last executing test programs: 2m4.773316365s ago: executing program 3 (id=176): r0 = socket(0x400000000010, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffdf, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) sendmsg$nl_route_sched(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r4, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r6, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x14, 0x2, [@TCA_ROUTE4_FROM={0x8, 0x3, 0xa0}, @TCA_ROUTE4_CLASSID={0x8, 0x1, {0x7, 0x2}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) 2m3.315889096s ago: executing program 3 (id=183): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000400000000000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r3, 0x18000000000002a0, 0xeff, 0xffffffffffffffde, &(0x7f0000001240)="b9ff03076804268c989e14f088a8657986dd", 0x0, 0x4068, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 2m1.934169205s ago: executing program 3 (id=192): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x4}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) r3 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r3, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x1, {0x42, 0x3, 0x5}}, 0x10) bind$tipc(r1, &(0x7f00000001c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0xfffffffe}}}, 0x10) bind$tipc(r0, 0x0, 0x0) 2m1.895371816s ago: executing program 3 (id=193): mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000001, 0x6031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ceb000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f0000e1b000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000f2b000/0x4000)=nil) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10000, &(0x7f0000000680)={[{@errors_continue}, {@delalloc}, {@data_err_ignore}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x2}}, {@data_err_ignore}, {@nojournal_checksum}]}, 0x1, 0x4ef, &(0x7f0000000180)="$eJzs3M9vFdUeAPDv3PbSAo9HH49HAg+1gMbGxBYKCgs3mJi40MSIC1k2bSGVCxjahZBGLonBNYl7w9K408StLo0r/wBcuDAxJETZAG68Zu6dub29P3p7S2nT3s8nGThn5sycc2bmzD0zpzMB9K3R9J8k4l8RcS8i9taiyxOM1v57/HBx+snDxekoVyrn/kiq6R6l8Uy+3u4sMlaIKHyWNG7wbh6Yv37j0lSpNHstytX4xMLljyfmr994de7y1MXZi7NXJs+cOXXyxOnXJ19rLvJw10olrbPSej069OnVwwffPn/n3enB5o011qOjfK0/y12TRr5vO3ipcXvbwJ6GcNJar5sbWhhWbTg7DYtp+18sHT1fm520a0PA9lKpVCpDnReXK81utcwBtqwkNrsEwObIf+jT+998qs0pbkT3Y9M9OFu7AXr0cLFyM2L6cb3+g1HI0hSb7m9TK/SZejIaER+W//oynWKl5xC/rlOGAEDf++Fs1g1Moqn/V4gDDen+nY2hjETEfyJiX0T8NyL2R8T/IpalXSaJqKyQ//7mGfX8v81GEQr311q31Uj7f29kY1v5lOWbJxkZyGJ7IvIO8+zxbJ+MRXHowlxp9kSH7e/okn9j/y+d0vzzvmBWjvuDTZ3NmamFqbXVttWDWxGHBpvrnwymBy4fxkki4mBEHOphuyMN4blXvjpcjzTdVnSvf1Wl7XDEOoyfVe5GvFw7/uVYdvyXckwaxycLLeOTE8NRmj0+kZ4Fx9vm8dPPt9/rlH/X+n/3W/Mqb53+/tzTVrsuPf67Gs7/yMdvl+o/kkQk9fHa+YjKQG953P7l8+p2R4+1Llvr+b8j+aAaztvXJ1MLC9dOROxI3mmdP7m0bh7P06f1HzvWvv3vy9ZJ98T/IyI9iZ+LiOcjBvKyH4mIoxHRpmp1P7754kedlq3y/H9m0vrPtL3+LTv+S+P1qwzkK6dzBi4dufekw8Ujq//elY//qWpoLOLv6Hj9S5ZdIlZb0qfegQAAALAFFKL6t/+F8Xq4UBgfrz0D2h+7CqWr8wsvRMSVmdo7AiNRLFyYK83mD+RGopjkzz9HGuKTTfGT2XPjLwZ2VuPj01dLM5tdeehzu6ttPmlp/6nfe3zOC2xB2+g9NKBH3dr/gTsbVBBgw/n9h/7V0P47fdmi7C9lYHvy+w/9q137vxlfr/jugmsGbH0VbRn62srtv/v3NoGtazDer4errz37+Cf0Df1/6Eu9vtffW6Ay1H7RcLT5YsDwsynGzjZ5bUog7Vmt4waLEbG6xDvXkkXeBez8hYdCbxscitZFA7HSWkn77zhERLnjWule6VqeiwfW/eTPv4my3qfNN0vttLjKw/20Aff7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAtvJPAAAA//8tL8+m") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x8ca883, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x48400, 0x100) fadvise64(r0, 0x100, 0x7fffffffffffffff, 0x4) 2m0.911587121s ago: executing program 3 (id=201): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000240)={0x1, "ff00000000000000000000000000000000000000000000000100"}) syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x4, r1}) ioctl$DMA_BUF_SET_NAME_A(r3, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000540)=0x1) syz_clone(0x120e1100, 0x0, 0x13, 0x0, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 1m58.906367251s ago: executing program 3 (id=214): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb3d68000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) munlockall() 1m58.831505854s ago: executing program 32 (id=214): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb3d68000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) munlockall() 7.726154908s ago: executing program 1 (id=786): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-generic\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) recvmmsg$unix(r4, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0) 6.575275008s ago: executing program 1 (id=793): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x244}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x10, &(0x7f0000000280)={[{@rodir}, {@numtail}, {@utf8no}, {@fat=@usefree}, {@shortname_mixed}, {@uni_xlateno}, {@numtail}, {@utf8no}, {@fat=@check_normal}, {@fat=@codepage={'codepage', 0x3d, '864'}}, {@fat=@check_strict}, {@shortname_winnt}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'cp1250'}}, {@utf8no}, {@rodir}]}, 0x3, 0x27b, &(0x7f0000000640)="$eJzs3cFqK1UYAOB/mqRJdJEsXInQAV24Kq1P0CIVxIKgZKEutNgUpAmFFgJVMXblE/gEPo8b8QV8AC93d7u43LmkM0nTyyQlvWlT7v2+TQ//+f85/5kZ2tWc/vBB//jw5Ozo4tf/otFIYm0nduIyiXasxdjvUerfJ+VxAOCRu8yyeJrl6nno/GZGbUZlde3emwMA7sX03/9V9wIAPIyvv/n2i939/b2v0rQR0f9j0Eki/5nP7x7FT9GLbmxFK55HZBP5+LPP9/eimo6046P+cNAZVfa//7u4/u7/EVf129GKdnn9dpqbqh8OOrV4p1h/pxfdL/+KVrxXXv9JSX101uPjD6f634xW/PNjnEQvDovexvW/bafpp9mfz375bhQd1SfDQac+ySuyKw/6YAAAAAAAAAAAAAAAAAAAAAAAeKNtphPtm+fvjA/+nzM/53yg4dT5PFtpmmZJnn9dX433q1Fd5d4BAAAAAAAAAAAAAAAAAADgsTg7//n4oNfrni51MP6sv2QqXtyM1CPi7mttLFoVlaK1XhKx2Fq1qF9V3p5cWXAXzVE/3dOkGst7BMkk0pye2oh8rVGkmQ+mIq+9eiOuBuO36/ggue3hNspekiUMspLXrzKzav3VSLPYQUlyc87q6+/eqeesNWMqiYja5GbOv05tuffw4X4HAQAAAAAAAAAAAAAAAAAAueuPfksmL1bQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACswPX//19gMCyKZ+VkldGgGkVkxVsEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgLfAyAAD//0MUZ+o=") syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x802053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) 5.361867561s ago: executing program 1 (id=797): syz_mount_image$ocfs2(&(0x7f0000000040), &(0x7f00000001c0)='./bus\x00', 0x88c0, &(0x7f00000002c0)=ANY=[@ANYBLOB="61636c2c6e6f696e74722c6174696d655f7175616e74756d3d30303030303030303030303030303030303030372c6c6f63616c666c6f636b732c6c6f63616c616c6c6f633d30303030303030303030303030303030303030332c6c6f63616c666c6f636b732c696e74722c6865617274626561743d6e6f6e652c0024855616ead4c7dc9e9da093713b0e6a6e67e1af8e4f5d7cbff1185218b41bcefa2f4f41b8212051258a0a6168526c8eef9d759bbb36a4b49ff8042320899ca9b6e9fa68a0abe364e0e2d46408f18da37d557aa1ebb8aa29451a584f1980dc477bd97f6a0446b8957872e51c2adf98e1acff806babdc9d58bc06d6d0b19476862cebe64cafa5a069852602786f40bf6a1bf7594e171d16ced9409b168ef591c2f5b676a2eb18e8a3b91275fd4467aea2037bd9790e240137bc7c80cc99e9dd662a5f"], 0x8, 0x443d, &(0x7f0000008c00)="$eJzs3c9vFG0dAPBnpkVaBGyRAyYmbiKJRk3TckJLYlsKpYWKQSHGy7JtF6huu6TdGg8c6o3Ek4kH44Fo4q0n0oNX/BO8eMQziRy8mJiQd9/s7mzZmd1N9212W+D9fA6dzvO7+5159pnD9IkTlSfr27n17VxhM1defbR9JfebcmlnoxjiY9Kx/1PH1z+9GcR1ctLX3pfZ3es3f/bgSgj/WPvXm2q1Wg01w6GjqZbf//ffZ6utx6Y4U6fWbufW+uWXIYSLbeOqGQoh/OLvIUQhhNkkbS45joYQzoVG3oNnv3+Y69NoXr4uXsu/W36+P315ae/Ffve/PQrhz6Vv/ODxxn++PTT97+8d3nK1TyMEAAAAAAAAAAAAAAAAAOBDtnDv7v2fTk6FV1EY3ova39ddSI7d3o+t9s23Bv/HAgAAAAAAAAAAAAAAAAAAwAfq/fv/uehCh/f/55PjTJf61R93Tv9Kn8fJYCz+5O78jcmpZP/3qC3/alTfRj28nR0K4x32fc/u/z6bqd95//f2fo7qapTudyxE8UTqPI4nJkL4a7Lx+6XoTFwqb1e+/6i8s7nWt2F8tNLxb+zen4pOsqF/r/Gfy7Q/+P3/v952NdXOH/bvEvukpeM/1LXc334X9RT/65l6xxF/ji4d/+F62mhrgZnGBFCL/x+GD4//fKb9QcX/fAghF9XGmkvNALU1TC2923qFtHT8T9XTUlNn8kF2u///n4n/jUz7JzX/72a/iOgoHf/Gqn0kVeL9/T8eH37/38y0fxLxr41/1/d/T9LxP91IHE4VqX+Svc7/C5n2BxX/+3EyzvNR6grYixrp3f5fHWkt8Q/vqiNt+c3nq7ezcU/rv1uZ+sf1/Nfst/n815z+vxs1nv/oLH3/j3Yt1+v9v5ipN+j5f6a+/uOo0vE/U09Lr53H6j97jf9Spv1Bxb++Khlpxv/9fPLZ6Ub6X6z/epKO/1cbiXFrid36z/r6Lzp8/X870/5JrP9q49+NB9vrpyId/7Ndy9WeDP7Zw/f/nUy9lvi3Ly76ZNJa/8jS8T/XtVz9/h85PP7LmXqDvv+/M8jGAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Cc8lxLERj6fM4npgI4XpyfimciVYKa/mVUnn119shzCfpuXAhelwqrxRK+fXN8loxXyiVyqsh3EjyL4aRaLtUruQ3Ck9vHrQ1Gj0pFrYqK8VCJYSwkKR/M5xrtrWyXtkoPA0h3DrI+1pc3nr6pLCZX1vf+tHk5ORkWDwYw3hU/G2luFlp9N7IDWHpoO5Y1DK4evbtg7GcjX5V3tnaLJTq6Xda6pTKq4VSS53lJO+PYTyqbO1srhYqxXyp/LjZ30maSY7zi/d+fu/OVFv+w6hxnDveYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwBb2a/uGfQgjDjbM4hDDT/CXqVP7l6+K1/Lvl5/vTl5f2Xuy/6VYOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD5nBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCrt0jNJAEIUB+M1YqJ3HsFp2O9sVRbRwRfAEegwPo0fxEt4hRYq0KUIgmYWw2YVtkur7mgfzM/MezAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOZ5eu8+3uomIsXV5jLi7+t/cZi/lPpzP37/4gwzcjrPr93DY92Uf09H+V05WrZ5l65X358xUnu/gz0Z7tNe3+d6cq6pfZuar+97EylXEdGW/DblXFXz3gIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2LIDBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgWAAAAABDmbx1F3wYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCvAAAA//94Oh30") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$l2tp6(0xa, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, 0x0, 0x0) setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="02000000010000000000000002000500", @ANYRES32=0x0, @ANYBLOB="0400010000000000100001000000000020"], 0x2c, 0x0) 4.978030385s ago: executing program 5 (id=801): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file0\x00', 0x0, &(0x7f0000001800)={[{@umask={'umask', 0x3d, 0x3}}, {@gid}, {}, {@uid}, {@nls={'nls', 0x3d, 'iso8859-5'}}, {@part={'part', 0x3d, 0x200006}}]}, 0x1, 0x6eb, &(0x7f0000000440)="$eJzs3U1sHHfdB/DvrNcbbyq5bp+kzYOQYjUiggYSO0tJkJAICKEcKojEpVeTOI0VJ41sFyURIi5QOMIJ5dBDEQqHnhAHpCIOiHJGQuKeeyQO3CIOLJrdWXvX7xvHdkI/H2l2/jP/t9/8dmb2JbE2wKfWxbcyupwiF0+9ebvcfvigNf/wQetGr5zkUJJaUu+uUtxMik+SC+ku+f9yZzVcsdk8bzz6+IOT9z9qdbfq1dJpX9uq36r2FjMsV0smk4xU6yHVNxvv8gbj3Rtq6GIl7jJhJ3qJg4PWXmd5mO47uG6BZ929ZGR0g/0TyeEkY9X7gFR3h9o+h/fUDXWXAwAAgGfTyHYNXnycx7md8f0JBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5/Y0mK7m8GFtVS65UnU1S////dVPtKjcbBhryNL25T//7VfQoEAAAAAAAAAIbQ3Fmz0dXi8cd5nNsZ7223i86/+b/W2TjSeXwh72Yxs1nI6dzOTJaylIVMJ6PjfWM2bs8sLS1Mr+/5q5Q92+32varn2SQT63qe3c1xAwAAAAAAAMCn3o9zMeMHHQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPQrkpHuqrMc6ZUnUqsnGUvSKNstJ3/qlZ9nfz7oAAAAAGDvNav1ePGfbqFddD7zv9L53D+Wd3MzS5nLUuYzmyud7wK6n/prf19uzT980LpRLusH/sY/h4qjM2KSkby3ycxTnRZHV3pczLfzvZzKZC5lIXP5QWaylNlMplkeRGZSZKLZ/fZiohfnYLwj1VAXBkK5tDa242u2j3UiaeZq5jqxnc7lRm+0WqdFkWN9s/2hkfRnaDx5r8xO8fXKDnN0pe/5+mX1vUyl/eIOx9gbE50jH13JyFSZ+yobL22c+54hz5O1M02ntvId1JHVWcrNtTP1cv79YXJ+uFqXuf7ZYM6ftiG/SlubibOpjfXqXhnM+a3P3X95sPMX/vGXS9dqN69fu7p4ag8PaU+N9gprM9FKrboOk1e3PvuqTMyXmVjeeSZG1+4Y28VxPEWNKhvdG9vO7pbf6pRm8lrfKfhOrmQ25zKV6ZzPVL6as2mVZ9hKXo8O5LXeujGYk861Vlt/f2tuEfyJz/c1+vk2jfdXmZeX+vLaf6eb6NRVey78IlN9WXp567PvSV4F6p+pCuUcP1l5xXkWDGSiujf3ouu9QG2SiV+3y8fF+ZvXF67N3NrhfCerdXnZvj94b/7Nrg9mV8rzpbzj1jtbnZw0e+dLWfd/K9EO5qtR/YtLt19tXd3RlbqJjGcu39n0Sm1U7+HWj9Ste3XDulan7lhf3cC7nLyT+c67kDUm9yerAOzY4dcPN5qPmn9rftj8afNa882xbx46f+izjYz+tf7Hkd/Vflv7WvF6PsyPys+kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAbi3euXt9Zn5+dmEPC40nnCu1bds8eGFnA2Yi2Xquoio09jobz0DhX2NbZqOZPZr990m2aNPY9RTF3p/P5Yn8VAbs/XBaZ097ZIju9V6vjdvUszi22TN4aPV5z8T1mfl/twfaNNN3yQD/484s3bh1ZvHO3S/N3Zh5e/bt2Ztnz587f671lekvn7k6Nz871X086CiBvbB45+7IQccAAAAAAAAAAAAADKf63/9LfX8hkKH+/KO+TZvGwuLGMx/f70MFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnlMX38rocopMT52eKrcfPmjNl0uvvNqynqSWpPhhUnySXEh3yUTfcMVm87zx6OMPTt7/qLU6Vr3XvrZVv51ZrpZMJhmp1ts7tMEw68e73Dfe8hOFV6wcYZmwE73EwUH7bwAAAP//fJzz5w==") mount$nfs(&(0x7f00000001c0)='\xb2\x83\x87J9I\xc3i\xe4\x81\xc5:\xccLD\x9d\xd8\xc7\x90v\x8b\x82\x90\xa4\xdd\x98\xb8\rQh#\xfacl\x01\x8cC\x1f|\xa5\xcb\x8f\xe5WJ\x00>\xf2\xd6\t\xf4IE\xcb\x15A\xb5\xbbG\xa0\xea\xc4\x03\xf2\xf5\xf4\xa1\x98', &(0x7f0000000240)='./file0\x00', 0x0, 0x201008, 0x0) 4.926031756s ago: executing program 0 (id=802): socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socketpair$unix(0x1, 0x2, 0x0, 0x0) syz_mount_image$erofs(&(0x7f0000001240), &(0x7f0000000200)='./file0\x00', 0x2800080, &(0x7f0000001280)=ANY=[], 0xff, 0x20d, &(0x7f0000001000)="$eJzsmb9rFEEUx78zu/cjQQQbCxsLD4xo9nb3VIKQIoK9EDXa5TBriG5yYW/VS8Ai2NhYWgi2/gMWFqks7OxstdCAYGE67Q5GZnZ2d9i7PTzxziLvA3n5zts3M29n2e/BHQiCOLIcfP315fnVhRsXABxDAzWd/27lNdyo//zy4fkXi9devfn0+v3W8Sf7xfVqY+4vt3m3ZCHGjBoLIYR5vaEis2UXDZ27CY5zWq8YM1bBcUvnAzDc0fq+oTszWoSBc7cTrt3bCANXBk8GX4aWub8N4HCPYQ1AXffHjOvdnd0H7TAMoq6ViiRTEek+UV7zd2LU+an+ljgW9Vj2J5/X7WdP9+TY0XnXOD8PHJ7WLTAsa72AGhzHyY/EuP9Tdr6+NfT+JyWsYqZXqFk9KJt+Yn6Sjf0jUZnCGU5AMKSZ+qjilUf/v9WiYMWMfKGzzMnD/Q+Ds7796RY/t5MXY9iJTeuVKQhlXAAGLn2czTOpcY+zclXPGVqT+5N077OGP9mwM/9oxpvbze7O7vzGZns9WA+2fL912b3oupf8pjKiJA74Xj/zv7ryp1lj/UqJV1ZZFb12HEdeD4gjLxv7STQcd/lt54eaw5X/ccydSdaQD1HddskHHdN/XP1nfYE5q6QdgiAIgiAIgiAIgiAIgiCIMTkNpr4F1T9UiQKAuPJYCOFfV9W/AwAA//+VV18P") quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/igmp\x00') pread64(r1, &(0x7f0000000180)=""/43, 0xfd8a, 0x3c) syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x810408, 0x0, 0xff, 0x0, &(0x7f00000007c0)) 4.474294782s ago: executing program 0 (id=805): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = fsopen(&(0x7f0000000080)='efivarfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x101000, 0x108) lseek(r4, 0x8, 0x0) 3.782102267s ago: executing program 5 (id=806): r0 = socket$tipc(0x1e, 0x2, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10) bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0xfffffffd}}, 0x10) bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x20000003}}}, 0x10) bind$tipc(r3, &(0x7f0000000440)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x3}}, 0x10) bind$tipc(r3, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x1, 0x3}}, 0x10) bind$tipc(r0, 0x0, 0x0) 3.730851338s ago: executing program 1 (id=807): r0 = syz_open_dev$tty1(0xc, 0x4, 0x4) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r1) sendmsg$IEEE802154_LLSEC_ADD_DEV(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="4d7e00000000000000002a00000008002f000000000005003600000000000c0005000000000200000000050037000000000008000200", @ANYRES32=r1, @ANYBLOB="06000600fe000000060004"], 0x50}, 0x4, 0x700000000000000, 0x0, 0x4}, 0x4040084) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000140)={0x2, {0x2, 0x2, 0x2, 0xfeff, 0x5}}) r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4) ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r6], 0x1c}}, 0x4008054) write$nci(r3, &(0x7f0000000240)=ANY=[@ANYBLOB='p\x00\t'], 0xc) r9 = socket(0x1e, 0x1, 0x0) write$nci(r3, &(0x7f0000000000)=ANY=[@ANYRES32=r8, @ANYRES8=r4, @ANYRES16=r9, @ANYRESDEC=r5, @ANYRESHEX=0x0, @ANYRESDEC=r7, @ANYRES32=r6], 0x14) 3.717612749s ago: executing program 5 (id=808): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet(0x2, 0x2, 0x1) bind$inet(r3, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10) bind$unix(0xffffffffffffffff, 0x0, 0x0) 3.603174163s ago: executing program 0 (id=809): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_mount_image$minix(&(0x7f00000000c0), &(0x7f0000000040)='./file2\x00', 0x1200808, &(0x7f0000000100)=ANY=[@ANYRES64=r3, @ANYRES16, @ANYRES16, @ANYRESOCT, @ANYRES8, @ANYRES16], 0x1, 0x1e6, &(0x7f0000000140)="$eJzs20tu00Acx/HfJGkSQ4HyXCCkILGADUmaikqsWs7BqmrTqsIFhNkkQsJcAM7AObgMB4AFO1YY+ZGm9aM1E9y0zfez8Xh+/dvjuu6MolgAFtamHsrIqBnuPGivfLltStU1qx4YgMoFyfZPYMOxqgJwXtR/p3uSFYA/n/EAOCs/X0jfJf349WFb9eyqPsz9SV5rZfNP0v1Gkpu2nPT64qv0eFJvrmTrG/E2zq/mHv/Jo8n5l3VN13VDK7qpW8aXifKdw/p7VmsgAAAWjVH3tLwr1QvSePLOrgqmlrT7LTurTzW1u+8OB6fka4V5K8q722/cnRPOAiBPrdTzX6wePX/9gnRJivLVZL9tO0wAFfBG45Zcd/jOG4WTfNQYv9py/6nhWFWVaZjKjpzfaKZ6go+SDns2bY8c6FiPc/T33PE6sw/exJ/SKB05ZcpryoteWgxjIxuFU8BsN8X4VuXLn5V7XbM1NlTqhzs598K60TqjP/7jjXn/ZwJQtd77g7c9bzR+un+wtTfcG74e9PvP15+tra4PetHKvnfS+h7ARTad9HXk20AAAAAAAAAAAAAAAOAiuaO74Sb92i4AAACAS+i/vTPUUOHrVvO+RgAAAAAAAAAAAAAAAAAALpu/AQAA///U5AZL") truncate(&(0x7f0000000080)='./file2\x00', 