.267547][T11268] loop1: detected capacity change from 0 to 40427 [ 405.295778][T11268] F2FS-fs (loop1): Invalid SB checksum offset: 0 [ 405.308118][T11292] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 405.327243][T11268] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 405.362560][T11296] tipc: Started in network mode [ 405.383934][T11296] tipc: Node identity 0ab84eac9b75, cluster identity 4711 [ 405.395573][T11268] F2FS-fs (loop1): invalid crc value [ 405.443836][T11296] tipc: Enabled bearer , priority 0 [ 405.483351][T11268] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 405.525301][T11295] tipc: Resetting bearer [ 405.552450][T11295] tipc: Disabling bearer [ 405.619716][T11268] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 405.641510][T11268] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 405.935985][T11320] loop3: detected capacity change from 0 to 1024 [ 407.409937][T11320] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 407.845970][T11337] loop0: detected capacity change from 0 to 4096 [ 407.911973][T11337] EXT4-fs (loop0): Test dummy encryption mode enabled [ 407.949785][T11337] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 407.979714][T11337] System zones: 0-5 [ 408.001387][T11337] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,init_itable,,errors=continue. Quota mode: writeback. [ 409.152130][T11350] device syzkaller0 entered promiscuous mode [ 409.187513][T11350] tipc: Started in network mode [ 409.213428][T11350] tipc: Node identity 9aa428998c89, cluster identity 4711 [ 409.251176][T11350] tipc: Enabled bearer , priority 0 [ 409.285103][T11356] loop0: detected capacity change from 0 to 1024 [ 409.422308][T11356] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 409.439165][T11349] tipc: Resetting bearer [ 409.784193][T11349] tipc: Disabling bearer [ 409.810763][T11360] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2855'. [ 410.128726][T11373] loop0: detected capacity change from 0 to 512 [ 410.174964][T11376] device syzkaller0 entered promiscuous mode [ 411.632673][T11373] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 411.733986][T11373] EXT4-fs (loop0): 1 truncate cleaned up [ 411.839002][T11373] EXT4-fs (loop0): mounted filesystem without journal. Opts: barrier=0x0000000000000101,errors=remount-ro,. Quota mode: none. [ 412.184773][T11373] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2864'. [ 412.937037][ T4946] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.109630][ T4946] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.127925][T11393] loop3: detected capacity change from 0 to 40427 [ 413.181129][T11393] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 413.232354][T11409] chnl_net:caif_netlink_parms(): no params data found [ 413.241640][T11393] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 413.294448][ T4946] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.325951][T11393] F2FS-fs (loop3): invalid crc value [ 413.390006][T11393] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 413.434844][ T4946] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.744911][T11409] bridge0: port 1(bridge_slave_0) entered blocking state [ 413.780538][T11393] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 413.788094][T11409] bridge0: port 1(bridge_slave_0) entered disabled state [ 413.795203][T11393] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 413.820013][T11409] device bridge_slave_0 entered promiscuous mode [ 414.054472][T11409] bridge0: port 2(bridge_slave_1) entered blocking state [ 414.090143][T11409] bridge0: port 2(bridge_slave_1) entered disabled state [ 414.137920][T11409] device bridge_slave_1 entered promiscuous mode [ 414.188135][ T4946] tipc: Left network mode [ 414.360347][T11409] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 414.444507][T11432] loop0: detected capacity change from 0 to 1024 [ 414.454434][T11409] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 414.581719][T11432] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 414.597117][T11409] team0: Port device team_slave_0 added [ 414.689823][T11409] team0: Port device team_slave_1 added [ 414.754959][ T13] Bluetooth: hci4: command 0x0409 tx timeout [ 414.789042][T11409] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 414.816787][T11409] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 414.950990][T11409] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 415.005210][T11409] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 415.038129][T11409] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 415.098719][T11452] 9pnet: Could not find request transport: fd0xffffffffffffffffz [ 415.136001][T11409] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 415.345901][T11409] device hsr_slave_0 entered promiscuous mode [ 415.379644][T11409] device hsr_slave_1 entered promiscuous mode [ 415.386491][T11409] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 415.409866][T11409] Cannot create hsr debugfs directory [ 415.908444][T11468] device syzkaller0 entered promiscuous mode [ 416.310595][ T4946] device hsr_slave_0 left promiscuous mode [ 416.318756][ T4946] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 416.346176][ T4946] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 416.391206][T11488] 9pnet: Insufficient options for proto=fd [ 416.392229][ T4946] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 416.485872][ T4946] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 416.505348][ T4946] device bridge_slave_1 left promiscuous mode [ 416.511557][ T4946] bridge0: port 2(bridge_slave_1) entered disabled state [ 416.574093][ T4946] device bridge_slave_0 left promiscuous mode [ 416.588842][ T4946] bridge0: port 1(bridge_slave_0) entered disabled state [ 416.630358][ T4946] device veth1_macvtap left promiscuous mode [ 416.646395][ T4946] device veth0_macvtap left promiscuous mode [ 416.671664][ T4946] device veth1_vlan left promiscuous mode [ 416.695863][ T4946] device veth0_vlan left promiscuous mode [ 416.946328][T11509] loop4: detected capacity change from 0 to 512 [ 416.949273][T11508] loop3: detected capacity change from 0 to 512 [ 416.960851][ T4946] bond1 (unregistering): Released all slaves [ 416.972472][ T1108] Bluetooth: hci4: command 0x041b tx timeout [ 417.001648][T11508] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 417.024553][T11509] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.2903: inode has both inline data and extents flags [ 417.039179][T11509] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.2903: couldn't read orphan inode 15 (err -117) [ 417.039833][T11508] EXT4-fs (loop3): 1 truncate cleaned up [ 417.058257][T11509] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 417.063748][T11508] EXT4-fs (loop3): mounted filesystem without journal. Opts: barrier=0x0000000000000101,errors=remount-ro,. Quota mode: none. [ 417.219462][ T4946] team0 (unregistering): Port device team_slave_1 removed [ 417.234525][ T4946] team0 (unregistering): Port device team_slave_0 removed [ 417.301925][ T4946] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 417.341455][ T4946] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 417.771231][ T4946] bond0 (unregistering): Released all slaves [ 418.008808][T11508] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2901'. [ 418.134657][T11521] device syzkaller0 entered promiscuous mode [ 418.309715][T11531] device syzkaller0 entered promiscuous mode [ 418.424594][T11409] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 418.450063][T11409] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 418.484710][T11409] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 418.494455][T11409] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 418.509524][T11536] loop4: detected capacity change from 0 to 4096 [ 418.545850][T11536] EXT4-fs (loop4): Test dummy encryption mode enabled [ 418.580098][T11536] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 418.626518][T11552] 9pnet: Insufficient options for proto=fd [ 418.663846][T11536] System zones: 0-5 [ 418.724210][T11536] EXT4-fs (loop4): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,init_itable,,errors=continue. Quota mode: writeback. [ 418.767641][T11409] 8021q: adding VLAN 0 to HW filter on device bond0 [ 418.813966][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 418.849918][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 418.859790][T11558] loop3: detected capacity change from 0 to 512 [ 419.022167][T11409] 8021q: adding VLAN 0 to HW filter on device team0 [ 419.189472][ T26] Bluetooth: hci4: command 0x040f tx timeout [ 419.381617][T11558] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.2913: inode has both inline data and extents flags [ 419.403141][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 419.487173][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 419.510360][T11558] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.2913: couldn't read orphan inode 15 (err -117) [ 419.558192][ T4786] bridge0: port 1(bridge_slave_0) entered blocking state [ 419.565343][ T4786] bridge0: port 1(bridge_slave_0) entered forwarding state [ 419.618514][T11558] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 419.635440][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 419.652049][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 419.669198][ T4786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 419.684185][ T4786] bridge0: port 2(bridge_slave_1) entered blocking state [ 419.691272][ T4786] bridge0: port 2(bridge_slave_1) entered forwarding state [ 419.786361][ T4739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 419.798492][ T4739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 419.852404][T11582] loop4: detected capacity change from 0 to 512 [ 419.878059][ T4739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 420.034409][T11582] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 420.234252][ T4739] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 420.331498][T11582] EXT4-fs (loop4): 1 truncate cleaned up [ 420.337170][T11582] EXT4-fs (loop4): mounted filesystem without journal. Opts: barrier=0x0000000000000101,errors=remount-ro,. Quota mode: none. [ 420.361751][ T4739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 420.418934][ T4739] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 420.488028][T11409] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 420.510472][T11409] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 420.523063][ T4739] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 420.532078][ T4739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 420.540398][ T4739] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 420.586713][ T4739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 420.619716][ T4739] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 420.654504][ T4739] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 420.818016][T11604] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2916'. [ 420.846952][T11603] loop0: detected capacity change from 0 to 512 [ 420.947914][T11603] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 420.993778][T11607] device syzkaller0 entered promiscuous mode [ 421.142074][T11603] EXT4-fs (loop0): 1 truncate cleaned up [ 421.186120][T11603] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsddf,errors=continue,sb=0x000000000000ffff,debug_want_extra_isize=0x0000000000000080,block_validity,bsddf,,errors=continue. Quota mode: none. [ 421.213413][T11612] tipc: Enabled bearer , priority 0 [ 421.234440][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 421.278270][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 421.385948][T11605] tipc: Resetting bearer [ 421.397838][T11621] 9pnet: Insufficient options for proto=fd [ 421.421968][ T4250] Bluetooth: hci4: command 0x0419 tx timeout [ 421.466760][T11605] tipc: Disabling bearer [ 421.525007][T11409] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 421.607067][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 421.645332][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 421.675737][T11636] loop4: detected capacity change from 0 to 512 [ 421.711008][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 421.763331][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 421.783042][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 421.828692][T11636] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.2927: inode has both inline data and extents flags [ 421.842680][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 421.883613][T11645] loop3: detected capacity change from 0 to 512 [ 421.898005][T11409] device veth0_vlan entered promiscuous mode [ 421.952475][T11636] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.2927: couldn't read orphan inode 15 (err -117) [ 421.968524][T11409] device veth1_vlan entered promiscuous mode [ 421.974992][T11636] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 421.996263][T11645] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 422.040813][ T4739] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 422.049613][T11645] EXT4-fs (loop3): 1 truncate cleaned up [ 422.057466][ T4739] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 422.065255][T11645] EXT4-fs (loop3): mounted filesystem without journal. Opts: barrier=0x0000000000000101,errors=remount-ro,. Quota mode: none. [ 422.220134][ T4739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 422.767119][ T4739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 422.786848][T11409] device veth0_macvtap entered promiscuous mode [ 422.794066][T11652] loop0: detected capacity change from 0 to 4096 [ 422.823170][T11409] device veth1_macvtap entered promiscuous mode [ 422.905705][T11409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 422.945606][T11652] EXT4-fs (loop0): Test dummy encryption mode enabled [ 423.026187][T11409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.036028][T11409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 423.046694][T11652] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 423.048770][T11409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.064782][T11409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 423.075248][T11409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.085541][T11409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 423.096087][T11409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.107686][T11409] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 423.131218][T11657] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2931'. [ 423.143713][T11409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 423.156937][T11409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.167176][T11652] System zones: 0-5 [ 423.172868][T11652] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,init_itable,,errors=continue. Quota