0x400327c) 2.828620431s ago: executing program 5 (id=812): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r3, &(0x7f00000032c0)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0) sendmmsg$inet_sctp(r3, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)='a', 0xdd02}], 0xc, &(0x7f0000000000)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0xc}}], 0x30}], 0x1, 0x0) 2.721176134s ago: executing program 0 (id=813): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x2000000, &(0x7f0000000440)="97"}) 2.342218918s ago: executing program 0 (id=814): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, 0x0, &(0x7f0000000140)='GPL\x00'}, 0x94) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000001500)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/65, 0x0, 0xeeef0000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f000000e900)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000400)=""/185, &(0x7f0000000140)=""/79, 0x9000}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x41000, 0x72, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=""/57, 0x0, &(0x7f0000000500)=""/4092}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000240)=0x1) 2.311535998s ago: executing program 4 (id=816): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="18020000000000020000000000000000850000001700000095"], &(0x7f00000005c0)='GPL\x00'}, 0x94) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r3, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r4, @ANYBLOB="00001000252155b21c0012000c000100626f6e64"], 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001cc0)=ANY=[@ANYBLOB="3c0000001000030500000000fcffffff00000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001400128009000100626f6e64000000000400028008000a00", @ANYRES32=r4], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=ANY=[@ANYBLOB="5c00000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800b0001006772657461700000240002800800070064010100060003001008000008001500700f0d0008000700ac1414bb08000a00", @ANYRES32=r4], 0x5c}}, 0x40) r5 = socket(0x10, 0x803, 0x8) sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x2d}, 0x1, 0x0, 0x0, 0x8801}, 0x8000) getsockname$packet(r5, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000001c0)={r0, r6, 0x25, 0x0, @val=@netkit={@void, @value=r0}}, 0x1c) 2.27117566s ago: executing program 2 (id=817): socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, 0x0, 0x0) socket$igmp(0x2, 0x3, 0x2) socket$inet(0x2, 0x2, 0x0) r0 = socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @mcast1={0xff, 0x2}}, @IFA_FLAGS={0x8, 0x8, 0x702}]}, 0x34}}, 0x0) r3 = socket(0x10, 0x803, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295a5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r5}, [@IFA_LOCAL={0x14, 0x2, @mcast1={0xff, 0x2}}, @IFA_ADDRESS={0x14, 0x1, @local}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 2.26976318s ago: executing program 2 (id=818): connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22, 0x20, @loopback, 0x23}, 0x1c) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000001500)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/65, 0x0, 0xeeef0000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001b40)={0x4, 0x0, [{0x4, 0xa3, &(0x7f0000001540)=""/163}, {0xb000, 0x80, &(0x7f0000001c40)=""/128}, {0x70000, 0xdb, &(0x7f0000001700)=""/219}, {0x0, 0xf4, &(0x7f0000001940)=""/244}]}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000400)=""/185, &(0x7f0000000140)=""/79, 0x9000}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x40f00, 0x70, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=""/57, 0x0, &(0x7f0000000500)=""/4092}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000240)=0x1) 2.218880352s ago: executing program 2 (id=819): r0 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_DRAIN(r0, 0x80044100, 0xf0ff1f00000000) shmget$private(0x0, 0x3000, 0x2, &(0x7f0000ffc000/0x3000)=nil) r1 = syz_open_procfs(0x0, 0x0) ioctl$BLKTRACESETUP(r1, 0xc0481273, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000004440)=ANY=[], 0x48) r3 = landlock_create_ruleset(&(0x7f00000002c0)={0x2da8}, 0x18, 0x0) landlock_restrict_self(r3, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)=@generic={&(0x7f0000000000)='./file0\x00', r2}, 0x18) syz_open_procfs(0x0, &(0x7f00000001c0)='net/sockstat\x00') fanotify_init(0x40, 0x40000) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x35c, 0x0) 2.218591402s ago: executing program 2 (id=820): r0 = socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x61, 0x8e}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x1f6, 0x4) sendmmsg$inet(r0, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000001540)="94", 0xffe3}], 0x1}}], 0x1, 0x4000800) 2.216950942s ago: executing program 4 (id=821): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) mmap$fb(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x13, r2, 0xd8000) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000600)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0xf0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 2.090223286s ago: executing program 4 (id=822): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlinkprop={0x44, 0x6c, 0x701, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x40, 0x400}, [@IFLA_MAP={0x24, 0xe, {0x3, 0x2, 0x4, 0x8, 0x7, 0x7}}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x20040040) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f00000003c0)={0x20, 0x21, 0x1, 0x70bd27, 0x25dfdbfc, "", [@nested={0x10, 0x121, 0x0, 0x1, [@typed={0xefc87e4c0f2f8e4e, 0xe0, 0x0, 0x0, @u64=0x6}]}]}, 0x20}], 0x1, 0x0, 0x0, 0x40480c4}, 0x8000) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x800010, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) unshare(0x22020600) r3 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x1, 0x14) r5 = openat$cgroup_int(r4, &(0x7f0000000100)='cgroup.max.descendants\x00', 0x2, 0x0) write$cgroup_int(r5, &(0x7f0000000140)=0x4, 0x12) 2.089570567s ago: executing program 4 (id=823): syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000012c0)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4) sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000280)=@gcm_128={{0x303}, "ed197fbfb5c342b6", "28852cbbbeba35380ee5190047169f9d", "2eb387e0", "11edf8da8e55bb27"}, 0x28) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, 0x0) sendmsg$inet(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="fc61e9597f4d9e9ea4db0de246bd87b4e239c239e441ed865dc1e26738f9f212de5680398f39e30c4f6cf935c3b4479ba9639795eff8d7fa09be54fb29e848f309e61aa47584fe80", 0x48}, {&(0x7f0000000380)="2edee5732b01b8ebcf4032595f6e8b6913b4353cc642461a92f9d3ca887c83b4f1adc4c157548ac445eb85444248b506314dee35eea0b9eccdfe0ac7e8ea40031de7b4cbaa1139599e37adb0c46cfaab548ebfefc78a6e9502a3a87f944796573f4bb9fefe7f9e69b083194f62e12014eb8e5c44bbeab9b91c755a859a05929791960a037194decb9fbf35dd1e9ff213f7874f140abf94f07386c7070dda09be3e784e8d406c3ae8f9967f23b699384f87d6504760fa23abdf3341f874acd40b5e50b66b8a1aef50603554c4383867f9ad5287798d2b1c3cd4df6de4d9ae65d606cacf9bcc2567e69eec5bd8ba02e0cec374837a0dc0cb15", 0xf8}, {&(0x7f0000000480)="f393ba8e169f0247c0f02d75b52a1384c49d010ef7d09de15e9b3d514e4df11c73509218777d2996de132ff0e2", 0x2d}], 0x3}, 0x0) write$binfmt_elf64(r1, &(0x7f0000000740)=ANY=[], 0x4a2) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1) 1.769078457s ago: executing program 5 (id=824): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x20008c0, &(0x7f0000000c80)=ANY=[@ANYBLOB="6e66733d7374616c655f72772c73686f72746e616d653d6c6f7765722c696f636861727365743d69736f383835392d362c73686f72746e616d653d6c6f7765722c636865636b3d7374726963742c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c696f636861727365743d6b6f69382d752c757466383d302c757466383d302c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e39352c696f636861727365743d6d6163637972696c6c69632c73686f72746e616d653d6c6f7765722c00a56b5bbfb959378e17e551154f7ce1796bd7d60f9a33b9a1273118efa95ae856a8986a4ec800243d3673047b0cdad0bf5512608d4828b7cf7bac7fa80234c95ed5e1a26a0033a9fea87d93cfc84ae7bb14a2e8ccbb075d8e6b05f6b5f34d79eb11ce9ba11f0d20a45bc1fa846d36f11148159bfb4aea9a0354fb91e4accb9a3c0351a8482d2353c99dddff5d1e9d2d9969aaf08a20ec5ecdf052d85f05267ba8912b0037021d2fe66895b413a70901e8b61e5dd08dd7859ff5121db92114ff5716e72c12cef6431b832e69a90a7fe94d28029106c05bf6557c9ed13f714ad0e608c41f29b7800f2874d0dd6e20a64309e3cf829e2c3c684b924f007fea7ee1e19b81bea8952d8fd759fe39973aa003a1172ddfca734ae94c23bfe8e812cdaef8675a6781bdfbd0c8d0322644e249df0cc0a7"], 0x4, 0x360, &(0x7f0000000900)="$eJzs3U+IG9UfAPBvOmmyLfS3e/hBURBGb4IubcWDnraULRRzUQn+OYjBblU2a2GDwfaw6XoRj4JHPXnzoAcPPYugiDcPXq0gVfGgvRUsjiSZJJM/m27BtK5+Pofw7Xvf77z3OsNmdnbz9uW12Dx/OC7cuHE9lpZKUV47sxY3S7ESSQxciWmVGW0AwMFwM8vi96xvnyWlBU8JAFiw3vv/q8cKLW9/OS8/8+4PAAde/v3/kXk5S3t1XFzIlACABZt6/v/QWHdl/Ef95cJvBQAAB9WzL7z41OlaxDNpuhSx9U673q7Hk6P+0xfi9WjGRpyI5bgV0b9R6L6Ueq9nz9XWT6Rp2omfVqLerWjXI7Y67Xr/TuF00quvxslYjpW8Pr/byLIsOftZbf1k2hMRVzq98WOr1K4fjqP5+N8fjY04FWn8f6o+4lxt/VSaH6C+NajvROyOnlt0578ay/HtK3ExmnE+urWD25ra+s7JND2T1cbq2/VqL69v7AnIxsJPCgAAAAAAAAAAAAAAAAAAAAAA/3qr6dDKcP+bbLR/z+rqjP7e/jj9+nx/oN3+/kBZNYss++2tR+vvJjG2P9Dk/jztejkO3dulAwAAAAAAAAAAAAAAAAAAwD9G61IlGs3mxnbr0uXNYtDZbl06FBHdlje+/uSLIzGdc5ugnI9R6ErzpsubjSwZJGfJWE4eJN3BBy0fXx3OuJhTHa5i5jSqe3c1m8ce/PGDUcsDyeDIf45ykpi9wGRiGsVg63/9Kd3Jf9QwOHWbnGtZlg1aYmLtOy9NV0UponznJ25+kHWDr66/dt9jreOP91o+z/oefmT5uWvvf/TLZqPZHTl6Z7Cy3bqVbTbyf8++2PYOksL1U4p+UCpeCeV55bvjLY3ku1+fv/+9b4YHLM+bT1ZseXNGTtJfzqeTXZV+0J3mRNeRiSG6KVnhnP6dp2kyOP7hWuPqzg8/77eq8EXCRh0AAAAAAAAAAAAAAAAAAHBXFD4rnss/7Ht4XtUTTy9+ZgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw94z+/n8h2J1q2U/wRyemu6ob262Iyr1eJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/3F/BQAA//9COmsa") bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0x3d}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x70) 878.436559ms ago: executing program 2 (id=825): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000492000/0x2000)=nil, 0x2000, 0x12) mremap(&(0x7f000061c000/0x13000)=nil, 0x13000, 0x4000, 0x3, &(0x7f0000fb0000/0x4000)=nil) mremap(&(0x7f00007b2000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil) 822.249621ms ago: executing program 0 (id=826): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x6) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x6a, 0xa, 0xff00}, [@call={0x3c}, @exit, @map_fd, @jmp]}, &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d) 255.67147ms ago: executing program 1 (id=827): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c0000006800e97800000000000000000a00000000000000040004"], 0x1c}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB="400000006800010000000000000000000a00000000000000060007000200000018000880140001000000000000000000000004000000000008000500", @ANYRES32=r3], 0x40}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0xd, &(0x7f0000000180)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r6}, 0xc) sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@ipv4_newroute={0x24, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x10, 0x0, 0xfe, 0x4, 0x0, 0x1, 0x20000000}, [@RTA_NH_ID={0x8, 0x1e, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@ipv4_newroute={0x24, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x10, 0x0, 0xff, 0x4, 0x0, 0x1, 0x20003300}, [@RTA_NH_ID={0x8, 0x1e, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x5010) 255.372991ms ago: executing program 4 (id=828): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x1, 0x84) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000280), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x1c, r3, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x4008004) write$nci(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="414601", @ANYRES32=r2], 0x4) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x40002002) r4 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) mkdirat$cgroup(r4, 0x0, 0x1ff) 179.911434ms ago: executing program 5 (id=829): r0 = socket$xdp(0x2c, 0x3, 0x0) syslog(0x3, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) ftruncate(r1, 0x200c17a) prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/58, 0x10c000, 0x800, 0x0, 0x1}, 0x20) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 86.173226ms ago: executing program 1 (id=830): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000000480)=""/74, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000400)) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x2e8, 0x1c0, 0xe138, 0x198, 0x1c0, 0x198, 0x2a0, 0x358, 0x358, 0x2a0, 0x358, 0x3, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, '\x00', 'veth0_to_bond\x00', {}, {}, 0x21}, 0x0, 0x130, 0x198, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'fsm\x00', "0d0004000000000000000404fff0cf81dfd28c89544e14cd3e01dd24289831867846c88621039b284c3ff45c42995560a99952bed40cf5a8c1df6cdbdb7e2378d5afd35f4c16827f55b3af494e39e8fb330200000000000032b6a99a8d87298e88a94cb519f5c17631af916a0002000000000000000000000000000000000049", 0xc}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00', {0xfffffffffffffffc}}}}, {{@uncond, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x348) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000200)={0x28, 0x0, 0xffffffff, @my=0x1}, 0x10) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=""/57, 0x0, &(0x7f0000000500)=""/4092}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="181a0000000000000000000023530080"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d}, 0x94) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) 63.257068ms ago: executing program 4 (id=831): r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000a00)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0x10}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x3, 0x7fffffff, 0x6361, 0x5, 0xffffffff, 0x403}, [@TCA_NETEM_CORRUPT={0xc, 0x4, {0xfffffffe, 0x101}}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee1611d4b8bf4a31accb", 0xfdef}], 0x1}, 0x0) 0s ago: executing program 2 (id=832): r0 = syz_open_dev$sndpcmc(&(0x7f0000000080), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_PREPARE(r0, 0x4140, 0x0) socket$igmp(0x2, 0x3, 0x2) syz_usb_connect(0x3, 0x1c, 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0) r1 = syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x0, &(0x7f0000000680), 0x1, 0x5cb, &(0x7f00000006c0)="$eJzs3U9vHGcdB/DvbhzHNmq6SZM20EpYRQKERWLvopKgqkApyEIVasUrsIjTWFm7lb1Fbg/IIM59DeVgqWfEFalSOcMrQEY9InE3J1czO7vrP1vXTlzvuv18pNnneeaZeeY3v/mTmbWiDfC1tTiXia3Usjj3+mbR3tlutXe2W6u9epIrSerJVJJaMftvST5NttKd8s1ex77yiDdffuqjD57/5JVua6qayuVrx613Mv1YGt1Yz3S8ZlU+vsEezia5XpUwcns9/xna/YTXEQAwzmrJpWHzG8lM9bBevAd0n4q7z9gX2taoAwAAAIBz8PRudrOZq6OOAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC6S6vf/a9VU79VnU+v9/v9kNS9V/UL7eNQBAAAAAAAAAMAZ+PZudrOZq732Xq38m/+LZeNG+fmNvJuNLGc9t7OZpXTSyXoWkjT2DTS5udTprC+cYM3m0DWb57O/AAAAAAAAAPAV9acsDv7+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA46CWXOoW5XSjV2+kPpFkKslksdxW8q9e/SL7eNQBAAAAwDl4eje72czVXnuvVr7zP1u+90/l3aylk5V00s5y7pffBXTf+us72632znZrtZiOjvvz/50qjHLEdL97GL7lW+US03mQlXLO7fwub6ed+6mXaxZu9eIZHtcfi5hqP62cMLL7VVns+a+rcjw0yoxc7mdkvoqtyMa14zNxyqNzeEsLqfe/+bnxJeR8piqL/XltrHPe3Hf2PXt8JpKZf7f+/7C99ujhg4258dmlx3Q4E619mXjua5WJ+TITN/vtxfwqv81cZvNG1rOS32cpnSxnNq+VtaXqfC4+G8dn6mcHWm98USST1XG5VLVOE9OL5bpXs5Lf5O3cL6/yu2mmmZdyN/fSLK/63hG+eYKrvn66q/47368ql5P8sirHQ5HXa/28HrznNsq+/XMGWbp+9vfGiW9VleLseXXs7o3XDv0r0cvEM8dn4i97xedGe+3R+sOld064ve9VZZGBX4xVJorz5XpxsMrWwbOj6HtmaN9C2Xej31c/0nez3/dFV+pk9Qx3dKRm2ffc0L5W2XdrX9+w5y0Axt7MD2Ymp/87/c/pD6f/PP1w+vWpV6/cvfLCZC7/4/JPJuYvfbf+Qu2v+TB/GLz/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAj2/jvfcfLbXby+sqKioq/cqo70zAl+1OZ/WdOxvvvf/DldWlt5bfWl77UbP10r0ftxbuLdx5sNJenu9+jjpMAOAMDR76Rx0JAAAAAAAAAAAAAADwec7jvxOPeh8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICvtsW5TGylloX52/NFe2e71S6mXn2w5FSSWlH5e5JPk610pzT2DVf7vO28+fJTH33w/CevDMaa6i1fO269kzkQS/1QTE86XvOJxxvs4WyS61UJI/dZAAAA///o4gGx") pidfd_getfd(0xffffffffffffffff, r1, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x2000) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r0, 0xc06c4124, &(0x7f00000000c0)) r2 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_UNLINK(r2, 0x40044160, 0x3) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_disconn_complete={{0x5, 0x4}, {0x0, 0xc8, 0x16}}}, 0x7) kernel console output (not intermixed with test programs): 21] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.830231][ T4321] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.832374][ T4320] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.833872][ T4320] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.837933][ T4320] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.841369][ T4320] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.842488][ T4320] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.846757][ T4320] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.851411][ T4329] team0: Port device team_slave_1 added [ 30.914141][ T4325] device hsr_slave_0 entered promiscuous mode [ 30.953011][ T4325] device hsr_slave_1 entered promiscuous mode [ 30.995715][ T4329] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.996877][ T4329] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.000911][ T4329] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 31.006722][ T4329] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 31.007786][ T4329] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.012166][ T4329] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.016558][ T4333] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.017676][ T4333] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.019206][ T4333] device bridge_slave_0 entered promiscuous mode [ 31.026423][ T4333] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.027609][ T4333] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.029093][ T4333] device bridge_slave_1 entered promiscuous mode [ 31.093906][ T4321] device hsr_slave_0 entered promiscuous mode [ 31.132947][ T4321] device hsr_slave_1 entered promiscuous mode [ 31.172833][ T4321] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 31.174071][ T4321] Cannot create hsr debugfs directory [ 31.223916][ T4320] device hsr_slave_0 entered promiscuous mode [ 31.263034][ T4320] device hsr_slave_1 entered promiscuous mode [ 31.302842][ T4320] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 31.304112][ T4320] Cannot create hsr debugfs directory [ 31.310127][ T4333] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 31.322560][ T4333] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 31.373941][ T4329] device hsr_slave_0 entered promiscuous mode [ 31.433393][ T4329] device hsr_slave_1 entered promiscuous mode [ 31.472842][ T4329] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 31.474065][ T4329] Cannot create hsr debugfs directory [ 31.492724][ T4333] team0: Port device team_slave_0 added [ 31.500078][ T4333] team0: Port device team_slave_1 added [ 31.529963][ T4333] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 31.531044][ T4333] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.535625][ T4333] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 31.537910][ T4333] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 31.538953][ T4333] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.546104][ T4333] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.624004][ T4333] device hsr_slave_0 entered promiscuous mode [ 31.673042][ T4333] device hsr_slave_1 entered promiscuous mode [ 31.712870][ T4333] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 31.714106][ T4333] Cannot create hsr debugfs directory [ 31.742163][ T4325] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 31.783888][ T4325] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 31.836830][ T4325] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 31.893874][ T4325] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 31.953930][ T4321] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 31.996397][ T4321] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 32.034060][ T4321] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 32.077199][ T4321] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 32.118251][ T4320] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 32.145934][ T4320] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 32.174315][ T4320] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 32.227317][ T4320] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 32.322598][ T4329] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 32.354133][ T4329] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 32.384870][ T4329] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 32.424816][ T4329] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 32.454693][ T4325] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.461217][ T4333] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 32.493539][ T4327] Bluetooth: hci3: command 0x0409 tx timeout [ 32.494501][ T4327] Bluetooth: hci4: command 0x0409 tx timeout [ 32.495519][ T4327] Bluetooth: hci0: command 0x0409 tx timeout [ 32.496454][ T4327] Bluetooth: hci1: command 0x0409 tx timeout [ 32.497529][ T4327] Bluetooth: hci2: command 0x0409 tx timeout [ 32.502356][ T4333] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 32.553906][ T4333] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 32.625761][ T4333] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 32.675490][ T4321] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.687246][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 32.689362][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 32.696744][ T4321] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.699856][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 32.701651][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 32.705869][ T4325] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.711408][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 32.713521][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 32.715159][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.716298][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.725859][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 32.727442][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 32.729062][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 32.730741][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.732009][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.739317][ T4329] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.741439][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 32.743649][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 32.744967][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.746109][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.749985][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 32.751453][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 32.765639][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 32.767284][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 32.768675][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.769800][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.771152][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 32.772510][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 32.776226][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 32.783694][ T4333] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.789507][ T4329] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.791042][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 32.792582][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 32.796984][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 32.805008][ T4333] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.807882][ T4320] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.809685][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 32.811375][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 32.813438][ T4368] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.814484][ T4368] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.815953][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 32.817519][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 32.818989][ T4368] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.820065][ T4368] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.821368][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 32.823242][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 32.829281][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 32.830775][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 32.832380][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 32.834837][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 32.836438][ T4368] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.837663][ T4368] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.839201][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 32.841428][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 32.843409][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 32.845107][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 32.846659][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 32.848054][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 32.857753][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 32.859829][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 32.861378][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 32.863493][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 32.864895][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 32.866354][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 32.867666][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 32.869135][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 32.870579][ T4368] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.871657][ T4368] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.877397][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 32.879770][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 32.881317][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 32.883415][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 32.886168][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 32.887619][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 32.889907][ T4320] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.899897][ T4321] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 32.901516][ T4321] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 32.906865][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 32.908503][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 32.909949][ T55] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.911133][ T55] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.912598][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 32.916278][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 32.917979][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 32.919348][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 32.921152][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 32.923744][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 32.925257][ T55] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.926374][ T55] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.927577][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 32.929221][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 32.930814][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 32.932388][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 32.935022][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 32.936599][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 32.938058][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 32.939662][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 32.941175][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 32.942619][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 32.944736][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 32.946281][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 32.947660][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 32.949030][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 32.952719][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 32.959153][ T4325] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 32.961841][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 32.968312][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 32.969968][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 32.971360][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 32.976061][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 32.980068][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 32.989809][ T4320] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 32.991513][ T4320] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 32.997583][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 32.999927][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 33.001548][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 33.007735][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 33.014190][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 33.016230][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.021083][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 33.022701][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.028013][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 33.029510][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 33.034352][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 33.035924][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.037392][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 33.038797][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.040888][ T4333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 33.081757][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 33.083126][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 33.086761][ T4321] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.104971][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 33.106359][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 33.111429][ T4325] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.124160][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 33.126207][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.137631][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 33.139320][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.148947][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 33.150188][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 33.154561][ T4329] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.174549][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 33.176074][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.177703][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 33.179216][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.180967][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 33.182366][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 33.188864][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 33.190355][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 33.195537][ T4321] device veth0_vlan entered promiscuous mode [ 33.202129][ T4320] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.204467][ T4325] device veth0_vlan entered promiscuous mode [ 33.206325][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 33.207573][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 