mode: writeback. [ 423.224620][T11409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 423.256629][T11409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.297212][T11409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 423.340783][T11409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.385714][T11409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 423.396267][T11409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.408365][T11409] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 423.415774][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 423.442372][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 423.477635][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 423.720151][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 423.931635][T11650] loop2: detected capacity change from 0 to 40427 [ 423.971640][T11409] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.010863][T11650] F2FS-fs (loop2): Invalid SB checksum offset: 0 [ 424.024111][T11650] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 424.033908][T11409] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.057716][T11650] F2FS-fs (loop2): invalid crc value [ 424.085514][T11409] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.096840][T11409] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.108964][T11650] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 424.266293][T11650] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 424.280780][T11650] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 424.351036][T11682] loop3: detected capacity change from 0 to 1024 [ 424.929791][T11688] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input18 [ 425.167489][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 425.236884][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 425.276888][T11682] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 425.410237][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 425.410574][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 425.432128][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 425.452226][T11695] loop0: detected capacity change from 0 to 512 [ 425.471215][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 425.546191][T11695] EXT4-fs error (device loop0): ext4_orphan_get:1401: inode #15: comm syz.0.2944: inode has both inline data and extents flags [ 425.632358][T11695] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.2944: couldn't read orphan inode 15 (err -117) [ 425.667166][T11698] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2878'. [ 425.690663][ T26] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 425.738898][T11695] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 425.791541][T11700] loop3: detected capacity change from 0 to 4096 [ 425.943224][T11700] EXT4-fs (loop3): Test dummy encryption mode enabled [ 426.023814][T11700] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 426.031981][ T26] usb 5-1: Using ep0 maxpacket: 16 [ 426.038362][T11700] System zones: 0-5 [ 426.044538][T11700] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,init_itable,,errors=continue. Quota mode: writeback. [ 426.159856][ T26] usb 5-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 426.355182][ T26] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 426.682675][ T26] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 426.696065][ T26] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 426.704488][ T26] usb 5-1: Product: syz [ 426.708653][ T26] usb 5-1: Manufacturer: syz [ 426.713259][ T26] usb 5-1: SerialNumber: syz [ 427.096466][ T26] usb 5-1: 0:2 : does not exist [ 427.167273][ T26] usb 5-1: USB disconnect, device number 3 [ 427.473098][T11739] loop0: detected capacity change from 0 to 1024 [ 427.514707][ T4302] udevd[4302]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 427.553172][T11742] loop1: detected capacity change from 0 to 512 [ 427.573320][T11739] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 427.694617][T11742] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 427.821964][T11742] EXT4-fs (loop1): 1 truncate cleaned up [ 427.890720][T11735] loop2: detected capacity change from 0 to 40427 [ 427.903083][T11742] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsddf,errors=continue,sb=0x000000000000ffff,debug_want_extra_isize=0x0000000000000080,block_validity,bsddf,,errors=continue. Quota mode: none. [ 427.960293][T11735] F2FS-fs (loop2): Invalid SB checksum offset: 0 [ 427.982211][T11735] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 428.012330][T11735] F2FS-fs (loop2): invalid crc value [ 428.086136][T11735] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 428.089653][T11771] loop0: detected capacity change from 0 to 512 [ 428.103601][T11761] loop4: detected capacity change from 0 to 4096 [ 428.157374][T11761] EXT4-fs (loop4): Test dummy encryption mode enabled [ 428.197600][T11761] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 428.213931][T11761] System zones: 0-5 [ 428.237612][T11761] EXT4-fs (loop4): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,init_itable,,errors=continue. Quota mode: writeback. [ 428.302755][T11771] EXT4-fs error (device loop0): ext4_orphan_get:1401: inode #15: comm syz.0.2961: inode has both inline data and extents flags [ 428.411489][T11771] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.2961: couldn't read orphan inode 15 (err -117) [ 428.485086][T11735] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 428.502662][T11771] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 428.525532][T11735] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 431.299820][T11826] loop1: detected capacity change from 0 to 4096 [ 431.390447][T11826] EXT4-fs (loop1): Test dummy encryption mode enabled [ 431.527578][T11826] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 431.600657][T11806] loop0: detected capacity change from 0 to 40427 [ 431.607461][T11826] System zones: 0-5 [ 431.623933][T11826] EXT4-fs (loop1): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,init_itable,,errors=continue. Quota mode: writeback. [ 431.686831][T11806] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 431.696607][T11806] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 431.751254][T11806] F2FS-fs (loop0): invalid crc value [ 431.856722][T11806] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 431.915848][T11860] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2986'. [ 432.082215][T11867] device syzkaller0 entered promiscuous mode [ 432.486137][T11806] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 432.507225][T11806] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 432.815155][T11881] loop2: detected capacity change from 0 to 1024 [ 433.625664][T11881] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 435.122640][T11923] tipc: Started in network mode [ 435.138538][T11923] tipc: Node identity 2a604841269b, cluster identity 4711 [ 435.150478][T11923] tipc: Enabled bearer , priority 0 [ 435.184188][T11921] device syzkaller0 entered promiscuous mode [ 435.213166][T11922] tipc: Disabling bearer [ 435.438284][T11925] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3007'. [ 436.543343][T11933] device syzkaller0 entered promiscuous mode [ 436.931852][T11955] loop3: detected capacity change from 0 to 512 [ 437.021552][T11955] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 437.078618][T11955] EXT4-fs (loop3): 1 truncate cleaned up [ 437.084324][T11955] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsddf,errors=continue,sb=0x000000000000ffff,debug_want_extra_isize=0x0000000000000080,block_validity,bsddf,,errors=continue. Quota mode: none. [ 437.163193][T11970] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3023'. [ 437.264459][T11975] loop4: detected capacity change from 0 to 512 [ 437.411227][T11975] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.3026: inode has both inline data and extents flags [ 437.436697][T11975] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.3026: couldn't read orphan inode 15 (err -117) [ 437.489798][ T1108] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 437.508315][T11975] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 437.873381][ T1108] usb 3-1: Using ep0 maxpacket: 16 [ 438.114811][ T1108] usb 3-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 438.157356][ T1108] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 438.368580][ T1108] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 438.388604][ T1108] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 438.416987][ T1108] usb 3-1: Product: syz [ 438.431998][ T1108] usb 3-1: Manufacturer: syz [ 438.448312][ T1108] usb 3-1: SerialNumber: syz [ 438.800962][ T1108] usb 3-1: 0:2 : does not exist [ 438.909059][ T1108] usb 3-1: USB disconnect, device number 4 [ 439.177390][ T4302] udevd[4302]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 439.177468][T12022] loop4: detected capacity change from 0 to 512 [ 439.246528][T12019] device syzkaller0 entered promiscuous mode [ 439.274866][T12022] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.3041: inode has both inline data and extents flags [ 439.289140][T12022] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.3041: couldn't read orphan inode 15 (err -117) [ 439.306478][T12022] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 439.547169][T12032] loop0: detected capacity change from 0 to 512 [ 440.205470][T12032] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 440.318763][T12032] EXT4-fs (loop0): 1 truncate cleaned up [ 440.332067][T12032] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsddf,errors=continue,sb=0x000000000000ffff,debug_want_extra_isize=0x0000000000000080,block_validity,bsddf,,errors=continue. Quota mode: none. [ 440.707956][T12061] 9pnet: Insufficient options for proto=fd [ 440.890119][T12065] device syzkaller0 entered promiscuous mode [ 441.071891][T12070] netlink: 'syz.3.3058': attribute type 1 has an invalid length. [ 441.266730][T12070] 8021q: adding VLAN 0 to HW filter on device bond1 [ 441.497429][ T1108] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 441.626302][T12097] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3067'. [ 441.753130][ T1108] usb 2-1: Using ep0 maxpacket: 16 [ 441.793708][T12101] device syzkaller0 entered promiscuous mode [ 441.881232][ T1108] usb 2-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 441.912683][ T1108] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 442.110567][ T1108] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 442.136017][ T1108] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 442.156831][ T1108] usb 2-1: Product: syz [ 442.161098][ T1108] usb 2-1: Manufacturer: syz [ 442.165690][ T1108] usb 2-1: SerialNumber: syz [ 442.314668][T12113] tipc: Enabled bearer , priority 0 [ 442.343126][T12112] tipc: Disabling bearer [ 442.552624][ T1108] usb 2-1: 0:2 : does not exist [ 442.651273][ T1108] usb 2-1: USB disconnect, device number 2 [ 442.734378][T12106] loop3: detected capacity change from 0 to 40427 [ 442.814881][T12106] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 442.831787][T12106] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 442.886127][T12106] F2FS-fs (loop3): invalid crc value [ 442.926830][ T4302] udevd[4302]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 442.993279][T12106] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 443.192875][T12106] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 443.199937][T12106] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 443.958435][T12152] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3083'. [ 444.288997][ T25] audit: type=1326 audit(1763471933.866:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12156 comm="syz.2.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f460ddd46c9 code=0x7ffc0000 [ 444.387627][ T25] audit: type=1326 audit(1763471933.866:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12156 comm="syz.2.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f460ddd46c9 code=0x7ffc0000 [ 444.438667][T12159] loop2: detected capacity change from 0 to 512 [ 444.473374][ T25] audit: type=1326 audit(1763471933.903:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12156 comm="syz.2.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f460ddd46c9 code=0x7ffc0000 [ 444.534983][ T25] audit: type=1326 audit(1763471933.903:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12156 comm="syz.2.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f460ddd46c9 code=0x7ffc0000 [ 444.654167][T12159] EXT4-fs error (device loop2): ext4_orphan_get:1401: inode #15: comm syz.2.3088: inode has both inline data and extents flags [ 444.661977][ T25] audit: type=1326 audit(1763471933.903:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12156 comm="syz.2.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f460ddd46c9 code=0x7ffc0000 [ 444.674694][T12159] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.3088: couldn't read orphan inode 15 (err -117) [ 444.716901][T12159] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 444.897343][ T25] audit: type=1326 audit(1763471933.903:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12156 comm="syz.2.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f460ddd46c9 code=0x7ffc0000 [ 444.920831][ T25] audit: type=1326 audit(1763471933.903:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12156 comm="syz.2.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f460ddd46c9 code=0x7ffc0000 [ 444.943250][ T25] audit: type=1326 audit(1763471933.913:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12156 comm="syz.2.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f460ddd46c9 code=0x7ffc0000 [ 444.965653][ T25] audit: type=1326 audit(1763471933.913:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12156 comm="syz.2.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f460ddd46c9 code=0x7ffc0000 [ 445.462246][ T25] audit: type=1326 audit(1763471933.913:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12156 comm="syz.2.