33.218058][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 33.219580][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.221810][ T4321] device veth1_vlan entered promiscuous mode [ 33.224892][ T4325] device veth1_vlan entered promiscuous mode [ 33.230758][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 33.232289][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 33.236996][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 33.238220][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 33.245279][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 33.246824][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 33.248252][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 33.249920][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.252272][ T4333] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.260847][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 33.262426][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.264097][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 33.265400][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 33.272208][ T4329] device veth0_vlan entered promiscuous mode [ 33.280362][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 33.281960][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.285540][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 33.287056][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 33.290489][ T4320] device veth0_vlan entered promiscuous mode [ 33.296751][ T4329] device veth1_vlan entered promiscuous mode [ 33.300382][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 33.301775][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 33.303731][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 33.305349][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 33.306785][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 33.310765][ T4321] device veth0_macvtap entered promiscuous mode [ 33.314837][ T4325] device veth0_macvtap entered promiscuous mode [ 33.317217][ T4320] device veth1_vlan entered promiscuous mode [ 33.324575][ T4321] device veth1_macvtap entered promiscuous mode [ 33.326532][ T4325] device veth1_macvtap entered promiscuous mode [ 33.341488][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 33.343401][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 33.344819][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 33.346176][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 33.347756][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 33.349230][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 33.350620][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 33.352072][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 33.361802][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 33.367860][ T4321] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.370267][ T4321] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.372538][ T4321] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.374751][ T4321] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.376138][ T4321] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.377515][ T4321] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.383809][ T4329] device veth0_macvtap entered promiscuous mode [ 33.388010][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 33.389593][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 33.391240][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 33.393602][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 33.395158][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 33.397315][ T4325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 33.398873][ T4325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.401085][ T4325] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.405362][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 33.407421][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 33.408911][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 33.410382][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 33.413719][ T4325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 33.415380][ T4325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.417498][ T4325] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.420403][ T4325] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.421820][ T4325] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.424284][ T4325] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.425735][ T4325] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.430230][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 33.431833][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 33.434398][ T4320] device veth0_macvtap entered promiscuous mode [ 33.436645][ T4320] device veth1_macvtap entered promiscuous mode [ 33.441306][ T4329] device veth1_macvtap entered promiscuous mode [ 33.462473][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 33.464507][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 33.465899][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 33.467348][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 33.468892][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.470509][ T4320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 33.472198][ T4320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.476581][ T4320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 33.478191][ T4320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.481061][ T4320] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.486977][ T4329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 33.488701][ T4329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.490280][ T4329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 33.491899][ T4329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.494795][ T4329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 33.496444][ T4329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.498784][ T4329] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.501985][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 33.503682][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 33.505138][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 33.506632][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 33.518743][ T4333] device veth0_vlan entered promiscuous mode [ 33.526651][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 33.528253][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.530227][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 33.534282][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 33.538509][ T4320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 33.540106][ T4320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.541636][ T4320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 33.543583][ T4320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.545851][ T4320] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.547589][ T4329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 33.549099][ T4329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.550580][ T4329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 33.552102][ T4329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.554924][ T4329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 33.556609][ T4329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.558868][ T4329] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.566214][ T4333] device veth1_vlan entered promiscuous mode [ 33.568286][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 33.569783][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 33.571374][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 33.573664][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 33.575079][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 33.580086][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 33.581366][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 33.583149][ T4368] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 33.584408][ T4368] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 33.586048][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 33.588202][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 33.591180][ T4329] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.592633][ T4329] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.594351][ T4329] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.595691][ T4329] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.598130][ T4320] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.599518][ T4320] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.601144][ T4320] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.602616][ T4320] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.625102][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 33.626745][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 33.628249][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 33.634755][ T39] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 33.636095][ T39] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 33.638285][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 33.644538][ T4368] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 33.645865][ T4368] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 33.647984][ T4333] device veth0_macvtap entered promiscuous mode [ 33.661856][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 33.663521][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 33.670639][ T4333] device veth1_macvtap entered promiscuous mode [ 33.691957][ T4333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 33.699245][ T4368] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 33.700519][ T4368] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 33.702025][ T4333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.704540][ T4333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 33.706078][ T4333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.707570][ T4333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 33.709371][ T4333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.711004][ T4333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 33.712660][ T4333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.715899][ T4333] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.720811][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 33.722397][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 33.724432][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 33.725961][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 33.746493][ T4333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 33.748193][ T4333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.749779][ T4333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 33.751550][ T4333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.757860][ T4333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 33.759620][ T4333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.761252][ T4333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 33.763446][ T4333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.766083][ T4333] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.769016][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 33.770237][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 33.796584][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 33.798224][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 33.799680][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 33.803146][ T4333] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.804655][ T4333] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.806215][ T4333] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.807640][ T4333] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.820679][ T4404] device syzkaller0 entered promiscuous mode [ 33.880422][ T4368] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 33.881734][ T4368] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 33.884626][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 33.893138][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 33.894475][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 33.895781][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 34.062597][ T4368] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.064332][ T4368] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.065507][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 34.074726][ T4368] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.076089][ T4368] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.077436][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 34.233631][ T4421] loop1: detected capacity change from 0 to 256 [ 34.267961][ T4421] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x389acbd6, utbl_chksum : 0xe619d30d) [ 34.305368][ T4421] input: syz1 as /devices/virtual/input/input2 [ 34.330424][ T4412] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.331818][ T4412] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.572914][ T4332] Bluetooth: hci2: command 0x041b tx timeout [ 34.573976][ T4332] Bluetooth: hci1: command 0x041b tx timeout [ 34.574881][ T4332] Bluetooth: hci0: command 0x041b tx timeout [ 34.575132][ T4327] Bluetooth: hci4: command 0x041b tx timeout [ 34.575825][ T4332] Bluetooth: hci3: command 0x041b tx timeout [ 34.712907][ T4412] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 34.727486][ T4412] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 34.980336][ T4412] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.981920][ T4412] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.983840][ T4412] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.985288][ T4412] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.220667][ T4430] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10'. [ 35.488274][ T4442] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 35.624300][ T4447] Illegal XDP return value 4294967294 on prog (id 1) dev syz_tun, expect packet loss! [ 35.935377][ T4451] block nbd2: shutting down sockets [ 35.974930][ T4461] Zero length message leads to an empty skb [ 36.053308][ T4463] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 36.058545][ T4463] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 36.083448][ T4459] IPv6: addrconf: prefix option has invalid lifetime [ 36.129914][ T4468] loop2: detected capacity change from 0 to 512 [ 36.270486][ T4475] loop0: detected capacity change from 0 to 512 [ 36.286003][ T4475] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a816c018, mo2=0002] [ 36.287404][ T4475] System zones: 0-2, 18-18, 34-35 [ 36.291794][ T4475] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 36.653579][ T4332] Bluetooth: hci4: command 0x040f tx timeout [ 36.654656][ T4332] Bluetooth: hci0: command 0x040f tx timeout [ 36.655571][ T4332] Bluetooth: hci1: command 0x040f tx timeout [ 36.656512][ T4332] Bluetooth: hci2: command 0x040f tx timeout [ 36.657573][ T4332] Bluetooth: hci3: command 0x040f tx timeout [ 37.058334][ T4491] device syzkaller0 entered promiscuous mode [ 37.110003][ T4329] EXT4-fs (loop0): unmounting filesystem. [ 37.181257][ T4497] device syzkaller0 entered promiscuous mode [ 37.340875][ T4507] netlink: 12 bytes leftover after parsing attributes in process `syz.3.37'. [ 37.406782][ T4331] block nbd0: Receive control failed (result -1) [ 37.927573][ T4515] Invalid ELF header magic: != ELF [ 38.254902][ T4517] device syzkaller0 entered promiscuous mode [ 38.753214][ T4331] Bluetooth: hci3: command 0x0419 tx timeout [ 38.754336][ T4331] Bluetooth: hci2: command 0x0419 tx timeout [ 38.755577][ T4331] Bluetooth: hci1: command 0x0419 tx timeout [ 38.756828][ T4331] Bluetooth: hci0: command 0x0419 tx timeout [ 38.758070][ T4331] Bluetooth: hci4: command 0x0419 tx timeout [ 39.910669][ T4547] loop2: detected capacity change from 0 to 512 [ 39.912323][ T4547] ======================================================= [ 39.912323][ T4547] WARNING: The mand mount option has been deprecated and [ 39.912323][ T4547] and is ignored by this kernel. Remove the mand [ 39.912323][ T4547] option from the mount to silence this warning. [ 39.912323][ T4547] ======================================================= [ 39.919108][ T4547] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 39.921106][ T4547] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 39.934847][ T4547] EXT4-fs (loop2): 1 truncate cleaned up [ 39.936046][ T4547] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 40.086981][ T4559] batman_adv: batadv0: Adding interface: dummy0 [ 40.089420][ T4559] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.095052][ T4559] batman_adv: batadv0: Interface activated: dummy0 [ 40.111308][ T4559] batadv0: mtu less than device minimum [ 40.114252][ T4559] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 40.117408][ T4559] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 40.120334][ T4559] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 40.123359][ T4559] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 40.126534][ T4559] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 40.129777][ T4559] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 40.132663][ T4559] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 40.135705][ T4559] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 40.158777][ T4325] EXT4-fs (loop2): unmounting filesystem. [ 40.229665][ T4567] Bluetooth: MGMT ver 1.22 [ 40.907052][ T4580] binder: 4579:4580 tried to acquire reference to desc 0, got 1 instead [ 40.909819][ T4580] binder: 4579:4580 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 40.911999][ T4580] binder: 4580 RLIMIT_NICE not set [ 40.918102][ T4580] binder: 4580 RLIMIT_NICE not set [ 40.919741][ T4580] binder: 4580 RLIMIT_NICE not set [ 40.920719][ T4580] binder_alloc: 4579: binder_alloc_buf, no vma [ 40.922324][ T4580] binder: cannot allocate buffer: vma cleared, target dead or dying [ 40.922366][ T4580] binder: 4579:4580 transaction reply to 4579:4580 failed 6/29189/-3, size 0-0 line 3230 [ 40.925630][ T4580] binder: send failed reply for transaction 5 to 4579:4580 [ 40.927807][ T112] binder: undelivered TRANSACTION_COMPLETE [ 40.928802][ T112] binder: undelivered TRANSACTION_ERROR: 29189 [ 40.939690][ T112] binder: undelivered TRANSACTION_ERROR: 29190 [ 41.071612][ T4591] binder: 4590:4591 tried to acquire reference to desc 0, got 1 instead [ 41.078431][ T4591] binder: 4590:4591 got transaction with invalid offset (0, min 0 max 24) or object. [ 41.082540][ T4591] binder: 4590:4591 transaction call to 4590:0 failed 11/29201/-22, size 24-24 line 3346 [ 41.085446][ T3897] binder: undelivered TRANSACTION_ERROR: 29201 [ 42.252305][ T4620] loop4: detected capacity change from 0 to 128 [ 42.464182][ T4639] loop4: detected capacity change from 0 to 512 [ 42.465701][ T4639] EXT4-fs: Ignoring removed nobh option [ 42.480287][ T4637] binder: 4636:4637 tried to acquire reference to desc 0, got 1 instead [ 42.485010][ T4637] binder_alloc: 4636: binder_alloc_buf, no vma [ 42.485975][ T4637] binder: cannot allocate buffer: vma cleared, target dead or dying [ 42.491923][ T4637] binder: 4636:4637 transaction call to 4636:0 failed 23/29189/-3, size 0-0 line 3230 [ 42.508614][ T4639] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 42.511924][ T4639] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.78: attempt to clear invalid blocks 1 len 1 [ 42.515882][ T4639] EXT4-fs (loop4): Remounting filesystem read-only [ 42.517078][ T4639] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 42.519940][ T4639] EXT4-fs (loop4): Remounting filesystem read-only [ 42.521023][ T4639] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.78: invalid indirect mapped block 1819239214 (level 0) [ 42.525789][ T4639] EXT4-fs (loop4): Remounting filesystem read-only [ 42.526761][ T4639] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.78: invalid indirect mapped block 1819239214 (level 1) [ 42.528993][ T4639] EXT4-fs (loop4): Remounting filesystem read-only [ 42.530780][ T4639] EXT4-fs (loop4): 1 truncate cleaned up [ 42.531752][ T4639] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 42.890136][ T4644] netlink: 28 bytes leftover after parsing attributes in process `syz.2.80'. [ 42.905491][ T4333] EXT4-fs (loop4): unmounting filesystem. [ 42.980861][ T4654] device syzkaller0 entered promiscuous mode [ 43.218367][ T4660] tipc: Failed to remove unknown binding: 66,0,0/0:438436405/438436407 [ 43.219871][ T4660] tipc: Failed to remove unknown binding: 66,0,0/0:438436405/438436406 [ 43.222124][ T4660] tipc: Failed to remove unknown binding: 66,0,0/0:438436405/438436407 [ 43.226168][ T4660] tipc: Failed to remove unknown binding: 66,0,0/0:438436405/438436406 [ 43.828692][ T27] audit: type=1326 audit(43.810:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4671 comm="syz.3.91" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7ff771a8 code=0x7fc00000 [ 43.832193][ T27] audit: type=1326 audit(43.810:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4671 comm="syz.3.91" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=94 compat=0 ip=0xffff7ff771a8 code=0x7fc00000 [ 44.187944][ T4682] loop2: detected capacity change from 0 to 8192 [ 44.196159][ T4682] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 44.198424][ T4682] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 44.200226][ T4682] REISERFS (device loop2): using ordered data mode [ 44.201208][ T4682] reiserfs: using flush barriers [ 44.223372][ T4682] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 44.226117][ T4682] REISERFS (device loop2): checking transaction log (loop2) [ 44.248155][ T4682] REISERFS (device loop2): Using r5 hash to sort names [ 44.281895][ T4682] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 44.367670][ T4689] loop0: detected capacity change from 0 to 256 [ 44.656903][ T4682] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 4 0(1) DIR], item_len 35, item_location 3709, free_space(entry_count) 2 [ 44.674258][ T4682] REISERFS error (device loop2): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 44.678285][ T4682] REISERFS (device loop2): Remounting filesystem read-only [ 44.679409][ T4682] REISERFS error (device loop2): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 4 0x0 SD] stat data [ 44.865986][ T4703] device syzkaller0 entered promiscuous mode [ 44.899292][ T4706] device syzkaller0 entered promiscuous mode [ 45.097076][ T27] audit: type=1326 audit(45.080:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4710 comm="syz.1.106" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff931771a8 code=0x7fc00000 [ 45.100504][ T27] audit: type=1326 audit(45.080:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4710 comm="syz.1.106" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=94 compat=0 ip=0xffff931771a8 code=0x7fc00000 [ 45.291691][ T4724] [ 45.363695][ T4733] 8021q: adding VLAN 0 to HW filter on device bond1 [ 45.381658][ T4733] device bond_slave_0 entered promiscuous mode [ 45.382933][ T4733] device bond_slave_1 entered promiscuous mode [ 45.384786][ T4733] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 45.387000][ T4733] bond1: (slave macvlan2): Enslaving as a backup interface with an up link [ 45.795843][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 46.294519][ T4738] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.296158][ T4738] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.309005][ T4738] device bond_slave_0 left promiscuous mode [ 46.310109][ T4738] device bond_slave_1 left promiscuous mode [ 46.327166][ T4738] batman_adv: batadv0: Interface deactivated: dummy0 [ 46.678217][ T4331] Bluetooth: hci5: command 0x1003 tx timeout [ 46.679891][ T4332] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 46.957582][ T4738] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 46.974334][ T4738] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 47.311081][ T4738] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.312475][ T4738] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.314586][ T4738] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.316054][ T4738] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.624331][ T4760] tipc: Enabling of bearer rejected, failed to enable media [ 47.696400][ T4784] netlink: 4 bytes leftover after parsing attributes in process `syz.1.127'. [ 47.985595][ T4789] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.986994][ T4789] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.991199][ T4789] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.992378][ T4789] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.994333][ T4789] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.995438][ T4789] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.013137][ T4789] team0: Port device bridge0 added [ 48.014281][ T4787] netlink: 24 bytes leftover after parsing attributes in process `syz.4.128'. [ 48.040896][ T4790] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.044087][ T4790] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.157193][ T4803] netlink: 63 bytes leftover after parsing attributes in process `syz.1.133'. [ 49.067104][ T4818] loop2: detected capacity change from 0 to 256 [ 49.107199][ T4814] loop4: detected capacity change from 0 to 32768 [ 49.115863][ T4814] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.137 (4814) [ 49.128520][ T4814] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 49.130155][ T4814] BTRFS info (device loop4): using sha256 (sha256-ce) checksum algorithm [ 49.131453][ T4814] BTRFS info (device loop4): using free space tree [ 49.207966][ T4814] BTRFS info (device loop4): enabling ssd optimizations [ 49.252559][ T4333] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 49.322626][ T4843] device syzkaller0 entered promiscuous mode [ 49.347797][ T4853] binder: 4852:4853 tried to acquire reference to desc 0, got 1 instead [ 49.352383][ T4853] binder: 4852:4853 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 49.354629][ T4853] binder: 4853 RLIMIT_NICE not set [ 49.405064][ T24] binder_debug: 4 callbacks suppressed [ 49.405075][ T24] binder: undelivered TRANSACTION_COMPLETE [ 49.413422][ T4847] netlink: 4 bytes leftover after parsing attributes in process `syz.0.143'. [ 49.835898][ T4847] team0: Port device team_slave_0 removed [ 50.597400][ T4872] syz.2.148 (4872): drop_caches: 2 [ 50.962861][ T4879] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 51.089325][ T4884] loop4: detected capacity change from 0 to 512 [ 51.185362][ T4884] EXT4-fs error (device loop4): ext4_orphan_get:1399: inode #17: comm syz.4.152: iget: immutable or append flags not allowed on symlinks [ 51.185907][ T4884] EXT4-fs error (device loop4): ext4_orphan_get:1404: comm syz.4.152: couldn't read orphan inode 17 (err -117) [ 51.186077][ T4884] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 51.284199][ T4899] block device autoloading is deprecated and will be removed. [ 51.593150][ T4902] loop2: detected capacity change from 0 to 40427 [ 51.604210][ T4902] F2FS-fs (loop2): invalid crc value [ 51.611957][ T4902] F2FS-fs (loop2): Found nat_bits in checkpoint [ 51.641037][ T4902] F2FS-fs (loop2): Start checkpoint disabled! [ 51.655803][ T4902] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 51.896458][ T4916] syz.2.160: attempt to access beyond end of device [ 51.896458][ T4916] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 52.252496][ T11] kworker/u4:1: attempt to access beyond end of device [ 52.252496][ T11] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 52.264177][ T4333] EXT4-fs (loop4): unmounting filesystem. [ 53.503792][ T4930] loop0: detected capacity change from 0 to 131072 [ 53.594587][ T4930] F2FS-fs (loop0): Test dummy encryption mode enabled [ 53.596126][ T4930] F2FS-fs (loop0): invalid crc value [ 53.623246][ T4930] F2FS-fs (loop0): Found nat_bits in checkpoint [ 53.632236][ T4930] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 53.656627][ T4930] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-ce" [ 53.670997][ T4930] fscrypt: AES-256-XTS using implementation "xts-aes-ce" [ 54.232826][ T4763] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 54.416142][ T4763] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 54.418049][ T4763] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 54.419561][ T4763] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 54.424436][ T4763] usb 1-1: config 0 descriptor?? [ 54.429692][ T4763] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 63.758603][ T4938] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 63.834660][ T4953] netlink: 120 bytes leftover after parsing attributes in process `syz.2.173'. [ 63.836381][ T4953] netlink: 88 bytes leftover after parsing attributes in process `syz.2.173'. [ 63.860049][ T4762] usb 1-1: USB disconnect, device number 2 [ 65.072182][ T4977] dns_resolver: Unsupported server list version (6) [ 65.105613][ T2061] ieee802154 phy0 wpan0: encryption failed: -22 [ 65.109392][ T2061] ieee802154 phy1 wpan1: encryption failed: -22 [ 65.216904][ T4981] netlink: 12 bytes leftover after parsing attributes in process `syz.1.180'. [ 65.245966][ T4985] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 65.299544][ T4986] loop2: detected capacity change from 0 to 8192 [ 65.335841][ T4986] loop2: p2 p4[EZD] [ 65.337506][ T4993] netlink: 'syz.1.184': attribute type 9 has an invalid length. [ 65.338804][ T4993] netlink: 32 bytes leftover after parsing attributes in process `syz.1.184'. [ 65.339026][ T4986] loop2: p4 start 201326592 is beyond EOD, truncated [ 65.745193][ T4968] udevd[4968]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 67.237491][ T5028] loop3: detected capacity change from 0 to 512 [ 67.288272][ T5028] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.193: iget: bad i_size value: 38620345925642 [ 67.290877][ T5028] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.193: couldn't read orphan inode 15 (err -117) [ 67.296302][ T5028] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 68.394570][ T5066] loop4: detected capacity change from 0 to 4096 [ 68.401039][ T5066] ntfs: (device loop4): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 68.446751][ T5066] ntfs: volume version 3.1. [ 68.450257][ T5066] ntfs: (device loop4): ntfs_read_locked_inode(): First extent of $INDEX_ALLOCATION attribute has non zero lowest_vcn. [ 68.452277][ T5066] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x5 as bad. Run chkdsk. [ 68.454576][ T5066] ntfs: (device loop4): load_system_files(): Failed to load root directory. [ 68.457027][ T5066] ntfs: (device loop4): ntfs_fill_super(): Failed to load system files. [ 68.894287][ T5040] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 69.613982][ T1514] cfg80211: failed to load regulatory.db [ 69.620321][ T4320] EXT4-fs (loop3): unmounting filesystem. [ 69.843432][ T4332] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 69.845837][ T4332] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 69.847642][ T4332] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 69.849296][ T4332] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 69.851020][ T4332] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 69.852414][ T4332] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 70.080082][ T5089] chnl_net:caif_netlink_parms(): no params data found [ 70.162297][ T5089] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.182130][ T5089] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.189806][ T5089] device bridge_slave_0 entered promiscuous mode [ 70.198804][ T5089] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.201336][ T5089] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.208108][ T5089] device bridge_slave_1 entered promiscuous mode [ 70.319597][ T5089] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.328669][ T5089] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.369994][ T5089] team0: Port device team_slave_0 added [ 70.376932][ T5089] team0: Port device team_slave_1 added [ 70.387166][ T5089] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.388504][ T5089] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.392710][ T5089] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.404112][ T5089] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.405155][ T5089] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.413581][ T5089] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.884090][ T5089] device hsr_slave_0 entered promiscuous mode [ 70.916297][ T5089] device hsr_slave_1 entered promiscuous mode [ 70.966189][ T5089] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.967584][ T5089] Cannot create hsr debugfs directory [ 71.085140][ T5089] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 71.434564][ T5089] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 71.528854][ T5089] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 71.841170][ T5089] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 71.918567][ T5076] net_ratelimit: 11 callbacks suppressed [ 71.918581][ T5076] Set syz1 is full, maxelem 65536 reached [ 71.940489][ T4327] Bluetooth: hci0: command 0x0409 tx timeout [ 72.330497][ T5089] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.335212][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 72.336776][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.340755][ T5089] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.344537][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.346405][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.348005][ T4380] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.349164][ T4380] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.351910][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 72.357421][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.359309][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.360858][ T4380] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.362048][ T4380] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.368367][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 72.370301][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 72.372037][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 72.373002][ T27] audit: type=1326 audit(72.350:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5144 comm="syz.2.226" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9b3771a8 code=0x0 [ 72.376168][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 72.388985][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 72.390915][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 72.392650][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 72.395635][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 72.397189][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 72.398747][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 72.400359][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 72.403528][ T5089] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 72.482389][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 72.485064][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 72.489160][ T5089] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.942623][ T5159] loop4: detected capacity change from 0 to 40427 [ 73.118647][ T5159] F2FS-fs (loop4): Corrupted extension count (64 + 1 > 64) [ 73.119848][ T5159] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 73.135754][ T5159] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x216 [ 73.143388][ T5159] F2FS-fs (loop4): invalid crc value [ 73.360727][ T5159] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 73.413163][ T5159] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 73.414436][ T5159] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 73.732755][ C0] sched: RT throttling activated [ 73.875982][ T5022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 73.877669][ T5022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 73.906495][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 73.911949][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 73.919221][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 73.920719][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 73.924562][ T5089] device veth0_vlan entered promiscuous mode [ 73.954299][ T5089] device veth1_vlan entered promiscuous mode [ 74.012873][ T4332] Bluetooth: hci0: command 0x041b tx timeout [ 74.056797][ T5089] device veth0_macvtap entered promiscuous mode [ 74.059110][ T5022] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 74.063567][ T5022] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 74.072681][ T5022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 74.076827][ T5022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.078345][ T5022] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 74.081295][ T5089] device veth1_macvtap entered promiscuous mode [ 74.087627][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.089476][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.091109][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.093636][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.095166][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.096842][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.171240][ T5089] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.348210][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.354782][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.359976][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.363032][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.364597][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.366247][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.368682][ T5089] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.370538][ T4602] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 74.373416][ T4602] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 74.379264][ T4602] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.381910][ T4602] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.387971][ T4602] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.407876][ T5089] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.409561][ T5089] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.411104][ T5089] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.412661][ T5089] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.447391][ T5022] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.448923][ T5022] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.450279][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 74.462020][ T1601] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.467690][ T1601] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.471056][ T4602] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 74.548674][ T5191] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 74.548674][ T5191] The task syz.4.232 (5191) triggered the difference, watch for misbehavior. [ 74.569438][ T5192] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 74.586872][ T5192] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 74.589977][ T5188] loop4: detected capacity change from 0 to 512 [ 74.908477][ T5199] process 'syz.0.238' launched '/dev/fd/3' with NULL argv: empty string added [ 74.956137][ T5199] loop0: detected capacity change from 0 to 256 [ 74.962406][ T5199] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 75.123314][ T5207] binder: 5206:5207 tried to acquire reference to desc 0, got 1 instead [ 75.127220][ T5207] binder: 5206:5207 got transaction with invalid handle, 0 [ 75.387431][ T5207] binder: 5207:5206 translate handle failed [ 75.398941][ T5207] binder: 5206:5207 transaction call to 5206:0 failed 40/29201/-22, size 88-24 line 3393 [ 75.411650][ T1514] binder: release 5206:5207 transaction 33 out, still active [ 75.430171][ T1514] binder: undelivered TRANSACTION_COMPLETE [ 75.431166][ T1514] binder: undelivered TRANSACTION_ERROR: 29201 [ 75.432279][ T1514] binder: send failed reply for transaction 33, target dead [ 75.740377][ T5227] block device autoloading is deprecated and will be removed. [ 75.773754][ T5229] overlayfs: statfs failed on './file0' [ 76.093678][ T4327] Bluetooth: hci0: command 0x040f tx timeout [ 76.387374][ T5246] netlink: 24 bytes leftover after parsing attributes in process `syz.1.255'. [ 76.850226][ T5259] x_tables: ip6_tables: icmp6 match: only valid for protocol 58 [ 77.485833][ T5269] fuse: Bad value for 'fd' [ 77.506086][ T5267] device syzkaller0 entered promiscuous mode [ 77.606958][ T5273] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 77.863328][ T5281] loop4: detected capacity change from 0 to 512 [ 78.170478][ T5281] EXT4-fs: Ignoring removed orlov option [ 78.175121][ T5281] EXT4-fs (loop4): Test dummy encryption mode enabled [ 78.176352][ T5281] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 78.183033][ T4327] Bluetooth: hci0: command 0x0419 tx timeout [ 78.200797][ T5281] EXT4-fs (loop4): 1 truncate cleaned up [ 78.201816][ T5281] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 78.273856][ T4333] EXT4-fs (loop4): unmounting filesystem. [ 78.308364][ T5288] loop4: detected capacity change from 0 to 764 [ 78.352856][ T5288] device syzkaller0 entered promiscuous mode [ 78.380318][ T5286] loop0: detected capacity change from 0 to 32768 [ 78.386035][ T5286] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.269 (5286) [ 78.390409][ T5286] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 78.392410][ T5286] BTRFS info (device loop0): using crc32c (crc32c-generic) checksum algorithm [ 78.394161][ T5286] BTRFS info (device loop0): setting nodatasum [ 78.395270][ T5286] BTRFS info (device loop0): force zlib compression, level 3 [ 78.396506][ T5286] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 78.398186][ T5286] BTRFS info (device loop0): use lzo compression, level 0 [ 78.399510][ T5286] BTRFS info (device loop0): turning on flush-on-commit [ 78.400769][ T5286] BTRFS info (device loop0): enabling auto defrag [ 78.401925][ T5286] BTRFS info (device loop0): max_inline at 4096 [ 78.403197][ T5286] BTRFS info (device loop0): using free space tree [ 78.452449][ T5286] BTRFS info (device loop0): enabling ssd optimizations [ 78.692613][ T4329] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 79.194867][ T5336] loop0: detected capacity change from 0 to 512 [ 79.284084][ T5335] device syzkaller0 entered promiscuous mode [ 80.015814][ T5352] netlink: 4 bytes leftover after parsing attributes in process `syz.2.287'. [ 80.424105][ T5356] loop5: detected capacity change from 0 to 512 [ 80.515225][ T5356] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 80.981695][ T5369] binder: 5367:5369 tried to acquire reference to desc 0, got 1 instead [ 80.986577][ T4369] binder: release 5367:5369 transaction 45 out, still active [ 80.987721][ T4369] binder: undelivered TRANSACTION_COMPLETE [ 80.994567][ T5089] EXT4-fs (loop5): unmounting filesystem. [ 80.995184][ T4369] binder: send failed reply for transaction 45, target dead [ 81.356230][ T5376] loop4: detected capacity change from 0 to 512 [ 81.371425][ T5379] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 81.413507][ T5379] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 81.432026][ T5376] EXT4-fs error (device loop4): ext4_get_branch:178: inode #13: block 1024: comm syz.4.295: invalid block [ 81.435561][ T5376] EXT4-fs (loop4): Remounting filesystem read-only [ 81.436728][ T5376] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.295: invalid indirect mapped block 1024 (level 0) [ 81.444022][ T5376] EXT4-fs (loop4): Remounting filesystem read-only [ 81.445063][ T5376] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.295: bg 0: block 35: padding at end of block bitmap is not set [ 81.447605][ T5376] EXT4-fs (loop4): Remounting filesystem read-only [ 81.448893][ T5376] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6180: Corrupt filesystem [ 81.450778][ T5376] EXT4-fs (loop4): Remounting filesystem read-only [ 81.451960][ T5376] EXT4-fs (loop4): 1 truncate cleaned up [ 81.460027][ T5376] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 81.486384][ T5375] IPVS: ovf: FWM 3 0x00000003 - no destination available [ 82.068278][ T4333] EXT4-fs (loop4): unmounting filesystem. [ 82.087312][ T5406] netlink: 24 bytes leftover after parsing attributes in process `syz.4.303'. [ 83.512299][ T5428] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.306'. [ 83.530263][ T5426] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.306'. [ 84.401762][ T5414] loop4: detected capacity change from 0 to 32768 [ 84.585309][ T5414] XFS (loop4): Mounting V5 Filesystem [ 85.091924][ T5414] XFS (loop4): Ending clean mount [ 85.107011][ T5414] XFS (loop4): Quotacheck needed: Please wait. [ 85.150211][ T5414] XFS (loop4): Quotacheck: Done. [ 85.580775][ T4333] XFS (loop4): Unmounting Filesystem [ 85.600272][ T5423] loop1: detected capacity change from 0 to 32768 [ 85.777453][ T5457] loop0: detected capacity change from 0 to 32768 [ 85.788353][ T5457] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.316 (5457) [ 85.805173][ T5457] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 85.807169][ T5457] BTRFS info (device loop0): using crc32c (crc32c-generic) checksum algorithm [ 85.808825][ T5457] BTRFS info (device loop0): setting nodatasum [ 85.809983][ T5457] BTRFS info (device loop0): force zlib compression, level 3 [ 85.811334][ T5457] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 85.816499][ T5457] BTRFS info (device loop0): use lzo compression, level 0 [ 85.817858][ T5457] BTRFS info (device loop0): turning on flush-on-commit [ 85.819400][ T5457] BTRFS info (device loop0): enabling auto defrag [ 85.820579][ T5457] BTRFS info (device loop0): max_inline at 4096 [ 85.821532][ T5457] BTRFS info (device loop0): using free space tree [ 86.252607][ T5469] loop5: detected capacity change from 0 to 512 [ 86.275788][ T5420] loop1: detected capacity change from 0 to 32768 [ 86.279621][ T5469] EXT4-fs error (device loop5): ext4_xattr_inode_iget:401: comm syz.5.319: inode #1: comm syz.5.319: iget: illegal inode # [ 86.290167][ T5469] EXT4-fs error (device loop5): ext4_xattr_inode_iget:406: comm syz.5.319: error while reading EA inode 1 err=-117 [ 86.298340][ T5469] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2800: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 86.300645][ T5469] EXT4-fs error (device loop5): ext4_xattr_inode_iget:401: comm syz.5.319: inode #1: comm syz.5.319: iget: illegal inode # [ 86.308909][ T5457] BTRFS info (device loop0): enabling ssd optimizations [ 86.321558][ T5420] XFS (loop1): Mounting V5 Filesystem [ 86.322954][ T5469] EXT4-fs error (device loop5): ext4_xattr_inode_iget:406: comm syz.5.319: error while reading EA inode 1 err=-117 [ 86.326104][ T5469] EXT4-fs (loop5): 1 orphan inode deleted [ 86.327097][ T5469] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 86.392323][ T5420] XFS (loop1): Ending clean mount [ 86.397980][ T5420] XFS (loop1): Quotacheck needed: Please wait. [ 86.431312][ T5420] XFS (loop1): Quotacheck: Done. [ 86.700887][ T4321] XFS (loop1): Unmounting Filesystem [ 87.059396][ T5089] EXT4-fs (loop5): unmounting