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f460ddd46c9 code=0x7ffc0000 [ 445.963485][ T13] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 445.991583][T12189] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3095'. [ 446.251021][ T13] usb 3-1: Using ep0 maxpacket: 32 [ 446.400422][ T13] usb 3-1: config 0 has an invalid interface number: 196 but max is 0 [ 446.421644][ T13] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 446.453335][ T13] usb 3-1: config 0 has no interface number 0 [ 446.490667][ T13] usb 3-1: config 0 interface 196 altsetting 65 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 446.528083][ T13] usb 3-1: config 0 interface 196 has no altsetting 0 [ 446.710345][ T13] usb 3-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 446.719428][ T13] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 446.759952][ T13] usb 3-1: Product: syz [ 446.764911][ T13] usb 3-1: Manufacturer: syz [ 446.769520][ T13] usb 3-1: SerialNumber: syz [ 446.798016][ T13] usb 3-1: config 0 descriptor?? [ 446.846847][ T13] ipheth 3-1:0.196: Unable to find alternate settings interface [ 446.938581][T12197] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3097'. [ 447.057406][ T13] usb 3-1: USB disconnect, device number 5 [ 447.177932][T12193] loop4: detected capacity change from 0 to 40427 [ 447.195010][T12193] F2FS-fs (loop4): Invalid SB checksum offset: 0 [ 447.206776][T12193] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 447.237614][T12193] F2FS-fs (loop4): invalid crc value [ 447.282909][T12193] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 447.414236][T12193] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 447.421734][T12193] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 448.381861][T12226] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3109'. [ 448.627923][ T1108] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 448.729321][T12235] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3113'. [ 448.898408][ T1108] usb 2-1: Using ep0 maxpacket: 16 [ 448.997946][T12247] netlink: 76 bytes leftover after parsing attributes in process `syz.0.3106'. [ 449.026670][ T1108] usb 2-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 449.047915][ T1108] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 449.246343][ T1108] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 449.256180][ T1108] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.285782][ T1108] usb 2-1: Product: syz [ 449.299396][ T1108] usb 2-1: Manufacturer: syz [ 449.310035][ T1108] usb 2-1: SerialNumber: syz [ 449.480276][T12254] device syzkaller0 entered promiscuous mode [ 449.603075][T12246] loop2: detected capacity change from 0 to 40427 [ 449.652260][T12246] F2FS-fs (loop2): Invalid SB checksum offset: 0 [ 449.669448][T12246] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 449.672586][ T1108] usb 2-1: 0:2 : does not exist [ 449.753592][T12246] F2FS-fs (loop2): invalid crc value [ 449.762871][ T1108] usb 2-1: USB disconnect, device number 3 [ 449.782608][T12246] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 449.943096][T12246] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 449.951034][T12246] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 450.147998][ T4302] udevd[4302]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 450.993128][T12293] device syzkaller0 entered promiscuous mode [ 451.591158][ T8510] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 451.857613][ T8510] usb 2-1: Using ep0 maxpacket: 16 [ 452.009181][ T8510] usb 2-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 452.262991][ T8510] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 452.433041][ T8510] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 452.444207][ T8510] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 452.452217][ T8510] usb 2-1: Product: syz [ 452.456797][ T8510] usb 2-1: Manufacturer: syz [ 452.461395][ T8510] usb 2-1: SerialNumber: syz [ 452.474421][T12333] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3148'. [ 452.816933][ T8510] usb 2-1: 0:2 : does not exist [ 452.880884][ T8510] usb 2-1: USB disconnect, device number 4 [ 453.154272][ T4302] udevd[4302]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 453.192946][ T9] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.246492][T12346] chnl_net:caif_netlink_parms(): no params data found [ 453.394963][ T9] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.622115][ T9] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.753876][ T9] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.774099][T12346] bridge0: port 1(bridge_slave_0) entered blocking state [ 453.806905][T12346] bridge0: port 1(bridge_slave_0) entered disabled state [ 453.828585][T12346] device bridge_slave_0 entered promiscuous mode [ 453.863647][T12346] bridge0: port 2(bridge_slave_1) entered blocking state [ 453.921340][T12346] bridge0: port 2(bridge_slave_1) entered disabled state [ 453.944272][T12346] device bridge_slave_1 entered promiscuous mode [ 453.971334][T12370] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3160'. [ 454.032452][T12373] device syzkaller0 entered promiscuous mode [ 454.137142][T12346] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 454.220194][T12346] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 454.297619][ T9] tipc: Left network mode [ 454.366129][T12346] team0: Port device team_slave_0 added [ 454.469931][T12346] team0: Port device team_slave_1 added [ 454.534913][T12346] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 454.541876][T12346] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 454.650026][T12346] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 454.758503][T12346] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 454.765466][T12346] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 454.831219][T12346] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 454.974892][T12346] device hsr_slave_0 entered promiscuous mode [ 454.991830][T12346] device hsr_slave_1 entered promiscuous mode [ 455.008637][T12346] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 455.022980][T12346] Cannot create hsr debugfs directory [ 455.172262][ T4258] Bluetooth: hci1: command 0x0409 tx timeout [ 455.767149][T12346] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 455.774108][ T4258] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 455.818770][T12346] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 455.849081][ T9] device hsr_slave_0 left promiscuous mode [ 455.866293][ T9] device hsr_slave_1 left promiscuous mode [ 455.876877][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 455.884282][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 455.908952][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 455.927168][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 455.935620][ T9] device bridge_slave_1 left promiscuous mode [ 455.950369][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 455.969707][ T9] device bridge_slave_0 left promiscuous mode [ 455.979376][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 456.008604][ T9] device veth1_macvtap left promiscuous mode [ 456.014745][ T9] device veth0_macvtap left promiscuous mode [ 456.020806][ T9] device veth1_vlan left promiscuous mode [ 456.027626][ T9] device veth0_vlan left promiscuous mode [ 456.048102][ T4258] usb 3-1: Using ep0 maxpacket: 16 [ 456.184945][ T4258] usb 3-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 456.195159][ T4258] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 456.273875][ T9] bond1 (unregistering): Released all slaves [ 456.387565][ T4258] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 456.396630][ T4258] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.406329][ T4258] usb 3-1: Product: syz [ 456.417069][ T4258] usb 3-1: Manufacturer: syz [ 456.422266][ T4258] usb 3-1: SerialNumber: syz [ 456.542018][ T9] team0 (unregistering): Port device team_slave_1 removed [ 456.556647][ T9] team0 (unregistering): Port device team_slave_0 removed [ 456.572968][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 456.588409][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 456.673246][ T25] kauditd_printk_skb: 5 callbacks suppressed [ 456.673260][ T25] audit: type=1326 audit(1763471945.490:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12428 comm="syz.0.3170" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2ec63126c9 code=0x0 [ 456.677127][ T9] bond0 (unregistering): Released all slaves [ 456.767941][T12346] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 456.771159][ T4258] usb 3-1: 0:2 : does not exist [ 456.782721][T12346] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 456.825668][ T4258] usb 3-1: USB disconnect, device number 6 [ 457.001258][T12346] 8021q: adding VLAN 0 to HW filter on device bond0 [ 457.019435][T12321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 457.040274][T12321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 457.061338][T12346] 8021q: adding VLAN 0 to HW filter on device team0 [ 457.071546][ T4302] udevd[4302]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 457.101667][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 457.125593][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 457.144549][ T492] bridge0: port 1(bridge_slave_0) entered blocking state [ 457.151639][ T492] bridge0: port 1(bridge_slave_0) entered forwarding state [ 457.177881][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 457.186273][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 457.202172][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 457.230319][ T492] bridge0: port 2(bridge_slave_1) entered blocking state [ 457.237437][ T492] bridge0: port 2(bridge_slave_1) entered forwarding state [ 457.282999][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 457.343548][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 457.369348][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 457.389261][ T8510] Bluetooth: hci1: command 0x041b tx timeout [ 457.410856][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 457.448306][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 457.469697][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 457.509996][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 457.549979][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 457.586376][T12346] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 457.636247][T12346] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 457.718182][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 457.742321][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 457.786886][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 458.485679][T12493] loop0: detected capacity change from 0 to 512 [ 458.627486][T12493] EXT4-fs error (device loop0): ext4_orphan_get:1401: inode #15: comm syz.0.3182: inode has both inline data and extents flags [ 458.658322][T12493] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.3182: couldn't read orphan inode 15 (err -117) [ 458.671854][T12493] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 459.459562][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 459.467047][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 459.604267][T12346] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 459.611523][ T1108] Bluetooth: hci1: command 0x040f tx timeout [ 459.681341][ T4948] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 459.693909][ T4948] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 459.774220][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 459.794108][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 459.818292][T12346] device veth0_vlan entered promiscuous mode [ 459.826895][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 459.857914][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 459.896971][T12557] loop2: detected capacity change from 0 to 512 [ 459.932411][T12346] device veth1_vlan entered promiscuous mode [ 459.967413][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 459.994812][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 460.023200][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 460.036739][T12557] EXT4-fs error (device loop2): ext4_orphan_get:1401: inode #15: comm syz.2.3197: inode has both inline data and extents flags [ 460.086855][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 460.118752][T12557] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.3197: couldn't read orphan inode 15 (err -117) [ 460.149813][T12557] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 460.170567][T12346] device veth0_macvtap entered promiscuous mode [ 460.191188][T12346] device veth1_macvtap entered promiscuous mode [ 460.220762][T12346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 460.263671][T12346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 460.338355][T12346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 460.397487][T12346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 460.429411][T12346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 460.481587][T12346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 460.493625][T12346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 460.504714][T12346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 460.517587][T12346] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 460.529309][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 460.538420][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 460.546682][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 460.566881][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 460.591358][T12346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 460.622226][T12346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 460.640043][T12346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 460.657482][T12346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 460.667680][T12346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 460.683508][T12346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 460.699489][T12346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 460.711744][T12346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 460.728470][T12346] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 460.740294][T12321] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 460.761468][T12321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 460.852709][T12346] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.874555][T12346] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.891845][T12346] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.900703][T12346] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.108848][T12321] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 461.151094][T12321] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 461.179165][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 461.198030][T12603] program syz.2.3209 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 461.222869][ T492] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 461.239647][ T492] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 461.264793][T12606] program syz.2.3209 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 461.270027][T12321] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 461.539789][T12616] netlink: 76 bytes leftover after parsing attributes in process `syz.3.3150'. [ 462.530981][ T1108] Bluetooth: hci1: command 0x0419 tx timeout [ 462.570285][T12618] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3214'. [ 462.738582][T12629] loop2: detected capacity change from 0 to 512 [ 462.877850][T12629] EXT4-fs