filesystem. [ 87.071761][ T4329] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 87.187040][ T5499] loop4: detected capacity change from 0 to 32768 [ 87.230429][ T5499] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.317 (5499) [ 87.246102][ T5499] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 87.248077][ T5499] BTRFS info (device loop4): using crc32c (crc32c-generic) checksum algorithm [ 87.249609][ T5499] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 87.251146][ T5499] BTRFS info (device loop4): use zstd compression, level 3 [ 87.252312][ T5499] BTRFS info (device loop4): using free space tree [ 87.307109][ T5509] capability: warning: `syz.5.323' uses deprecated v2 capabilities in a way that may be insecure [ 87.671422][ T5517] netlink: 12 bytes leftover after parsing attributes in process `syz.0.321'. [ 87.690591][ T5499] BTRFS info (device loop4): enabling ssd optimizations [ 87.833018][ T4333] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 89.099505][ T5560] fuse: Bad value for 'fd' [ 89.109497][ T27] audit: type=1326 audit(89.090:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5555 comm="syz.1.332" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff931771a8 code=0x7fc00000 [ 89.116191][ T27] audit: type=1326 audit(89.090:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5555 comm="syz.1.332" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=94 compat=0 ip=0xffff931771a8 code=0x7fc00000 [ 90.324356][ T5570] binder: 5568:5570 tried to acquire reference to desc 0, got 1 instead [ 91.447006][ T4849] binder: release 5568:5570 transaction 56 out, still active [ 91.481896][ T4849] binder: send failed reply for transaction 56, target dead [ 92.098614][ T5586] overlayfs: failed to clone upperpath [ 92.104342][ T5586] overlayfs: failed to clone upperpath [ 92.560917][ T5594] netlink: 'syz.1.343': attribute type 10 has an invalid length. [ 92.567078][ T5594] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 92.729740][ T5607] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 92.790315][ T5546] Set syz1 is full, maxelem 65536 reached [ 92.838430][ T5614] netlink: 8 bytes leftover after parsing attributes in process `syz.5.350'. [ 92.840010][ T5614] netlink: 12 bytes leftover after parsing attributes in process `syz.5.350'. [ 92.845623][ T5614] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.847285][ T5614] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.848676][ T5614] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.850071][ T5614] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.859138][ T5614] netdevsim netdevsim5 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 92.860793][ T5614] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.904768][ T5616] netlink: 1363 bytes leftover after parsing attributes in process `syz.5.351'. [ 92.904805][ T5604] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 94.899923][ T5629] loop0: detected capacity change from 0 to 8192 [ 94.941177][ T5629] REISERFS warning (device loop0): super-6502 reiserfs_getopt: unknown mount option "fsuuid=3fd9c314-d604-36de-2b8e-" [ 94.955006][ T5639] binder: 5638:5639 tried to acquire reference to desc 0, got 1 instead [ 94.959685][ T5639] binder: 5638:5639 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 94.961694][ T5639] binder: 5639 RLIMIT_NICE not set [ 94.962545][ T5639] binder: undelivered transaction 67, put_user failed [ 94.979488][ T5639] binder: 5638:5639 ioctl c0306201 20000680 returned -14 [ 94.981302][ T4373] binder: undelivered TRANSACTION_COMPLETE [ 95.686926][ T5654] binder: 5653:5654 tried to acquire reference to desc 0, got 1 instead [ 95.688433][ T5654] binder: 5653:5654 ioctl c0306201 200003c0 returned -14 [ 95.690765][ T5654] binder: 5653:5654 got transaction with invalid data ptr [ 95.691858][ T5654] binder: 5653:5654 transaction async to 5653:0 failed 75/29201/-14, size 112-40 line 3333 [ 95.695255][ T4373] binder: undelivered TRANSACTION_ERROR: 29201 [ 96.129989][ T5662] loop5: detected capacity change from 0 to 256 [ 96.172291][ T5662] FAT-fs (loop5): Directory bread(block 64) failed [ 96.176423][ T5662] FAT-fs (loop5): Directory bread(block 65) failed [ 96.177524][ T5662] FAT-fs (loop5): Directory bread(block 66) failed [ 96.178829][ T5662] FAT-fs (loop5): Directory bread(block 67) failed [ 96.179923][ T5662] FAT-fs (loop5): Directory bread(block 68) failed [ 96.181038][ T5662] FAT-fs (loop5): Directory bread(block 69) failed [ 96.182178][ T5662] FAT-fs (loop5): Directory bread(block 70) failed [ 96.183794][ T5662] FAT-fs (loop5): Directory bread(block 71) failed [ 96.184889][ T5662] FAT-fs (loop5): Directory bread(block 72) failed [ 96.185896][ T5662] FAT-fs (loop5): Directory bread(block 73) failed [ 96.690514][ T5668] loop4: detected capacity change from 0 to 2048 [ 96.713832][ T5672] loop0: detected capacity change from 0 to 256 [ 96.724183][ T5668] loop4: p1 p3 p4 [ 96.730753][ T5668] loop4: p4 size 589824 extends beyond EOD, truncated [ 96.757939][ T5672] FAT-fs (loop0): Directory bread(block 64) failed [ 96.759278][ T5672] FAT-fs (loop0): Directory bread(block 65) failed [ 96.760388][ T5672] FAT-fs (loop0): Directory bread(block 66) failed [ 96.761696][ T5672] FAT-fs (loop0): Directory bread(block 67) failed [ 96.776498][ T5672] FAT-fs (loop0): Directory bread(block 68) failed [ 96.780010][ T5672] FAT-fs (loop0): Directory bread(block 69) failed [ 96.786899][ T5672] FAT-fs (loop0): Directory bread(block 70) failed [ 96.790464][ T5672] FAT-fs (loop0): Directory bread(block 71) failed [ 96.793094][ T5672] FAT-fs (loop0): Directory bread(block 72) failed [ 96.794129][ T5672] FAT-fs (loop0): Directory bread(block 73) failed [ 96.896883][ T5674] udevd[5674]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 96.901329][ T4967] udevd[4967]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 96.906216][ T4968] udevd[4968]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 97.479225][ T4380] kworker/u4:6: attempt to access beyond end of device [ 97.479225][ T4380] loop0: rw=1, sector=1224, nr_sectors = 608 limit=256 [ 97.491577][ T4380] kworker/u4:6: attempt to access beyond end of device [ 97.491577][ T4380] loop0: rw=1, sector=1864, nr_sectors = 6348 limit=256 [ 99.338199][ T5729] netlink: 'syz.5.387': attribute type 5 has an invalid length. [ 99.345003][ T5728] binder: 5722:5728 tried to acquire reference to desc 0, got 1 instead [ 99.346933][ T5728] binder: 5722:5728 got transaction with invalid data ptr [ 99.348129][ T5728] binder: 5722:5728 transaction call to 5722:0 failed 80/29201/-14, size 12288-0 line 3565 [ 99.364219][ T5728] syz.4.386 (5728): drop_caches: 2 [ 99.382190][ T4849] binder: undelivered TRANSACTION_ERROR: 29201 [ 99.725517][ T5739] Bluetooth: MGMT ver 1.22 [ 99.738168][ T5739] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes [ 99.847554][ T5744] netlink: 'syz.0.392': attribute type 12 has an invalid length. [ 99.848905][ T5744] netlink: 8 bytes leftover after parsing attributes in process `syz.0.392'. [ 99.850284][ T5744] bond0: option primary_reselect: invalid value (172) [ 99.899114][ T5750] binder: 5749:5750 tried to acquire reference to desc 0, got 1 instead [ 99.901482][ T5750] binder: 5749:5750 got transaction to invalid handle, 3 [ 99.982846][ T5750] binder: 5750:5749 cannot find target node [ 99.995245][ T5750] binder: 5749:5750 transaction async to 0:0 failed 86/29201/-22, size 0-0 line 3045 [ 100.257746][ T5754] binder: 5749:5754 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 100.261802][ T5754] binder: 5754 RLIMIT_NICE not set [ 100.266503][ T4375] binder: release 5749:5750 transaction 85 out, still active [ 100.267806][ T4375] binder: undelivered TRANSACTION_COMPLETE [ 100.268887][ T4375] binder: undelivered TRANSACTION_ERROR: 29201 [ 100.282070][ T4375] binder: send failed reply for transaction 85, target dead [ 101.325654][ T5766] raw_sendmsg: syz.4.398 forgot to set AF_INET. Fix it! [ 101.431762][ T5775] netlink: 'syz.1.400': attribute type 4 has an invalid length. [ 101.443423][ T5775] netlink: 17 bytes leftover after parsing attributes in process `syz.1.400'. [ 101.745659][ T5784] netlink: 12 bytes leftover after parsing attributes in process `syz.5.401'. [ 101.821507][ T5784] device bond1 entered promiscuous mode [ 101.823082][ T5784] 8021q: adding VLAN 0 to HW filter on device bond1 [ 102.223595][ T5787] device macvlan2 entered promiscuous mode [ 102.227041][ T5787] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 102.730932][ T5791] netlink: 12 bytes leftover after parsing attributes in process `syz.2.404'. [ 102.769131][ T5795] bond1: (slave gretap0): Enslaving as an active interface with an up link [ 102.772494][ T5797] bond1 (unregistering): (slave gretap0): Releasing backup interface [ 102.822109][ T5797] bond1 (unregistering): Released all slaves [ 105.002175][ T5827] netlink: 'syz.2.416': attribute type 4 has an invalid length. [ 105.003629][ T5827] netlink: 17 bytes leftover after parsing attributes in process `syz.2.416'. [ 105.049295][ T5836] netlink: 12 bytes leftover after parsing attributes in process `syz.2.419'. [ 105.060963][ T5836] device bond1 entered promiscuous mode [ 105.062136][ T5836] 8021q: adding VLAN 0 to HW filter on device bond1 [ 105.154536][ T5836] device macvlan2 entered promiscuous mode [ 105.157222][ T5836] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 105.165811][ T5841] binder: 5839:5841 tried to acquire reference to desc 0, got 1 instead [ 105.168065][ T5841] binder: 5839:5841 got transaction to invalid handle, 3 [ 105.169206][ T5841] binder: 5841:5839 cannot find target node [ 105.170162][ T5841] binder: 5839:5841 transaction async to 0:0 failed 92/29201/-22, size 0-0 line 3045 [ 105.172102][ T5841] binder: 5839:5841 ioctl c0306201 200002c0 returned -14 [ 105.173858][ T7] binder: release 5839:5841 transaction 91 out, still active [ 105.175005][ T5846] binder: 5845:5846 tried to acquire reference to desc 0, got 1 instead [ 105.175102][ T7] binder: undelivered TRANSACTION_ERROR: 29201 [ 105.179560][ T4849] binder: release 5845:5846 transaction 97 out, still active [ 105.180748][ T4849] binder: undelivered TRANSACTION_COMPLETE [ 105.184338][ T7] binder: send failed reply for transaction 91, target dead [ 105.194206][ T4849] binder: send failed reply for transaction 97, target dead [ 106.085644][ T5865] device syzkaller0 entered promiscuous mode [ 108.302485][ T5905] netlink: 12 bytes leftover after parsing attributes in process `syz.4.438'. [ 108.309729][ T5902] netlink: 12 bytes leftover after parsing attributes in process `syz.0.437'. [ 108.320690][ T5902] device bond1 entered promiscuous mode [ 108.321925][ T5902] 8021q: adding VLAN 0 to HW filter on device bond1 [ 108.370996][ T5902] device macvlan2 entered promiscuous mode [ 108.373411][ T5902] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 108.375256][ T5908] loop5: detected capacity change from 0 to 8192 [ 108.745841][ T5908] loop5: p2 p4[EZD] [ 108.748341][ T5908] loop5: p4 start 201326592 is beyond EOD, truncated [ 108.790733][ T5913] binder: 5912:5913 tried to acquire reference to desc 0, got 1 instead [ 108.794670][ T5913] binder: 5912:5913 got transaction with invalid data ptr [ 108.796163][ T5913] binder: 5912:5913 transaction call to 5912:0 failed 108/29201/-14, size 12288-0 line 3565 [ 108.800833][ T5913] syz.1.440 (5913): drop_caches: 2 [ 108.805415][ T4763] binder: undelivered TRANSACTION_ERROR: 29201 [ 108.810164][ T4968] udevd[4968]: inotify_add_watch(7, /dev/loop5p2, 10) failed: No such file or directory [ 109.765748][ T5928] netlink: 'syz.0.454': attribute type 1 has an invalid length. [ 109.802104][ T5928] 8021q: adding VLAN 0 to HW filter on device bond2 [ 110.121790][ T5928] bond2: (slave veth3): Enslaving as an active interface with a down link [ 110.181374][ T5932] bond2: (slave dummy0): making interface the new active one [ 110.185583][ T5932] device dummy0 entered promiscuous mode [ 110.189539][ T5932] bond2: (slave dummy0): Enslaving as an active interface with an up link [ 110.192062][ T5022] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 110.208173][ T5928] netlink: 14 bytes leftover after parsing attributes in process `syz.0.454'. [ 110.536018][ T5928] bond2: (slave dummy0): Releasing active interface [ 110.538442][ T5928] device dummy0 left promiscuous mode [ 110.686409][ T5944] device syzkaller0 entered promiscuous mode [ 112.971651][ T5972] binder: 5971:5972 tried to acquire reference to desc 0, got 1 instead [ 112.975248][ T5972] binder: 5971:5972 got transaction with invalid data ptr [ 112.976712][ T5972] binder: 5971:5972 transaction call to 5971:0 failed 113/29201/-14, size 12288-0 line 3565 [ 112.981284][ T5972] syz.0.453 (5972): drop_caches: 2 [ 112.988934][ T5506] binder: undelivered TRANSACTION_ERROR: 29201 [ 113.561278][ T4327] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 113.661130][ T5986] loop5: detected capacity change from 0 to 32768 [ 113.666918][ T5986] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.460 (5986) [ 113.672307][ T5986] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 113.674745][ T5986] BTRFS info (device loop5): using crc32c (crc32c-generic) checksum algorithm [ 113.676194][ T5986] BTRFS info (device loop5): turning on sync discard [ 113.677772][ T5986] BTRFS info (device loop5): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 113.679403][ T5986] BTRFS info (device loop5): use zstd compression, level 3 [ 113.680644][ T5986] BTRFS info (device loop5): turning on async discard [ 113.681952][ T5986] BTRFS warning (device loop5): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 113.687449][ T5986] BTRFS info (device loop5): trying to use backup root at mount time [ 113.688865][ T5986] BTRFS info (device loop5): force zlib compression, level 3 [ 113.690090][ T5986] BTRFS warning (device loop5): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 113.691851][ T5986] BTRFS info (device loop5): using free space tree [ 113.808844][ T4380] BTRFS warning (device loop5): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 113.812130][ T5986] BTRFS error (device loop5): failed to load root extent [ 113.813542][ T5986] BTRFS warning (device loop5): try to load backup roots slot 1 [ 113.815029][ T5022] BTRFS warning (device loop5): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 113.820810][ T5986] BTRFS warning (device loop5): couldn't read tree root [ 113.827984][ T5986] BTRFS warning (device loop5): try to load backup roots slot 2 [ 113.829932][ T5986] BTRFS error (device loop5): parent transid verify failed on logical 5255168 mirror 1 wanted 5 found 7 [ 113.832270][ T5986] BTRFS warning (device loop5): couldn't read tree root [ 113.834444][ T5986] BTRFS warning (device loop5): try to load backup roots slot 3 [ 113.837936][ T5986] BTRFS info (device loop5): enabling ssd optimizations [ 113.839795][ T5986] BTRFS info (device loop5): rebuilding free space tree [ 113.860383][ T5986] BTRFS info (device loop5): checking UUID tree [ 114.036384][ T6019] loop4: detected capacity change from 0 to 256 [ 114.041225][ T6019] exfat: Deprecated parameter 'utf8' [ 114.042175][ T6019] exfat: Deprecated parameter 'namecase' [ 114.043396][ T6019] exfat: Deprecated parameter 'namecase' [ 114.044374][ T6019] exfat: Deprecated parameter 'utf8' [ 114.067111][ T6019] exFAT-fs (loop4): failed to load upcase table (idx : 0x00012153, chksum : 0x6a70c931, utbl_chksum : 0xe619d30d) [ 114.827273][ T5089] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 114.882590][ T6021] syz.0.468 uses obsolete (PF_INET,SOCK_PACKET) [ 115.315969][ T6036] device syzkaller0 entered promiscuous mode [ 115.404427][ T27] audit: type=1326 audit(115.390:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6039 