error (device loop2): ext4_orphan_get:1401: inode #15: comm syz.2.3216: inode has both inline data and extents flags [ 462.944895][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 462.951224][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 462.960295][T12629] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.3216: couldn't read orphan inode 15 (err -117) [ 463.073302][T12644] device syzkaller0 entered promiscuous mode [ 463.096931][T12629] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 463.667614][T12653] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3226'. [ 463.787544][T12662] loop0: detected capacity change from 0 to 512 [ 463.837412][T12662] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 463.864448][T12662] EXT4-fs (loop0): 1 truncate cleaned up [ 463.927811][T12662] EXT4-fs (loop0): mounted filesystem without journal. Opts: barrier=0x0000000000000101,errors=remount-ro,. Quota mode: none. [ 463.944533][T12675] device syzkaller0 entered promiscuous mode [ 464.061476][ T1108] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 464.434648][ T1108] usb 5-1: Using ep0 maxpacket: 16 [ 464.564425][ T1108] usb 5-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 464.799802][ T1108] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 464.893653][T12692] netlink: 'syz.3.3239': attribute type 4 has an invalid length. [ 464.953573][T12692] netlink: 'syz.3.3239': attribute type 4 has an invalid length. [ 465.035722][ T1108] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 465.064541][ T1108] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 465.091495][T12698] device syzkaller0 entered promiscuous mode [ 465.105910][ T1108] usb 5-1: Product: syz [ 465.113167][ T1108] usb 5-1: Manufacturer: syz [ 465.124369][ T1108] usb 5-1: SerialNumber: syz [ 465.167325][T12702] ieee802154 phy0 wpan0: encryption failed: -22 [ 465.324665][T12708] device syzkaller0 entered promiscuous mode [ 465.456646][T12712] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3249'. [ 465.469581][ T1108] usb 5-1: 0:2 : does not exist [ 465.516862][ T1108] usb 5-1: USB disconnect, device number 4 [ 465.559469][T12717] loop0: detected capacity change from 0 to 512 [ 465.649852][T12717] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 465.696364][T12722] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3253'. [ 465.706574][T12717] EXT4-fs (loop0): 1 truncate cleaned up [ 465.712224][T12717] EXT4-fs (loop0): mounted filesystem without journal. Opts: barrier=0x0000000000000101,errors=remount-ro,. Quota mode: none. [ 465.759605][ T4302] udevd[4302]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 466.081924][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #300!!! [ 466.092403][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #302!!! [ 466.101441][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #302!!! [ 466.110492][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!! [ 466.119511][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #38a!!! [ 466.128510][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #38a!!! [ 466.137530][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #38a!!! [ 466.146560][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #38a!!! [ 466.155569][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #38a!!! [ 466.191177][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 466.693533][T12733] device syzkaller0 entered promiscuous mode [ 467.130453][T12736] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3260'. [ 467.161794][T12736] device team1 entered promiscuous mode [ 467.419662][T12749] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 467.456985][T12748] tipc: Enabled bearer , priority 0 [ 467.485997][T12746] tipc: Disabling bearer [ 467.648523][T12759] loop4: detected capacity change from 0 to 512 [ 467.713164][T12759] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 467.783586][T12759] EXT4-fs (loop4): 1 truncate cleaned up [ 467.797575][T12759] EXT4-fs (loop4): mounted filesystem without journal. Opts: barrier=0x0000000000000101,errors=remount-ro,. Quota mode: none. [ 468.735883][ T2138] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 468.824773][T12793] tipc: Started in network mode [ 468.840952][T12793] tipc: Node identity 8a3c8f87d794, cluster identity 4711 [ 468.852989][T12793] tipc: Enabled bearer , priority 0 [ 468.894189][T12790] tipc: Disabling bearer [ 469.017713][ T2138] usb 3-1: Using ep0 maxpacket: 32 [ 469.043171][T12807] loop0: detected capacity change from 0 to 512 [ 469.070698][T12810] device syzkaller0 entered promiscuous mode [ 469.158431][T12807] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 469.220741][T12807] EXT4-fs (loop0): 1 truncate cleaned up [ 469.264351][T12807] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsddf,errors=continue,sb=0x000000000000ffff,debug_want_extra_isize=0x0000000000000080,block_validity,bsddf,,errors=continue. Quota mode: none. [ 470.488744][ T2138] usb 3-1: config 0 has an invalid interface number: 247 but max is 0 [ 470.501880][T12816] loop0: detected capacity change from 0 to 512 [ 470.507801][ T2138] usb 3-1: config 0 has no interface number 0 [ 470.542416][T12816] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 470.575864][T12816] EXT4-fs (loop0): 1 truncate cleaned up [ 470.581514][T12816] EXT4-fs (loop0): mounted filesystem without journal. Opts: barrier=0x0000000000000101,errors=remount-ro,. Quota mode: none. [ 470.765867][ T2138] usb 3-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b [ 470.798312][ T2138] usb 3-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0 [ 470.806326][ T2138] usb 3-1: Product: syz [ 470.821793][ T2138] usb 3-1: Manufacturer: syz [ 471.574965][ T2138] usb 3-1: config 0 descriptor?? [ 471.597275][ T2138] usb 3-1: can't set config #0, error -71 [ 471.623284][ T2138] usb 3-1: USB disconnect, device number 7 [ 471.808927][T12838] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3300'. [ 471.830927][T12837] device syzkaller0 entered promiscuous mode [ 472.299031][T12860] loop1: detected capacity change from 0 to 512 [ 472.407126][T12860] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.3291: inode has both inline data and extents flags [ 472.432095][T12860] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.3291: couldn't read orphan inode 15 (err -117) [ 472.449009][T12864] loop3: detected capacity change from 0 to 512 [ 472.455669][T12860] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 472.591095][T12841] loop2: detected capacity change from 0 to 40427 [ 472.648043][T12864] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 472.692767][T12864] EXT4-fs (loop3): 1 truncate cleaned up [ 472.702791][T12841] F2FS-fs (loop2): Invalid SB checksum offset: 0 [ 472.714734][T12864] EXT4-fs (loop3): mounted filesystem without journal. Opts: barrier=0x0000000000000101,errors=remount-ro,. Quota mode: none. [ 472.737991][T12841] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 473.052838][T12841] F2FS-fs (loop2): invalid crc value [ 473.277401][T12841] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 473.681098][T12737] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 473.898084][T12841] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 473.912513][T12841] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 473.931006][T12737] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.016157][T12856] loop0: detected capacity change from 0 to 40427 [ 474.072088][T12856] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 474.089774][T12856] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 474.133351][T12856] F2FS-fs (loop0): invalid crc value [ 474.175646][T12856] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 474.176186][T12865] chnl_net:caif_netlink_parms(): no params data found [ 474.548404][T12737] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.747890][T12737] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.759952][T12856] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 474.778812][T12856] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 474.869370][ T13] Bluetooth: hci0: command 0x0409 tx timeout [ 474.983262][T12865] bridge0: port 1(bridge_slave_0) entered blocking state [ 474.994608][T12865] bridge0: port 1(bridge_slave_0) entered disabled state [ 475.004823][T12865] device bridge_slave_0 entered promiscuous mode [ 475.017681][T12865] bridge0: port 2(bridge_slave_1) entered blocking state [ 475.026474][T12865] bridge0: port 2(bridge_slave_1) entered disabled state [ 475.035874][T12865] device bridge_slave_1 entered promiscuous mode [ 475.392497][T12865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 475.486043][T12865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 475.699610][T12737] tipc: Left network mode [ 475.733312][T12924] loop1: detected capacity change from 0 to 512 [ 475.757289][T12865] team0: Port device team_slave_0 added [ 475.797854][T12865] team0: Port device team_slave_1 added [ 475.820644][T12924] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.3317: inode has both inline data and extents flags [ 475.877853][T12924] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.3317: couldn't read orphan inode 15 (err -117) [ 475.932744][T12924] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 476.011915][T12865] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 476.019649][T12865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 476.090644][T12938] loop2: detected capacity change from 0 to 512 [ 476.111278][T12865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 476.127094][ T4243] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 476.151363][T12865] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 476.158539][T12865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 476.211767][T12865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 476.274242][T12939] device syzkaller0 entered promiscuous mode [ 476.287250][T12938] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 476.584894][T12938] EXT4-fs (loop2): 1 truncate cleaned up [ 476.606166][T12938] EXT4-fs (loop2): mounted filesystem without journal. Opts: barrier=0x0000000000000101,errors=remount-ro,. Quota mode: none. [ 476.624388][T12865] device hsr_slave_0 entered promiscuous mode [ 476.658193][T12865] device hsr_slave_1 entered promiscuous mode [ 476.714994][T12865] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 476.830508][T12865] Cannot create hsr debugfs directory [ 477.497990][ T7] Bluetooth: hci0: command 0x041b tx timeout [ 477.579795][ T4243] usb 4-1: unable to get BOS descriptor or descriptor too short [ 477.629910][ T4243] usb 4-1: not running at top speed; connect to a high speed hub [ 477.725896][ T4243] usb 4-1: config 15 has an invalid interface number: 168 but max is 0 [ 477.734200][ T4243] usb 4-1: config 15 has no interface number 0 [ 477.779865][ T4243] usb 4-1: config 15 interface 168 has no altsetting 0 [ 477.970312][T12979] device syzkaller0 entered promiscuous mode [ 477.992421][ T4243] usb 4-1: New USB device found, idVendor=1044, idProduct=7002, bcdDevice=f0.ca [ 478.014003][ T4243] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 478.022012][ T4243] usb 4-1: Product: syz [ 478.045519][ T4243] usb 4-1: Manufacturer: syz [ 478.050167][ T4243] usb 4-1: SerialNumber: syz [ 478.273435][T12737] device hsr_slave_0 left promiscuous mode [ 478.286950][T12737] device hsr_slave_1 left promiscuous mode [ 478.302431][T12737] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 478.344220][T12737] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 478.355608][T12737] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 478.384490][T12737] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 478.421398][T12737] device bridge_slave_1 left promiscuous mode [ 478.427591][T12737] bridge0: port 2(bridge_slave_1) entered disabled state [ 478.431031][T12966] loop1: detected capacity change from 0 to 40427 [ 478.444502][T12737] device bridge_slave_0 left promiscuous mode [ 478.447435][T12994] loop2: detected capacity change from 0 to 512 [ 478.451147][T12737] bridge0: port 1(bridge_slave_0) entered disabled state [ 478.467794][T12737] device veth1_macvtap left promiscuous mode [ 478.474231][T12737] device veth0_macvtap left promiscuous mode [ 478.480286][T12737] device veth1_vlan left promiscuous mode [ 478.486228][T12737] device veth0_vlan left promiscuous mode [ 478.498182][T12966] F2FS-fs (loop1): Invalid SB checksum offset: 0 [ 478.511803][T12966] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 478.535956][T12994] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 478.549225][T12966] F2FS-fs (loop1): invalid crc value [ 478.568336][T12994] EXT4-fs (loop2): 1 truncate cleaned up [ 478.577819][T12994] EXT4-fs (loop2): mounted filesystem without journal. Opts: barrier=0x0000000000000101,errors=remount-ro,. Quota mode: none. [ 478.610970][T12966] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 478.756578][T12966] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 478.763770][T12966] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 478.845000][ T4243] dvb-usb: found a 'Gigabyte U8000-RH' in warm state. [ 478.875589][ T4243] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 478.934554][ T4243] dvbdev: DVB: registering new adapter (Gigabyte U8000-RH) [ 478.976411][ T4243] usb 4-1: media controller created [ 479.009503][ T4243] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 479.149848][ T4243] DVB: Unable to find symbol dib7000p_attach() [ 479.162406][ T4243] dvb-usb: no frontend was attached by 'Gigabyte U8000-RH' [ 479.192748][T12737] team0 (unregistering): Port device team_slave_1 removed [ 479.245975][T12737] team0 (unregistering): Port device team_slave_0 removed [ 479.324798][ T4243] rc_core: IR keymap rc-dib0700-rc5 not found [ 479.331396][ T4243] Registered IR keymap rc-empty [ 479.346908][ T4243] dvb-usb: could not initialize remote control. [ 479.353236][ T4243] dvb-usb: Gigabyte U8000-RH successfully initialized and connected. [ 479.394981][ T4243] usb 4-1: USB disconnect, device number 3 [ 479.417010][ T4243] dvb-usb: Gigabyte U8000-RH successfully deinitialized and disconnected. [ 479.644332][ T13] Bluetooth: hci0: command 0x040f tx timeout [ 479.764466][T12865] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 479.873114][T12865] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 479.955479][T12865] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 479.977035][T12865] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 480.259574][T13042] loop2: detected capacity change from 0 to 512 [ 480.378017][T13042] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 480.487843][T13048] ptrace attach of "./syz-executor exec"[13047] was attempted by "./syz-executor exec"[13048] [ 480.527019][T12865] 8021q: adding VLAN 0 to HW filter on device bond0 [ 480.766002][T13042] EXT4-fs (loop2): 1 truncate cleaned up [ 480.877810][T13042] EXT4-fs (loop2): mounted filesystem without journal. Opts: barrier=0x0000000000000101,errors=remount-ro,. Quota mode: none. [ 480.976952][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 481.029453][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 481.213467][T12865] 8021q: adding VLAN 0 to HW filter on device team0 [ 481.339503][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 481.531425][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 481.556060][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 481.563189][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 481.702065][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 482.046817][ T2138] Bluetooth: hci0: command 0x0419 tx timeout [ 482.069825][T12865] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 482.140510][T12865] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 482.177346][T13064] netlink: 76 bytes leftover after parsing attributes in process `syz.1.3348'. [ 482.278684][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 482.287413][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 482.296206][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 482.303308][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 482.313976][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 482.348242][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 482.374438][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 482.425444][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 482.445397][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 482.478856][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 482.494308][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 482.513258][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 482.538507][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 482.561903][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 482.597096][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 482.629486][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 482.746107][ T4258] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 482.947726][ T4529] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 482.956083][ T4529] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 482.996273][T12865] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 483.012431][ T4258] usb 2-1: Using ep0 maxpacket: 32 [ 483.183112][ T4258] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 483.191453][ T4258] usb 2-1: config 0 has no interface number 0 [ 483.202700][T13110] ptrace attach of "./syz-executor exec"[13111] was attempted by "./syz-executor exec"[13110] [ 484.068342][ T4258] usb 2-1: config 0 interface 184 has no altsetting 0 [ 484.269805][T13124] netlink: 76 bytes leftover after parsing attributes in process `syz.3.3361'. [ 484.291752][ T4258] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 484.311650][ T4258] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 484.343875][ T4258] usb 2-1: Product: syz [ 484.348320][ T4258] usb 2-1: Manufacturer: syz [ 484.366090][ T4258] usb 2-1: SerialNumber: syz [ 484.409220][ T4258] usb 2-1: config 0 descriptor?? [ 484.473617][ T4258] smsc75xx v1.0.0 [ 484.475831][T12321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 484.531488][T12321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 484.625906][T12321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 484.670840][T12321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 484.707299][ T4258] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71 [ 484.737318][T12865] device veth0_vlan entered promiscuous mode [ 484.752225][ T4258] smsc75xx: probe of 2-1:0.184 failed with error -71 [ 484.762122][T12321] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 484.776910][T12321] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 484.805201][T13143] device syzkaller0 entered promiscuous mode [ 484.812583][ T4258] usb 2-1: USB disconnect, device number 5 [ 484.816035][T12865] device veth1_vlan entered promiscuous mode [ 484.915324][T13143] tipc: Enabled bearer , priority 0 [ 484.954488][T12321] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 485.012761][T12321] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 485.022795][T12321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 485.037003][T12321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 485.047380][T12865] device veth0_macvtap entered promiscuous mode [ 485.067091][T13140] tipc: Resetting bearer [ 485.095631][T13140] tipc: Disabling bearer [ 485.126172][T12865] device veth1_macvtap entered promiscuous mode [ 485.164287][T12865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 485.197360][T12865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.226104][T12865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 485.257723][T12865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.313032][T12865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 485.334449][T12865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.365423][T12865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 485.413941][T12865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.443232][T12865] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 485.467000][T12321] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 485.482573][T12321] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 485.562920][T12321] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 485.607786][T13145] loop0: detected capacity change from 0 to 40427 [ 485.629283][T12321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 485.661399][T13145] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 485.698453][T13145] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 485.723768][T12865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 485.757426][T13145] F2FS-fs (loop0): invalid crc value [ 485.806062][T13145] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 485.820659][T12865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.849399][T12865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 485.883405][T12865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.914198][T12865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 485.937735][T12865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.960158][T12865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 485.985266][T13145] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 485.995531][T12865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.011207][T13145] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 486.067711][T12865] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 486.101848][ T5327] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 486.123578][ T5327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 486.191747][T12865] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.210054][T12865] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.229174][T12865] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.248902][T12865] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.976116][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 486.990554][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 487.072543][ T4946] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 487.185659][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 487.220535][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 487.270972][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 487.329553][T13198] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3376'. [ 487.701786][T13209] device syzkaller0 entered promiscuous mode [ 487.720285][T13214] overlayfs: workdir and upperdir must be separate subtrees [ 487.737451][T13209] tipc: Enabled bearer , priority 0 [ 487.774665][T13208] tipc: Resetting bearer [ 487.830629][T13208] tipc: Disabling bearer [ 489.333111][T13254] device syzkaller0 entered promiscuous mode [ 489.367458][T13254] tipc: Enabled bearer , priority 0 [ 489.403438][T13253] tipc: Resetting bearer [ 489.452530][T13253] tipc: Disabling bearer [ 489.544628][T13267] loop3: detected capacity change from 0 to 512 [ 489.663893][T13267] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.3407: inode has both inline data and extents flags [ 489.682678][T13267] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.3407: couldn't read orphan inode 15 (err -117) [ 489.705127][T13267] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 490.345537][T13281] overlayfs: missing 'lowerdir' [ 491.179293][T13316] loop3: detected capacity change from 0 to 512 [ 491.296848][T13316] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.3425: inode has both inline data and extents flags [ 491.321239][T13316] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.3425: couldn't read orphan inode 15 (err -117) [ 491.356312][T13316] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 492.311395][T13337] device syzkaller0 entered promiscuous mode [ 492.851317][T13363] loop3: detected capacity change from 0 to 512 [ 492.889839][T13363] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.3446: inode has both inline data and extents flags [ 492.907124][T13363] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.3446: couldn't read orphan inode 15 (err -117) [ 492.926916][T13363] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 492.993854][T13367] device syzkaller0 entered promiscuous mode [ 493.522771][T13379] device syzkaller0 entered promiscuous mode [ 493.947745][T13384] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5) [ 493.954618][T13384] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 493.984332][T13390] device syzkaller0 entered promiscuous mode [ 494.104901][T13384] vhci_hcd vhci_hcd.0: Device attached [ 494.193289][ T8510] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 494.282641][T13406] overlayfs: failed to resolve './file0': -2 [ 494.353465][ T4243] usb 41-1: new low-speed USB device number 2 using vhci_hcd [ 494.465837][ T8510] usb 5-1: Using ep0 maxpacket: 16 [ 494.516955][T13420] loop1: detected capacity change from 0 to 512 [ 494.570709][T13420] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.3464: inode has both inline data and extents flags [ 494.598468][T13420] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.3464: couldn't read orphan inode 15 (err -117) [ 494.622021][T13420] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 494.640886][ T8510] usb 5-1: config 0 has no interfaces? [ 494.646375][ T8510] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 494.781375][ T8510] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.700222][ T8510] usb 5-1: config 0 descriptor?? [ 495.870977][T13440] ptrace attach of "./syz-executor exec"[13441] was attempted by "./syz-executor exec"[13440] [ 496.132669][T13385] usb 41-1: recv xbuf, 0 [ 496.141910][ T5327] vhci_hcd: stop threads [ 496.147648][ T5327] vhci_hcd: release socket [ 496.161169][ T8510] usb 5-1: USB disconnect, device number 5 [ 496.250566][ T5327] vhci_hcd: disconnect device [ 496.293018][ T4243] usb 41-1: device descriptor read/64, error -71 [ 496.730192][ T4243] vhci_hcd: vhci_device speed not set [ 496.858468][T13457] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3478'. [ 497.188878][ T13] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 497.465581][ T13] usb 1-1: Using ep0 maxpacket: 32 [ 497.593496][ T13] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 497.607164][ T13] usb 1-1: config 0 has no interface number 0 [ 497.613324][ T13] usb 1-1: config 0 interface 184 has no altsetting 0 [ 497.785394][ T13] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 497.794640][ T13] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 497.802691][ T13] usb 1-1: Product: syz [ 497.806934][ T13] usb 1-1: Manufacturer: syz [ 497.811527][ T13] usb 1-1: SerialNumber: syz [ 497.818904][ T13] usb 1-1: config 0 descriptor?? [ 497.874108][ T13] smsc75xx v1.0.0 [ 498.094414][ T13] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71 [ 498.104571][ T13] smsc75xx: probe of 1-1:0.184 failed with error -71 [ 498.113821][ T13] usb 1-1: USB disconnect, device number 2 [ 498.898011][T13474] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3483'. [ 499.155885][T13496] device syzkaller0 entered promiscuous mode [ 499.304555][T13505] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 499.679772][T13519] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3506'. [ 499.848553][T13527] device syzkaller0 entered promiscuous mode [ 499.891956][T13529] device syzkaller0 entered promiscuous mode [ 499.965944][T13529] tipc: Enabled bearer , priority 0 [ 499.982412][T13528] tipc: Resetting bearer [ 500.011682][T13528] tipc: Disabling bearer [ 500.142563][T13503] loop1: detected capacity change from 0 to 40427 [ 500.216358][T13503] F2FS-fs (loop1): Invalid SB checksum offset: 0 [ 500.222724][T13503] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 500.262758][T13547] loop0: detected capacity change from 0 to 512 [ 500.322146][T13503] F2FS-fs (loop1): invalid crc value [ 500.340378][T13544] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 500.368462][T13547] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 500.391072][T13503] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 500.476347][T13547] EXT4-fs (loop0): 1 truncate cleaned up [ 500.486155][T13547] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsddf,errors=continue,sb=0x000000000000ffff,debug_want_extra_isize=0x0000000000000080,block_validity,bsddf,,errors=continue. Quota mode: none. [ 500.534471][T13503] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 500.543271][T13503] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 500.677436][T13544] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 501.110443][T13544] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 501.400028][T13544] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 501.647551][T13544] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 501.691155][T13544] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 501.704662][T13544] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 501.724488][T13544] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 501.793519][T13595] netlink: 76 bytes leftover after parsing attributes in process `syz.1.3528'. [ 502.347354][ T4258] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 502.579807][T13629] device syzkaller0 entered promiscuous mode [ 502.613564][ T4258] usb 2-1: Using ep0 maxpacket: 32 [ 502.653960][T13602] loop4: detected capacity change from 0 to 40427 [ 502.680688][T13602] F2FS-fs (loop4): Invalid SB checksum offset: 0 [ 502.687208][T13602] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 502.697757][T13602] F2FS-fs (loop4): invalid crc value [ 502.734192][T13602] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 502.746920][ T4258] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 502.760330][ T4258] usb 2-1: config 0 has no interface number 0 [ 502.788043][ T4258] usb 2-1: config 0 interface 184 has no altsetting 0 [ 502.877988][T13602] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 502.886759][T13602] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 503.084044][ T4258] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 503.093548][ T4258] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 503.101615][ T4258] usb 2-1: Product: syz [ 503.105902][ T4258] usb 2-1: Manufacturer: syz [ 503.110905][ T4258] usb 2-1: SerialNumber: syz [ 503.122233][ T4258] usb 2-1: config 0 descriptor?? [ 503.174463][ T4258] smsc75xx v1.0.0 [ 503.445425][ T4258] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71 [ 503.477029][ T4258] smsc75xx: probe of 2-1:0.184 failed with error -71 [ 503.521720][ T4258] usb 2-1: USB disconnect, device number 6 [ 503.678881][T13652] device syzkaller0 entered promiscuous mode [ 503.919577][T13668] loop0: detected capacity change from 0 to 512 [ 504.034494][T13668] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 504.082792][T13668] EXT4-fs (loop0): 1 truncate cleaned up [ 504.088643][T13668] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsddf,errors=continue,sb=0x000000000000ffff,debug_want_extra_isize=0x0000000000000080,block_validity,bsddf,,errors=continue. Quota mode: none. [ 504.203560][T13686] device syzkaller0 entered promiscuous mode [ 504.211362][T13687] device syzkaller0 entered promiscuous mode [ 505.220698][T13699] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 505.253950][T13695] device syzkaller0 entered promiscuous mode [ 505.640580][ T4258] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 505.747162][ T8510] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 505.896895][ T4258] usb 1-1: Using ep0 maxpacket: 32 [ 506.003148][ T8510] usb 2-1: Using ep0 maxpacket: 16 [ 506.035278][ T4258] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 506.035462][ T4258] usb 1-1: config 0 has no interface number 0 [ 506.036012][ T4258] usb 1-1: config 0 interface 184 has no altsetting 0 [ 506.131367][ T8510] usb 2-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 506.131487][ T8510] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 506.217902][ T4258] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 506.218284][ T4258] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 506.218528][ T4258] usb 1-1: Product: syz [ 506.218737][ T4258] usb 1-1: Manufacturer: syz [ 506.219100][ T4258] usb 1-1: SerialNumber: syz [ 506.223189][ T4258] usb 1-1: config 0 descriptor?? [ 506.323194][ T8510] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 506.332350][ T8510] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 506.347911][ T4258] smsc75xx v1.0.0 [ 506.351691][ T8510] usb 2-1: Product: syz [ 506.357127][ T8510] usb 2-1: Manufacturer: syz [ 506.361800][ T8510] usb 2-1: SerialNumber: syz [ 506.533877][T13750] loop3: detected capacity change from 0 to 512 [ 506.567965][ T4258] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71 [ 506.584096][ T4258] smsc75xx: probe of 1-1:0.184 failed with error -71 [ 506.595749][ T4258] usb 1-1: USB disconnect, device number 3 [ 506.683008][T13750] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.3601: inode has both inline data and extents flags [ 506.701846][T13750] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.3601: couldn't read orphan inode 15 (err -117) [ 506.715156][T13750] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 506.729005][ T8510] usb 2-1: 0:2 : does not exist [ 506.917877][ T8510] usb 2-1: USB disconnect, device number 7 [ 506.942010][ T4382] udevd[4382]: setting owner of /dev/bus/usb/002/007 to uid=0, gid=0 failed: No such file or directory [ 507.069719][T13756] loop2: detected capacity change from 0 to 512 [ 507.086247][T13756] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 507.126696][T13756] EXT4-fs (loop2): 1 truncate cleaned up [ 507.132509][T13756] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsddf,errors=continue,sb=0x000000000000ffff,debug_want_extra_isize=0x0000000000000080,block_validity,bsddf,,errors=continue. Quota mode: none. [ 507.167055][ T4302] udevd[4302]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 507.246722][T13765] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 507.292986][T13767] program syz.3.3607 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 507.801184][T13793] loop3: detected capacity change from 0 to 512 [ 507.840460][T13771] loop0: detected capacity change from 0 to 40427 [ 507.872384][T13793] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 507.889613][ T13] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 507.893575][T13793] EXT4-fs (loop3): 1 truncate cleaned up [ 507.907062][T13793] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsddf,errors=continue,sb=0x000000000000ffff,debug_want_extra_isize=0x0000000000000080,block_validity,bsddf,,errors=continue. Quota mode: none. [ 507.926616][T13771] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 507.959509][T13771] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 507.988283][T13771] F2FS-fs (loop0): invalid crc value [ 508.025085][T13771] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 508.040084][T13801] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 508.108113][T13771] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 508.115415][T13771] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 508.198808][ T13] usb 3-1: Using ep0 maxpacket: 32 [ 508.337343][ T8510] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 508.646362][ T8510] usb 2-1: Using ep0 maxpacket: 16 [ 508.767948][ T13] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 508.774256][ T8510] usb 2-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 508.777088][ T13] usb 3-1: config 0 has no interface number 0 [ 508.792560][ T8510] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 508.793993][ T13] usb 3-1: config 0 interface 184 has no altsetting 0 [ 508.966585][ T8510] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 508.985730][ T8510] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 509.003817][ T13] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 509.008217][ T8510] usb 2-1: Product: syz [ 509.021361][ T13] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 509.031521][ T8510] usb 2-1: Manufacturer: syz [ 509.035223][ T13] usb 3-1: Product: syz [ 509.047394][ T8510] usb 2-1: SerialNumber: syz [ 509.050089][ T13] usb 3-1: Manufacturer: syz [ 509.059103][ T13] usb 3-1: SerialNumber: syz [ 509.084395][ T13] usb 3-1: config 0 descriptor?? [ 509.138099][ T13] smsc75xx v1.0.0 [ 509.360568][ T13] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71 [ 509.382145][ T13] smsc75xx: probe of 3-1:0.184 failed with error -71 [ 509.398618][ T8510] usb 2-1: 0:2 : does not exist [ 509.429661][ T13] usb 3-1: USB disconnect, device number 8 [ 509.459020][ T8510] usb 2-1: USB disconnect, device number 8 [ 509.694264][ T4302] udevd[4302]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 510.013805][T13821] loop3: detected capacity change from 0 to 40427 [ 510.048486][T13821] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 510.086009][T13821] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 510.122835][T13821] F2FS-fs (loop3): invalid crc value [ 510.179370][T13821] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 510.202668][T13841] device syzkaller0 entered promiscuous mode [ 510.442224][T13821] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 510.452624][T13821] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 510.716512][T13852] netlink: 'syz.1.3640': attribute type 4 has an invalid length. [ 510.724752][T13852] netlink: 17 bytes leftover after parsing attributes in process `syz.1.3640'. [ 512.106706][T13832] loop0: detected capacity change from 0 to 40427 [ 512.165513][T13832] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 512.216972][T13832] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 512.286699][T13832] F2FS-fs (loop0): invalid crc value [ 512.432415][T13832] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 512.761691][T13832] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 512.777456][T13832] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 512.962736][T13880] device syzkaller0 entered promiscuous mode [ 514.177331][T13916] loop5: detected capacity change from 0 to 7 [ 514.204013][T13916] Dev loop5: unable to read RDB block 7 [ 514.223551][T13916] loop5: unable to read partition table [ 514.237560][T13916] loop5: partition table beyond EOD, truncated [ 514.266551][T13916] loop_reread_partitions: partition scan of loop5 (ъщ) failed (rc=-5) [ 514.348768][ T8510] Bluetooth: hci5: command 0x0406 tx timeout [ 514.357034][T13928] device syzkaller0 entered promiscuous mode [ 514.423484][T13930] device syzkaller0 entered promiscuous mode [ 514.723200][T13940] batman_adv: batadv0: Adding interface: dummy0 [ 514.746134][T13940] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 514.827063][T13940] batman_adv: batadv0: Interface activated: dummy0 [ 514.878859][T13943] batadv0: mtu less than device minimum [ 514.921811][T13943] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 514.934646][T13943] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 514.947097][T13943] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 514.959337][T13943] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 514.971604][T13943] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 514.983896][T13943] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 514.996191][T13943] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 515.008500][T13943] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 515.020851][T13943] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 515.239745][T13924] loop1: detected capacity change from 0 to 40427 [ 515.300873][T13924] F2FS-fs (loop1): Invalid SB checksum offset: 0 [ 515.324729][T13924] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 515.363513][T13924] F2FS-fs (loop1): invalid crc value [ 515.420447][T13924] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 515.623130][T13968] device syzkaller0 entered promiscuous mode [ 515.678541][T13924] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 515.691755][T13924] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 516.345417][T13988] device syzkaller0 entered promiscuous mode [ 516.459957][T13988] tipc: Enabled bearer , priority 0 [ 516.527627][T13987] tipc: Resetting bearer [ 516.585014][T13987] tipc: Disabling bearer [ 516.768121][ T1108] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 517.034708][ T1108] usb 1-1: Using ep0 maxpacket: 32 [ 517.131549][T14012] device syzkaller0 entered promiscuous mode [ 517.167646][ T1108] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 517.186755][ T1108] usb 1-1: config 0 has no interface number 0 [ 517.213074][ T1108] usb 1-1: config 0 interface 184 has no altsetting 0 [ 517.243436][T14019] netlink: 'syz.3.3705': attribute type 10 has an invalid length. [ 517.344224][T14019] team0: Port device dummy0 added [ 517.397098][ T1108] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 517.432132][ T1108] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 517.461741][ T1108] usb 1-1: Product: syz [ 517.476745][ T1108] usb 1-1: Manufacturer: syz [ 517.476917][T14019] syz.3.3705 (14019) used greatest stack depth: 20224 bytes left [ 517.493936][ T1108] usb 1-1: SerialNumber: syz [ 517.538854][ T1108] usb 1-1: config 0 descriptor?? [ 517.592574][ T1108] smsc75xx v1.0.0 [ 517.802060][ T1108] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71 [ 517.833866][ T1108] smsc75xx: probe of 1-1:0.184 failed with error -71 [ 517.869501][ T1108] usb 1-1: USB disconnect, device number 4 [ 518.186687][T14048] device syzkaller0 entered promiscuous mode [ 518.301551][T14027] loop1: detected capacity change from 0 to 40427 [ 518.323387][T14027] F2FS-fs (loop1): Invalid SB checksum offset: 0 [ 518.352651][T14027] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 518.449312][T14027] F2FS-fs (loop1): invalid crc value [ 518.454111][T14052] device syzkaller0 entered promiscuous mode [ 518.517648][T14027] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 518.662137][T14027] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 518.696418][T14027] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 519.681738][T14082] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 519.696895][T14082] overlayfs: missing 'lowerdir' [ 519.767662][ T4258] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 519.850962][ T8510] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 520.115234][ T8510] usb 1-1: Using ep0 maxpacket: 32 [ 520.169889][T14104] device syzkaller0 entered promiscuous mode [ 520.200455][ T4258] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 520.218739][ T4258] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 520.239426][ T4258] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 520.258647][ T8510] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 520.267827][ T4258] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 520.281177][ T8510] usb 1-1: config 0 has no interface number 0 [ 520.287528][ T8510] usb 1-1: config 0 interface 184 has no altsetting 0 [ 520.309293][ T4258] usb 3-1: config 0 descriptor?? [ 520.352471][ T4258] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 520.359104][ T4258] dvb-usb: bulk message failed: -22 (3/0) [ 520.399791][ T4258] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 520.443587][ T4258] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 520.456313][ T8510] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 520.466787][ T4258] usb 3-1: media controller created [ 520.472191][ T8510] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 520.482499][ T4258] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 520.491292][ T8510] usb 1-1: Product: syz [ 520.495568][ T8510] usb 1-1: Manufacturer: syz [ 520.522201][ T4258] dvb-usb: bulk message failed: -22 (6/0) [ 520.528675][ T8510] usb 1-1: SerialNumber: syz [ 520.541959][ T8510] usb 1-1: config 0 descriptor?? [ 520.548888][ T4258] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 520.568129][T14076] dibusb: i2c wr: len=147 is too big! [ 520.568129][T14076] [ 520.606949][ T4258] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input21 [ 520.619104][ T8510] smsc75xx v1.0.0 [ 520.642408][ T4258] dvb-usb: schedule remote query interval to 150 msecs. [ 520.655830][ T4258] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 520.705513][ T4258] usb 3-1: USB disconnect, device number 9 [ 520.830856][ T4258] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 520.850409][ T8510] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71 [ 520.911070][ T8510] smsc75xx: probe of 1-1:0.184 failed with error -71 [ 520.935218][ T8510] usb 1-1: USB disconnect, device number 5 [ 521.708735][T14129] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 521.922133][T14138] device syzkaller0 entered promiscuous mode [ 521.943314][T14138] tipc: Enabled bearer , priority 0 [ 521.988034][T14137] tipc: Resetting bearer [ 522.019154][T14137] tipc: Disabling bearer [ 522.136060][T14149] overlayfs: failed to clone upperpath [ 523.336853][T14172] device syzkaller0 entered promiscuous mode [ 523.378949][T14172] tipc: Enabled bearer , priority 0 [ 523.399001][T14171] tipc: Resetting bearer [ 523.441912][T14171] tipc: Disabling bearer [ 523.675051][ T2138] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 523.803664][T14186] device syzkaller0 entered promiscuous mode [ 523.898919][ T7] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 523.962928][ T2138] usb 4-1: Using ep0 maxpacket: 16 [ 524.144063][ T2138] usb 4-1: unable to get BOS descriptor or descriptor too short [ 524.229209][ T7] usb 3-1: Using ep0 maxpacket: 16 [ 524.357813][ T7] usb 3-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 524.379835][ T7] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 524.442699][ T2138] usb 4-1: New USB device found, idVendor=0c88, idProduct=0021, bcdDevice=19.47 [ 524.451755][ T2138] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 524.481647][ T2138] usb 4-1: Product: syz [ 524.496059][ T2138] usb 4-1: Manufacturer: syz [ 524.500671][ T2138] usb 4-1: SerialNumber: syz [ 524.605710][ T7] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 524.634740][ T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 524.666640][ T7] usb 3-1: Product: syz [ 524.672875][ T7] usb 3-1: Manufacturer: syz [ 524.678210][ T7] usb 3-1: SerialNumber: syz [ 524.836864][ T2138] usb 4-1: palm_os_4_probe - error -71 getting connection info [ 524.844539][ T2138] visor 4-1:1.0: Handspring Visor / Palm OS converter detected [ 524.902270][ T2138] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 524.929338][ T2138] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 524.965956][ T2138] usb 4-1: USB disconnect, device number 4 [ 525.008162][ T2138] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 525.043999][T14221] device syzkaller0 entered promiscuous mode [ 525.050498][ T2138] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 525.060389][ T2138] visor 4-1:1.0: device disconnected [ 525.071323][ T7] usb 3-1: 0:2 : does not exist [ 525.131403][ T7] usb 3-1: USB disconnect, device number 10 [ 525.177850][ T5326] Bluetooth: hci2: command 0x0406 tx timeout [ 525.382231][ T4382] udevd[4382]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 527.192998][ T2138] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 527.554625][ T4258] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 527.810768][ T2138] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 527.819846][ T2138] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 527.831753][ T4258] usb 4-1: Using ep0 maxpacket: 16 [ 527.834179][ T2138] usb 1-1: Product: syz [ 527.841198][ T2138] usb 1-1: Manufacturer: syz [ 527.846384][ T2138] usb 1-1: SerialNumber: syz [ 527.896920][ T2138] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 527.959828][ T4258] usb 4-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 527.987514][ T4258] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 528.080275][T14317] device syzkaller0 entered promiscuous mode [ 528.194368][ T4258] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 528.227376][ T4258] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 528.235383][ T4258] usb 4-1: Product: syz [ 528.268746][ T4258] usb 4-1: Manufacturer: syz [ 528.285411][ T4258] usb 4-1: SerialNumber: syz [ 528.420798][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 528.427130][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 528.632716][ T4258] usb 4-1: 0:2 : does not exist [ 528.687818][ T4258] usb 4-1: USB disconnect, device number 5 [ 528.737966][ T2138] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 528.931054][ T4302] udevd[4302]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 528.980444][T14358] device syzkaller0 entered promiscuous mode [ 529.175697][T11003] usb 1-1: USB disconnect, device number 6 [ 529.936293][ T2138] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 529.944801][ T2138] ath9k_htc: Failed to initialize the device [ 529.952499][T11003] usb 1-1: ath9k_htc: USB layer deinitialized [ 530.178733][T14367] device syzkaller0 entered promiscuous mode [ 530.629967][T14387] device syzkaller0 entered promiscuous mode [ 531.175340][T14403] overlayfs: failed to resolve './file1': -2 [ 531.628316][T14419] netlink: 76 bytes leftover after parsing attributes in process `syz.1.3878'. [ 532.296910][T14443] UBIFS error (pid: 14443): cannot open "./file0", error -22 [ 533.613855][T11003] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 533.658975][T14472] netlink: 76 bytes leftover after parsing attributes in process `syz.4.3893'. [ 533.912352][T11003] usb 4-1: Using ep0 maxpacket: 16 [ 534.053854][T11003] usb 4-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 534.088691][T11003] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 534.306941][T11003] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 534.325887][T11003] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 534.342078][T11003] usb 4-1: Product: syz [ 534.347020][T11003] usb 4-1: Manufacturer: syz [ 534.354022][T11003] usb 4-1: SerialNumber: syz [ 534.493827][T14517] overlayfs: failed to resolve './file0': -2 [ 534.518803][T14518] device syzkaller0 entered promiscuous mode [ 534.702867][T14531] capability: warning: `syz.2.3926' uses deprecated v2 capabilities in a way that may be insecure [ 534.718677][T11003] usb 4-1: 0:2 : does not exist [ 534.798250][T11003] usb 4-1: USB disconnect, device number 6 [ 534.879807][T14540] device syzkaller0 entered promiscuous mode [ 535.113807][ T4302] udevd[4302]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 536.557074][T14608] device syzkaller0 entered promiscuous mode [ 536.689164][ T8510] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 536.946549][ T8510] usb 2-1: Using ep0 maxpacket: 16 [ 536.968391][T14619] device syzkaller0 entered promiscuous mode [ 537.005221][T14619] tipc: Enabled bearer , priority 0 [ 537.024324][T14618] tipc: Resetting bearer [ 537.072945][ T8510] usb 2-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 537.083142][ T8510] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 537.116087][T14618] tipc: Disabling bearer [ 537.276257][ T8510] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 537.285329][ T8510] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 537.321454][ T8510] usb 2-1: Product: syz [ 537.325791][ T8510] usb 2-1: Manufacturer: syz [ 537.334958][ T8510] usb 2-1: SerialNumber: syz [ 537.650480][T14640] device syzkaller0 entered promiscuous mode [ 537.681076][ T8510] usb 2-1: 0:2 : does not exist [ 537.750075][ T8510] usb 2-1: USB disconnect, device number 9 [ 537.790263][ T4302] udevd[4302]: setting owner of /dev/snd/controlC3 to uid=0, gid=29 failed: No such file or directory [ 538.092761][T14648] device syzkaller0 entered promiscuous mode [ 538.122703][T14648] tipc: Enabled bearer , priority 0 [ 538.153297][T14647] tipc: Resetting bearer [ 538.202679][T14647] tipc: Disabling bearer [ 541.107796][T14696] device syzkaller0 entered promiscuous mode [ 541.402738][T14712] netlink: 76 bytes leftover after parsing attributes in process `syz.2.4008'. [ 541.867671][T14739] device syzkaller0 entered promiscuous mode [ 542.183605][T14758] netlink: 76 bytes leftover after parsing attributes in process `syz.4.4027'. [ 543.544671][T14784] device syzkaller0 entered promiscuous mode [ 544.630789][T14794] device syzkaller0 entered promiscuous mode [ 544.672003][T14794] tipc: Enabled bearer , priority 0 [ 544.691918][T14792] tipc: Resetting bearer [ 544.721366][T14792] tipc: Disabling bearer [ 546.070991][T14817] overlayfs: failed to clone upperpath [ 547.139659][ T4258] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 547.428110][ T4258] usb 1-1: Using ep0 maxpacket: 32 [ 547.614355][ T4258] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 547.633591][ T4258] usb 1-1: config 0 has no interface number 0 [ 547.650297][ T4258] usb 1-1: config 0 interface 184 has no altsetting 0 [ 547.859904][ T4258] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 547.879047][ T4258] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 547.896102][ T4258] usb 1-1: Product: syz [ 547.910330][ T4258] usb 1-1: Manufacturer: syz [ 547.929450][ T4258] usb 1-1: SerialNumber: syz [ 547.953862][ T4258] usb 1-1: config 0 descriptor?? [ 548.033625][ T4258] smsc75xx v1.0.0 [ 548.264719][ T4258] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71 [ 548.296320][ T4258] smsc75xx: probe of 1-1:0.184 failed with error -71 [ 548.325599][ T4258] usb 1-1: USB disconnect, device number 7 [ 548.710018][T14875] tipc: Enabling of bearer rejected, failed to enable media [ 550.203095][T14910] 9pnet: p9_fd_create_unix (14910): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 550.701399][T14871] loop3: detected capacity change from 0 to 40427 [ 550.852890][T14871] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 550.933305][T14871] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 551.004028][T14871] F2FS-fs (loop3): invalid crc value [ 551.094931][T14871] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 551.118609][T14919] device syzkaller0 entered promiscuous mode [ 551.201068][T14871] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 551.216626][T14871] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 551.310414][T14923] netlink: 'syz.1.4088': attribute type 10 has an invalid length. [ 551.396865][T14923] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 555.071266][T14987] device syzkaller0 entered promiscuous mode [ 556.349926][T15029] device syzkaller0 entered promiscuous mode [ 557.867049][T15052] [ 557.869406][T15052] ====================================================== [ 557.876415][T15052] WARNING: possible circular locking dependency detected [ 557.883431][T15052] syzkaller #0 Not tainted [ 557.887833][T15052] ------------------------------------------------------ [ 557.894845][T15052] syz.4.4146/15052 is trying to acquire lock: [ 557.900897][T15052] ffff888066f78d60 (sk_lock-AF_INET6){+.+.}-{0:0}, at: inet_sk_diag_fill+0xef6/0x1b50 [ 557.910482][T15052] [ 557.910482][T15052] but task is already holding lock: [ 557.917842][T15052] ffffc900018ebee8 (&h->lhash2[i].lock){+.+.}-{2:2}, at: mptcp_diag_dump+0x911/0x1290 [ 557.922377][ T8510] Bluetooth: hci4: command 0x0406 tx timeout [ 557.927422][T15052] [ 557.927422][T15052] which lock already depends on the new lock. [ 557.927422][T15052] [ 557.927432][T15052] [ 557.927432][T15052] the existing dependency chain (in reverse order) is: [ 557.927438][T15052] [ 557.927438][T15052] -> #1 (&h->lhash2[i].lock){+.+.}-{2:2}: [ 557.960668][T15052] _raw_spin_lock+0x2a/0x40 [ 557.965689][T15052] __inet_hash+0xe3/0x960 [ 557.970535][T15052] inet_csk_listen_start+0x22f/0x320 [ 557.976338][T15052] inet_listen+0x2e1/0x590 [ 557.981282][T15052] __sys_listen+0x19d/0x220 [ 557.986300][T15052] __x64_sys_listen+0x56/0x60 [ 557.991495][T15052] do_syscall_64+0x4c/0xa0 [ 557.996434][T15052] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 558.002849][T15052] [ 558.002849][T15052] -> #0 (sk_lock-AF_INET6){+.+.}-{0:0}: [ 558.010576][T15052] __lock_acquire+0x2c33/0x7c60 [ 558.015949][T15052] lock_acquire+0x197/0x3f0 [ 558.020974][T15052] mptcp_diag_get_info+0x1db/0x990 [ 558.026601][T15052] inet_sk_diag_fill+0xef6/0x1b50 [ 558.032144][T15052] mptcp_diag_dump+0xcca/0x1290 [ 558.037508][T15052] __inet_diag_dump+0x1f6/0x380 [ 558.042880][T15052] netlink_dump+0x676/0xcd0 [ 558.047905][T15052] __netlink_dump_start+0x523/0x700 [ 558.053625][T15052] inet_diag_handler_cmd+0x1be/0x290 [ 558.059430][T15052] sock_diag_rcv_msg+0x164/0x3e0 [ 558.064883][T15052] netlink_rcv_skb+0x1e0/0x430 [ 558.070165][T15052] sock_diag_rcv+0x26/0x40 [ 558.075100][T15052] netlink_unicast+0x774/0x920 [ 558.080391][T15052] netlink_sendmsg+0x8ab/0xbc0 [ 558.085671][T15052] sock_write_iter+0x29c/0x380 [ 558.090952][T15052] do_iter_readv_writev+0x497/0x600 [ 558.096669][T15052] do_iter_write+0x205/0x7b0 [ 558.101777][T15052] do_writev+0x254/0x410 [ 558.106540][T15052] do_syscall_64+0x4c/0xa0 [ 558.111475][T15052] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 558.117888][T15052] [ 558.117888][T15052] other info that might help us debug this: [ 558.117888][T15052] [ 558.128102][T15052] Possible unsafe locking scenario: [ 558.128102][T15052] [ 558.135542][T15052] CPU0 CPU1 [ 558.140896][T15052] ---- ---- [ 558.146249][T15052] lock(&h->lhash2[i].lock); [ 558.150920][T15052] lock(sk_lock-AF_INET6); [ 558.157937][T15052] lock(&h->lhash2[i].lock); [ 558.165128][T15052] lock(sk_lock-AF_INET6); [ 558.169623][T15052] [ 558.169623][T15052] *** DEADLOCK *** [ 558.169623][T15052] [ 558.177755][T15052] 6 locks held by syz.4.4146/15052: [ 558.182943][T15052] #0: ffffffff8d242568 (sock_diag_mutex){+.+.}-{3:3}, at: sock_diag_rcv+0x17/0x40 [ 558.192266][T15052] #1: ffffffff8d242428 (sock_diag_table_mutex){+.+.}-{3:3}, at: sock_diag_rcv_msg+0x217/0x3e0 [ 558.202622][T15052] #2: ffff888075584698 (nlk_cb_mutex-SOCK_DIAG){+.+.}-{3:3}, at: __netlink_dump_start+0x11f/0x700 [ 558.213330][T15052] #3: ffffffff8d31c948 (inet_diag_table_mutex){+.+.}-{3:3}, at: __inet_diag_dump+0x181/0x380 [ 558.223604][T15052] #4: ffffffff8c11c760 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 558.232916][T15052] #5: ffffc900018ebee8 (&h->lhash2[i].lock){+.+.}-{2:2}, at: mptcp_diag_dump+0x911/0x1290 [ 558.242927][T15052] [ 558.242927][T15052] stack backtrace: [ 558.248802][T15052] CPU: 0 PID: 15052 Comm: syz.4.4146 Not tainted syzkaller #0 [ 558.256261][T15052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 558.266325][T15052] Call Trace: [ 558.269607][T15052] [ 558.272530][T15052] dump_stack_lvl+0x168/0x230 [ 558.277212][T15052] ? load_image+0x3b0/0x3b0 [ 558.281719][T15052] ? show_regs_print_info+0x20/0x20 [ 558.286923][T15052] ? print_circular_bug+0x12b/0x1a0 [ 558.292118][T15052] check_noncircular+0x274/0x310 [ 558.297056][T15052] ? add_chain_block+0x940/0x940 [ 558.301989][T15052] ? lockdep_lock+0xdc/0x1e0 [ 558.306586][T15052] ? __lock_acquire+0x13ad/0x7c60 [ 558.311611][T15052] ? verify_lock_unused+0x140/0x140 [ 558.316813][T15052] ? mark_lock+0x94/0x320 [ 558.321149][T15052] __lock_acquire+0x2c33/0x7c60 [ 558.326011][T15052] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 558.332018][T15052] ? verify_lock_unused+0x140/0x140 [ 558.337220][T15052] ? lockdep_hardirqs_on_prepare+0x760/0x760 [ 558.343205][T15052] ? verify_lock_unused+0x140/0x140 [ 558.348416][T15052] ? __local_bh_enable_ip+0xcb/0x1b0 [ 558.353706][T15052] ? __local_bh_enable_ip+0x12a/0x1b0 [ 558.359079][T15052] ? lockdep_hardirqs_on+0x94/0x140 [ 558.364284][T15052] ? __local_bh_enable_ip+0x12a/0x1b0 [ 558.369751][T15052] ? _local_bh_enable+0xa0/0xa0 [ 558.374600][T15052] ? skb_put+0x117/0x210 [ 558.378846][T15052] lock_acquire+0x197/0x3f0 [ 558.383350][T15052] ? inet_sk_diag_fill+0xef6/0x1b50 [ 558.388555][T15052] ? read_lock_is_recursive+0x10/0x10 [ 558.393927][T15052] ? rcu_lock_release+0x5/0x20 [ 558.398692][T15052] ? __lock_acquire+0x7c60/0x7c60 [ 558.403719][T15052] ? inet_sk_diag_fill+0xef6/0x1b50 [ 558.408918][T15052] mptcp_diag_get_info+0x1db/0x990 [ 558.414025][T15052] ? inet_sk_diag_fill+0xef6/0x1b50 [ 558.419222][T15052] inet_sk_diag_fill+0xef6/0x1b50 [ 558.424251][T15052] ? inet_diag_msg_attrs_fill+0x8c0/0x8c0 [ 558.429972][T15052] ? do_raw_spin_lock+0x11d/0x280 [ 558.434997][T15052] ? inet_diag_bc_sk+0x187/0x10c0 [ 558.440026][T15052] ? preempt_schedule_thunk+0x16/0x18 [ 558.445409][T15052] mptcp_diag_dump+0xcca/0x1290 [ 558.450266][T15052] ? mptcp_token_join_cookie_init_state+0x460/0x460 [ 558.456859][T15052] __inet_diag_dump+0x1f6/0x380 [ 558.461716][T15052] netlink_dump+0x676/0xcd0 [ 558.466225][T15052] ? netlink_lookup+0x1d0/0x1d0 [ 558.471077][T15052] ? __inet_diag_dump_start+0x805/0x970 [ 558.476626][T15052] __netlink_dump_start+0x523/0x700 [ 558.481834][T15052] inet_diag_handler_cmd+0x1be/0x290 [ 558.487123][T15052] ? rcu_lock_release+0x20/0x20 [ 558.491977][T15052] ? inet_diag_handler_get_info+0xb80/0xb80 [ 558.497872][T15052] ? inet_diag_dump_start+0x20/0x20 [ 558.503069][T15052] ? inet_diag_dump+0x50/0x50 [ 558.507749][T15052] ? dev_queue_xmit+0x20/0x20 [ 558.512429][T15052] ? memcpy+0x3c/0x60 [ 558.516421][T15052] ? sock_diag_rcv+0x17/0x40 [ 558.521013][T15052] ? sock_diag_rcv+0x17/0x40 [ 558.525601][T15052] ? rcu_lock_release+0x20/0x20 [ 558.530453][T15052] sock_diag_rcv_msg+0x164/0x3e0 [ 558.535392][T15052] netlink_rcv_skb+0x1e0/0x430 [ 558.540159][T15052] ? sock_diag_bind+0xa0/0xa0 [ 558.544840][T15052] ? netlink_ack+0xb60/0xb60 [ 558.549435][T15052] ? __lock_acquire+0x7c60/0x7c60 [ 558.554467][T15052] sock_diag_rcv+0x26/0x40 [ 558.558883][T15052] netlink_unicast+0x774/0x920 [ 558.563651][T15052] netlink_sendmsg+0x8ab/0xbc0 [ 558.568423][T15052] ? netlink_getsockopt+0x560/0x560 [ 558.573624][T15052] ? aa_sock_msg_perm+0x94/0x150 [ 558.578560][T15052] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 558.583833][T15052] ? security_socket_sendmsg+0x7c/0xa0 [ 558.589280][T15052] sock_write_iter+0x29c/0x380 [ 558.594034][T15052] ? sock_read_iter+0x340/0x340 [ 558.598876][T15052] do_iter_readv_writev+0x497/0x600 [ 558.604059][T15052] ? generic_file_rw_checks+0x280/0x280 [ 558.609585][T15052] ? common_file_perm+0x171/0x1c0 [ 558.614591][T15052] ? fsnotify_perm+0x5d/0x560 [ 558.619248][T15052] ? security_file_permission+0x75/0xa0 [ 558.624775][T15052] do_iter_write+0x205/0x7b0 [ 558.629347][T15052] ? import_iovec+0x6f/0xa0 [ 558.633832][T15052] do_writev+0x254/0x410 [ 558.638058][T15052] ? do_readv+0x3e0/0x3e0 [ 558.642374][T15052] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 558.648340][T15052] ? lock_chain_count+0x20/0x20 [ 558.653172][T15052] ? vtime_user_exit+0x2dc/0x400 [ 558.658094][T15052] ? lockdep_hardirqs_on+0x94/0x140 [ 558.663278][T15052] do_syscall_64+0x4c/0xa0 [ 558.667676][T15052] ? clear_bhb_loop+0x30/0x80 [ 558.672334][T15052] ? clear_bhb_loop+0x30/0x80 [ 558.676989][T15052] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 558.682877][T15052] RIP: 0033:0x7fd05c8006c9 [ 558.687274][T15052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 558.706859][T15052] RSP: 002b:00007fd05aa67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 558.715252][T15052] RAX: ffffffffffffffda RBX: 00007fd05ca56fa0 RCX: 00007fd05c8006c9 [ 558.723204][T15052] RDX: 0000000000000001 RSI: 0000200000000280 RDI: 0000000000000004 [ 558.731158][T15052] RBP: 00007fd05c882f91 R08: 0000000000000000 R09: 0000000000000000 [ 558.739106][T15052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 558.747056][T15052] R13: 00007fd05ca57038 R14: 00007fd05ca56fa0 R15: 00007fff4ccef768 [ 558.755011][T15052] [ 558.758985][T15052] BUG: sleeping function called from invalid context at net/core/sock.c:3288 [ 558.768263][T15052] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 15052, name: syz.4.4146 [ 558.777399][T15052] INFO: lockdep is turned off. [ 558.782132][T15052] Preemption disabled at: [ 558.782137][T15052] [<0000000000000000>] 0x0 [ 558.790864][T15052] CPU: 0 PID: 15052 Comm: syz.4.4146 Not tainted syzkaller #0 [ 558.798293][T15052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 558.808319][T15052] Call Trace: [ 558.811582][T15052] [ 558.814494][T15052] dump_stack_lvl+0x168/0x230 [ 558.819150][T15052] ? show_regs_print_info+0x20/0x20 [ 558.824328][T15052] ? load_image+0x3b0/0x3b0 [ 558.828835][T15052] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 558.834966][T15052] ___might_sleep+0x47c/0x600 [ 558.839617][T15052] ? __might_sleep+0xf0/0xf0 [ 558.844182][T15052] ? read_lock_is_recursive+0x10/0x10 [ 558.849527][T15052] ? rcu_lock_release+0x5/0x20 [ 558.854269][T15052] __lock_sock_fast+0x2f/0xe0 [ 558.858926][T15052] ? inet_sk_diag_fill+0xef6/0x1b50 [ 558.864107][T15052] mptcp_diag_get_info+0x1e7/0x990 [ 558.869195][T15052] inet_sk_diag_fill+0xef6/0x1b50 [ 558.874205][T15052] ? inet_diag_msg_attrs_fill+0x8c0/0x8c0 [ 558.879902][T15052] ? do_raw_spin_lock+0x11d/0x280 [ 558.884905][T15052] ? inet_diag_bc_sk+0x187/0x10c0 [ 558.889901][T15052] ? preempt_schedule_thunk+0x16/0x18 [ 558.895248][T15052] mptcp_diag_dump+0xcca/0x1290 [ 558.900093][T15052] ? mptcp_token_join_cookie_init_state+0x460/0x460 [ 558.906653][T15052] __inet_diag_dump+0x1f6/0x380 [ 558.911478][T15052] netlink_dump+0x676/0xcd0 [ 558.915954][T15052] ? netlink_lookup+0x1d0/0x1d0 [ 558.920785][T15052] ? __inet_diag_dump_start+0x805/0x970 [ 558.926312][T15052] __netlink_dump_start+0x523/0x700 [ 558.931491][T15052] inet_diag_handler_cmd+0x1be/0x290 [ 558.936755][T15052] ? rcu_lock_release+0x20/0x20 [ 558.941577][T15052] ? inet_diag_handler_get_info+0xb80/0xb80 [ 558.947442][T15052] ? inet_diag_dump_start+0x20/0x20 [ 558.952638][T15052] ? inet_diag_dump+0x50/0x50 [ 558.957289][T15052] ? dev_queue_xmit+0x20/0x20 [ 558.961936][T15052] ? memcpy+0x3c/0x60 [ 558.965892][T15052] ? sock_diag_rcv+0x17/0x40 [ 558.970458][T15052] ? sock_diag_rcv+0x17/0x40 [ 558.975017][T15052] ? rcu_lock_release+0x20/0x20 [ 558.979847][T15052] sock_diag_rcv_msg+0x164/0x3e0 [ 558.984763][T15052] netlink_rcv_skb+0x1e0/0x430 [ 558.989499][T15052] ? sock_diag_bind+0xa0/0xa0 [ 558.994148][T15052] ? netlink_ack+0xb60/0xb60 [ 558.998709][T15052] ? __lock_acquire+0x7c60/0x7c60 [ 559.003708][T15052] sock_diag_rcv+0x26/0x40 [ 559.008093][T15052] netlink_unicast+0x774/0x920 [ 559.012839][T15052] netlink_sendmsg+0x8ab/0xbc0 [ 559.017575][T15052] ? netlink_getsockopt+0x560/0x560 [ 559.022747][T15052] ? aa_sock_msg_perm+0x94/0x150 [ 559.027656][T15052] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 559.032916][T15052] ? security_socket_sendmsg+0x7c/0xa0 [ 559.038349][T15052] sock_write_iter+0x29c/0x380 [ 559.043090][T15052] ? sock_read_iter+0x340/0x340 [ 559.047918][T15052] do_iter_readv_writev+0x497/0x600 [ 559.053112][T15052] ? generic_file_rw_checks+0x280/0x280 [ 559.058631][T15052] ? common_file_perm+0x171/0x1c0 [ 559.063629][T15052] ? fsnotify_perm+0x5d/0x560 [ 559.068280][T15052] ? security_file_permission+0x75/0xa0 [ 559.073800][T15052] do_iter_write+0x205/0x7b0 [ 559.078367][T15052] ? import_iovec+0x6f/0xa0 [ 559.082845][T15052] do_writev+0x254/0x410 [ 559.087060][T15052] ? do_readv+0x3e0/0x3e0 [ 559.091361][T15052] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 559.097313][T15052] ? lock_chain_count+0x20/0x20 [ 559.102135][T15052] ? vtime_user_exit+0x2dc/0x400 [ 559.107052][T15052] ? lockdep_hardirqs_on+0x94/0x140 [ 559.112224][T15052] do_syscall_64+0x4c/0xa0 [ 559.116612][T15052] ? clear_bhb_loop+0x30/0x80 [ 559.121259][T15052] ? clear_bhb_loop+0x30/0x80 [ 559.125906][T15052] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 559.131773][T15052] RIP: 0033:0x7fd05c8006c9 [ 559.136158][T15052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 559.155742][T15052] RSP: 002b:00007fd05aa67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 559.164126][T15052] RAX: ffffffffffffffda RBX: 00007fd05ca56fa0 RCX: 00007fd05c8006c9 [ 559.172070][T15052] RDX: 0000000000000001 RSI: 0000200000000280 RDI: 0000000000000004 [ 559.180013][T15052] RBP: 00007fd05c882f91 R08: 0000000000000000 R09: 0000000000000000 [ 559.187954][T15052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 559.195893][T15052] R13: 00007fd05ca57038 R14: 00007fd05ca56fa0 R15: 00007fff4ccef768 [ 559.203840][T15052] [ 559.206890][T15052] BUG: scheduling while atomic: syz.4.4146/15052/0x00000002 [ 559.214154][T15052] INFO: lockdep is turned off. [ 559.218891][T15052] Modules linked in: [ 559.222765][T15052] Preemption disabled at: [ 559.222769][T15052] [<0000000000000000>] 0x0 [ 559.231459][T15052] Kernel panic - not syncing: scheduling while atomic: panic_on_warn set ... [ 559.240192][T15052] CPU: 0 PID: 15052 Comm: syz.4.4146 Tainted: G W syzkaller #0 [ 559.249011][T15052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 559.259045][T15052] Call Trace: [ 559.262297][T15052] [ 559.265217][T15052] dump_stack_lvl+0x168/0x230 [ 559.269871][T15052] ? show_regs_print_info+0x20/0x20 [ 559.275040][T15052] ? load_image+0x3b0/0x3b0 [ 559.279519][T15052] panic+0x2c9/0x7f0 [ 559.283385][T15052] ? bpf_jit_dump+0xd0/0xd0 [ 559.287884][T15052] ? vprintk_emit+0xf9/0x150 [ 559.292474][T15052] ? _printk+0xcc/0x110 [ 559.296618][T15052] check_panic_on_warn+0x80/0xa0 [ 559.301531][T15052] __schedule_bug+0x184/0x1e0 [ 559.306179][T15052] ? raw_spin_rq_unlock_irq+0x90/0x90 [ 559.311536][T15052] ? 0xffffffffa002a000 [ 559.315661][T15052] __schedule+0x12e7/0x4390 [ 559.320136][T15052] ? trace_hardirqs_off_finish+0xca/0x1f0 [ 559.325825][T15052] ? prepare_to_wait_exclusive+0xc5/0x220 [ 559.331518][T15052] ? do_raw_spin_lock+0x11d/0x280 [ 559.336529][T15052] ? lock_chain_count+0x20/0x20 [ 559.341362][T15052] ? __kthread_should_park+0xa2/0xe0 [ 559.346622][T15052] ? lock_release+0xba/0x870 [ 559.351183][T15052] ? lockdep_hardirqs_on_prepare+0x760/0x760 [ 559.357139][T15052] ? __lock_sock+0x145/0x2a0 [ 559.361698][T15052] ? release_firmware_map_entry+0x190/0x190 [ 559.367562][T15052] ? __lock_sock+0x145/0x2a0 [ 559.372141][T15052] ? __local_bh_enable_ip+0x12a/0x1b0 [ 559.377496][T15052] ? _local_bh_enable+0xa0/0xa0 [ 559.382317][T15052] schedule+0x11b/0x1e0 [ 559.386462][T15052] __lock_sock+0x14a/0x2a0 [ 559.390849][T15052] ? sk_page_frag_refill+0x200/0x200 [ 559.396102][T15052] ? do_raw_spin_lock+0x11d/0x280 [ 559.401096][T15052] ? init_wait_entry+0xd0/0xd0 [ 559.405839][T15052] ? __rwlock_init+0x140/0x140 [ 559.410572][T15052] ? read_lock_is_recursive+0x10/0x10 [ 559.415915][T15052] ? rcu_lock_release+0x5/0x20 [ 559.420654][T15052] ? __lock_sock_fast+0x43/0xe0 [ 559.425476][T15052] __lock_sock_fast+0x78/0xe0 [ 559.430132][T15052] ? inet_sk_diag_fill+0xef6/0x1b50 [ 559.435301][T15052] mptcp_diag_get_info+0x1e7/0x990 [ 559.440388][T15052] inet_sk_diag_fill+0xef6/0x1b50 [ 559.445387][T15052] ? inet_diag_msg_attrs_fill+0x8c0/0x8c0 [ 559.451076][T15052] ? do_raw_spin_lock+0x11d/0x280 [ 559.456071][T15052] ? inet_diag_bc_sk+0x187/0x10c0 [ 559.461066][T15052] ? preempt_schedule_thunk+0x16/0x18 [ 559.466414][T15052] mptcp_diag_dump+0xcca/0x1290 [ 559.471253][T15052] ? mptcp_token_join_cookie_init_state+0x460/0x460 [ 559.477814][T15052] __inet_diag_dump+0x1f6/0x380 [ 559.482637][T15052] netlink_dump+0x676/0xcd0 [ 559.487115][T15052] ? netlink_lookup+0x1d0/0x1d0 [ 559.491942][T15052] ? __inet_diag_dump_start+0x805/0x970 [ 559.497471][T15052] __netlink_dump_start+0x523/0x700 [ 559.502651][T15052] inet_diag_handler_cmd+0x1be/0x290 [ 559.507913][T15052] ? rcu_lock_release+0x20/0x20 [ 559.512735][T15052] ? inet_diag_handler_get_info+0xb80/0xb80 [ 559.518598][T15052] ? inet_diag_dump_start+0x20/0x20 [ 559.523771][T15052] ? inet_diag_dump+0x50/0x50 [ 559.528419][T15052] ? dev_queue_xmit+0x20/0x20 [ 559.533099][T15052] ? memcpy+0x3c/0x60 [ 559.537054][T15052] ? sock_diag_rcv+0x17/0x40 [ 559.541624][T15052] ? sock_diag_rcv+0x17/0x40 [ 559.546187][T15052] ? rcu_lock_release+0x20/0x20 [ 559.551009][T15052] sock_diag_rcv_msg+0x164/0x3e0 [ 559.555925][T15052] netlink_rcv_skb+0x1e0/0x430 [ 559.560661][T15052] ? sock_diag_bind+0xa0/0xa0 [ 559.565314][T15052] ? netlink_ack+0xb60/0xb60 [ 559.569899][T15052] ? __lock_acquire+0x7c60/0x7c60 [ 559.574897][T15052] sock_diag_rcv+0x26/0x40 [ 559.579286][T15052] netlink_unicast+0x774/0x920 [ 559.584027][T15052] netlink_sendmsg+0x8ab/0xbc0 [ 559.588766][T15052] ? netlink_getsockopt+0x560/0x560 [ 559.593935][T15052] ? aa_sock_msg_perm+0x94/0x150 [ 559.598850][T15052] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 559.604116][T15052] ? security_socket_sendmsg+0x7c/0xa0 [ 559.609545][T15052] sock_write_iter+0x29c/0x380 [ 559.614281][T15052] ? sock_read_iter+0x340/0x340 [ 559.619106][T15052] do_iter_readv_writev+0x497/0x600 [ 559.624278][T15052] ? generic_file_rw_checks+0x280/0x280 [ 559.629795][T15052] ? common_file_perm+0x171/0x1c0 [ 559.634791][T15052] ? fsnotify_perm+0x5d/0x560 [ 559.639447][T15052] ? security_file_permission+0x75/0xa0 [ 559.644966][T15052] do_iter_write+0x205/0x7b0 [ 559.649528][T15052] ? import_iovec+0x6f/0xa0 [ 559.654003][T15052] do_writev+0x254/0x410 [ 559.658222][T15052] ? do_readv+0x3e0/0x3e0 [ 559.662529][T15052] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 559.668495][T15052] ? lock_chain_count+0x20/0x20 [ 559.673325][T15052] ? vtime_user_exit+0x2dc/0x400 [ 559.678236][T15052] ? lockdep_hardirqs_on+0x94/0x140 [ 559.683409][T15052] do_syscall_64+0x4c/0xa0 [ 559.687798][T15052] ? clear_bhb_loop+0x30/0x80 [ 559.692446][T15052] ? clear_bhb_loop+0x30/0x80 [ 559.697093][T15052] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 559.702975][T15052] RIP: 0033:0x7fd05c8006c9 [ 559.707365][T15052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 559.726941][T15052] RSP: 002b:00007fd05aa67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 559.735327][T15052] RAX: ffffffffffffffda RBX: 00007fd05ca56fa0 RCX: 00007fd05c8006c9 [ 559.743276][T15052] RDX: 0000000000000001 RSI: 0000200000000280 RDI: 0000000000000004 [ 559.751223][T15052] RBP: 00007fd05c882f91 R08: 0000000000000000 R09: 0000000000000000 [ 559.759178][T15052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 559.767124][T15052] R13: 00007fd05ca57038 R14: 00007fd05ca56fa0 R15: 00007fff4ccef768 [ 559.775080][T15052] [ 559.778300][T15052] Kernel Offset: disabled [ 559.782613][T15052] Rebooting in 86400 seconds..