comm="syz.5.467" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff891771a8 code=0x0 [ 116.306690][ T6057] loop4: detected capacity change from 0 to 512 [ 116.333540][ T6057] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 116.389614][ T6062] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 116.419721][ T6057] EXT4-fs (loop4): 1 truncate cleaned up [ 116.480578][ T6065] loop1: detected capacity change from 0 to 128 [ 117.310417][ T6057] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 117.407829][ T6067] netlink: 20 bytes leftover after parsing attributes in process `syz.2.481'. [ 117.410691][ T6067] device ip6gre1 entered promiscuous mode [ 117.565152][ T6072] loop0: detected capacity change from 0 to 256 [ 117.569315][ T6072] exfat: Deprecated parameter 'utf8' [ 117.570277][ T6072] exfat: Deprecated parameter 'namecase' [ 117.571294][ T6072] exfat: Deprecated parameter 'namecase' [ 117.572362][ T6072] exfat: Deprecated parameter 'utf8' [ 117.606343][ T6072] exFAT-fs (loop0): failed to load upcase table (idx : 0x00012153, chksum : 0x6a70c931, utbl_chksum : 0xe619d30d) [ 117.768209][ T6070] netlink: 'syz.2.481': attribute type 6 has an invalid length. [ 117.773805][ T6070] netlink: 20 bytes leftover after parsing attributes in process `syz.2.481'. [ 118.498989][ T6057] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 118.501638][ T6057] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 119.794308][ T4333] EXT4-fs (loop4): unmounting filesystem. [ 119.899173][ T6095] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 119.900560][ T6095] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 119.901837][ T6095] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 119.903111][ T6095] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 119.904438][ T6095] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 119.905696][ T6095] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 119.906941][ T6095] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 119.908288][ T6095] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 119.909579][ T6095] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 119.910852][ T6095] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 120.778080][ T6105] loop4: detected capacity change from 0 to 4096 [ 120.874791][ T6111] netlink: 24 bytes leftover after parsing attributes in process `syz.2.497'. [ 121.252141][ T6120] netlink: 10 bytes leftover after parsing attributes in process `syz.4.500'. [ 122.213548][ T6139] loop5: detected capacity change from 0 to 256 [ 122.215050][ T6139] exfat: Deprecated parameter 'utf8' [ 122.215954][ T6139] exfat: Deprecated parameter 'namecase' [ 122.216950][ T6139] exfat: Deprecated parameter 'namecase' [ 122.217852][ T6139] exfat: Deprecated parameter 'utf8' [ 122.235277][ T6139] exFAT-fs (loop5): failed to load upcase table (idx : 0x00012153, chksum : 0x6a70c931, utbl_chksum : 0xe619d30d) [ 123.386912][ T6159] loop4: detected capacity change from 0 to 32768 [ 123.404440][ T6159] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.510 (6159) [ 123.410944][ T6159] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 123.414085][ T6159] BTRFS info (device loop4): using crc32c (crc32c-generic) checksum algorithm [ 123.415662][ T6159] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 123.417311][ T6159] BTRFS info (device loop4): use zstd compression, level 3 [ 123.418601][ T6159] BTRFS info (device loop4): using free space tree [ 123.563260][ T6159] BTRFS info (device loop4): enabling ssd optimizations [ 123.602733][ T4333] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 125.933202][ T2061] ieee802154 phy0 wpan0: encryption failed: -22 [ 125.934281][ T2061] ieee802154 phy1 wpan1: encryption failed: -22 [ 127.153455][ T6228] loop5: detected capacity change from 0 to 512 [ 127.157007][ T6228] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 127.182910][ T6228] EXT4-fs error (device loop5): ext4_orphan_get:1399: inode #15: comm syz.5.525: iget: bad i_size value: 38620345925642 [ 127.185442][ T6228] EXT4-fs error (device loop5): ext4_orphan_get:1404: comm syz.5.525: couldn't read orphan inode 15 (err -117) [ 127.187674][ T6228] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 127.270537][ T5089] EXT4-fs (loop5): unmounting filesystem. [ 127.466824][ T6253] loop1: detected capacity change from 0 to 512 [ 127.627558][ T6265] loop4: detected capacity change from 0 to 512 [ 127.662679][ T6265] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a816c018, mo2=0002] [ 127.664353][ T6265] System zones: 0-2, 18-18, 34-35 [ 127.667015][ T6265] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 127.996621][ T6262] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.999018][ T6262] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.324397][ T6276] loop0: detected capacity change from 0 to 512 [ 128.348358][ T6276] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 128.377588][ T6276] EXT4-fs (loop0): 1 truncate cleaned up [ 128.381196][ T6276] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 128.536446][ T4333] EXT4-fs (loop4): unmounting filesystem. [ 128.639203][ T6284] loop1: detected capacity change from 0 to 256 [ 129.468959][ T6290] loop4: detected capacity change from 0 to 128 [ 129.498193][ T6290] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 130.098345][ T6262] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 130.133404][ T6262] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 130.302975][ T4370] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 130.319763][ T4333] EXT4-fs (loop4): unmounting filesystem. [ 130.482960][ T4370] usb 1-1: Using ep0 maxpacket: 16 [ 130.485917][ T4370] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 130.487656][ T4370] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 6 [ 130.490257][ T4370] usb 1-1: New USB device found, idVendor=05a4, idProduct=1700, bcdDevice= 0.00 [ 130.491749][ T4370] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.495118][ T4370] usb 1-1: config 0 descriptor?? [ 130.499174][ T4370] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 130.539748][ T6262] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.541142][ T6262] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.542611][ T6262] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.812956][ T6262] netdevsim netdevsim5 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 130.814426][ T6262] netdevsim netdevsim5 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 130.815890][ T6262] netdevsim netdevsim5 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 130.857777][ T6262] device bond1 left promiscuous mode [ 130.859709][ T6294] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 130.913661][ T6296] sch_tbf: burst 6281 is lower than device lo mtu (65550) ! [ 131.589357][ T6314] loop4: detected capacity change from 0 to 1024 [ 131.609631][ T6314] EXT4-fs: Ignoring removed oldalloc option [ 131.618104][ T6314] EXT4-fs: Ignoring removed bh option [ 131.627784][ T6314] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 131.688035][ T6314] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 131.981604][ T6321] binder: 6320:6321 tried to acquire reference to desc 0, got 1 instead [ 131.986102][ T4333] EXT4-fs (loop4): unmounting filesystem. [ 132.052885][ T4371] binder: undelivered TRANSACTION_COMPLETE [ 132.072850][ T4371] binder: undelivered transaction 118, process died. [ 132.908007][ T4848] usb 1-1: USB disconnect, device number 3 [ 133.032580][ T4329] EXT4-fs (loop0): unmounting filesystem. [ 134.779093][ T6364] binder: 6362:6364 tried to acquire reference to desc 0, got 1 instead [ 134.786047][ T6364] binder: 6362:6364 got reply transaction with bad transaction stack, transaction 123 has target 6362:0 [ 134.787997][ T6364] binder: 6362:6364 transaction reply to 0:0 failed 124/29201/-71, size 0-0 line 2961 [ 134.801431][ T6364] binder: 6362:6364 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 134.811959][ T6364] binder: 6364 RLIMIT_NICE not set [ 134.813402][ T6364] binder: 6364 RLIMIT_NICE not set [ 134.817988][ T6364] binder: 6364 RLIMIT_NICE not set [ 134.820096][ T6364] binder_alloc: 6362: binder_alloc_buf, no vma [ 134.826247][ T6364] binder: cannot allocate buffer: vma cleared, target dead or dying [ 134.826289][ T6364] binder: 6362:6364 transaction reply to 6362:6364 failed 125/29189/-3, size 0-0 line 3230 [ 134.848075][ T6364] binder: send failed reply for transaction 123 to 6362:6364 [ 134.852292][ T4848] binder: undelivered TRANSACTION_COMPLETE [ 134.853253][ T4848] binder: undelivered TRANSACTION_ERROR: 29201 [ 134.854295][ T4848] binder: undelivered TRANSACTION_ERROR: 29189 [ 134.876764][ T4848] binder: undelivered TRANSACTION_ERROR: 29190 [ 137.740537][ T6416] loop0: detected capacity change from 0 to 16 [ 137.749299][ T6416] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 139.614969][ T6424] binder: 6423:6424 tried to acquire reference to desc 0, got 1 instead [ 139.617789][ T6424] binder: 6423:6424 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 139.621197][ T6424] binder: 6424 RLIMIT_NICE not set [ 139.635149][ T6424] binder: 6424 RLIMIT_NICE not set [ 139.636055][ T6424] binder: send failed reply for transaction 130 to 6423:6424 [ 139.637334][ T6424] binder: 6423:6424 transaction 130 fd fixups failed 29201/-12, line 4667 [ 139.638692][ T6424] binder: 6423:6424 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 139.640737][ T6424] binder: 6424 RLIMIT_NICE not set [ 140.342984][ T6432] device syzkaller0 entered promiscuous mode [ 140.419170][ T6438] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000000000009 [ 140.464033][ T4370] binder: undelivered TRANSACTION_COMPLETE [ 140.465010][ T4370] binder: undelivered TRANSACTION_ERROR: 29201 [ 140.520676][ T6448] loop1: detected capacity change from 0 to 128 [ 140.565969][ T6448] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 140.569204][ T6448] hpfs: filesystem error: improperly stopped [ 140.570167][ T6448] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 140.571459][ T6448] hpfs: You really don't want any checks? You are crazy... [ 140.579943][ T6448] hpfs: hpfs_map_sector(): read error [ 140.580830][ T6448] hpfs: code page support is disabled [ 140.582203][ T6448] hpfs: hpfs_map_4sectors(): unaligned read [ 140.594101][ T6448] hpfs: hpfs_map_4sectors(): unaligned read [ 140.595080][ T6448] hpfs: filesystem error: unable to find root dir [ 140.961405][ T6448] hpfs: hpfs_map_4sectors(): unaligned read [ 140.962721][ T6448] hpfs: filesystem error: invalid bitmap block pointer 00000000 -> 7b3184b5 at aib [ 140.975450][ T6448] hpfs: hpfs_map_4sectors(): unaligned read [ 140.976466][ T6448] hpfs: filesystem error: invalid bitmap block pointer 00000000 -> 7b3184b5 at aib [ 140.979687][ T6448] hpfs: filesystem error: invalid bitmap block pointer 00000000 -> 7b3184b5 at trim [ 141.008755][ T6464] netlink: 'syz.2.588': attribute type 13 has an invalid length. [ 141.020949][ T6464] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 141.086890][ T6466] loop1: detected capacity change from 0 to 512 [ 141.101838][ T6466] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 141.111619][ T6466] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #15: comm syz.1.589: iget: bad i_size value: 38620345925642 [ 141.120073][ T6466] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.589: couldn't read orphan inode 15 (err -117) [ 141.123158][ T6466] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 141.180374][ T4321] EXT4-fs (loop1): unmounting filesystem. [ 142.783787][ T6507] netlink: 'syz.4.605': attribute type 13 has an invalid length. [ 143.931649][ T6520] binder: 6518:6520 tried to acquire reference to desc 0, got 1 instead [ 143.935831][ T6520] binder: 6518:6520 got transaction with invalid fd, -1 [ 143.936952][ T6520] binder: 6520:6518 translate fd failed [ 143.946296][ T6520] binder: 6518:6520 transaction call to 6518:0 failed 146/29201/-9, size 80-24 line 3415 [ 143.959485][ T4371] binder: release 6518:6520 transaction 139 out, still active [ 143.960733][ T4371] binder: undelivered TRANSACTION_COMPLETE [ 143.962140][ T4371] binder: undelivered TRANSACTION_ERROR: 29201 [ 143.966591][ T4371] binder: send failed reply for transaction 139, target dead [ 144.308766][ T6537] device syzkaller0 entered promiscuous mode [ 144.788757][ T6547] netlink: 4 bytes leftover after parsing attributes in process `syz.2.617'. [ 144.792621][ T6547] netlink: 24 bytes leftover after parsing attributes in process `syz.2.617'. [ 146.447939][ T27] audit: type=1326 audit(146.430:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6570 comm="syz.0.624" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff951771a8 code=0x7ffc0000 [ 146.451366][ T27] audit: type=1326 audit(146.430:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6570 comm="syz.0.624" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff951771a8 code=0x7ffc0000 [ 146.531671][ T6577] loop1: detected capacity change from 0 to 1024 [ 146.535942][ T6577] journal_path: Lookup failure for './file0/../file0' [ 146.537068][ T6577] EXT4-fs: error: could not find journal device path [ 147.134111][ T27] audit: type=1326 audit(147.040:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6570 comm="syz.0.624" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=8 compat=0 ip=0xffff951771a8 code=0x7ffc0000 [ 147.160864][ T27] audit: type=1326 audit(147.040:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6570 comm="syz.0.624" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff951771a8 code=0x7ffc0000 [ 147.231776][ T27] audit: type=1326 audit(147.040:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6570 comm="syz.0.624" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff951771a8 code=0x7ffc0000 [ 147.388639][ T27] audit: type=1326 audit(147.350:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6570 comm="syz.0.624" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff9515a06c code=0x7ffc0000 [ 147.392200][ T27] audit: type=1326 audit(147.350:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6570 comm="syz.0.624" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff9515a06c code=0x7ffc0000 [ 147.412952][ T27] audit: type=1326 audit(147.350:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6570 comm="syz.0.624" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff951771a8 code=0x7ffc0000 [ 147.416492][ T27] audit: type=1326 audit(147.350:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6570 comm="syz.0.624" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff951771a8 code=0x7ffc0000 [ 147.439024][ T27] audit: type=1326 audit(147.350:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6570 comm="syz.0.624" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=40 compat=0 ip=0xffff951771a8 code=0x7ffc0000 [ 149.024260][ T6615] device syzkaller0 entered promiscuous mode [ 149.281234][ T6631] netlink: 24 bytes leftover after parsing attributes in process `syz.2.643'. [ 149.387660][ T6635] loop4: detected capacity change from 0 to 1024 [ 149.389140][ T6635] journal_path: Lookup failure for './file0/../file0' [ 149.390197][ T6635] EXT4-fs: error: could not find journal device path [ 150.667543][ T6647] loop4: detected capacity change from 0 to 16 [ 150.675860][ T6647] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 151.579120][ T6661] device syzkaller0 entered promiscuous mode [ 151.996545][ T6668] loop5: detected capacity change from 0 to 512 [ 151.998270][ T6668] EXT4-fs: Ignoring removed mblk_io_submit option [ 152.373229][ T6668] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 152.538939][ T6668] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 152.712689][ T6681] netlink: 4 bytes leftover after parsing attributes in process `syz.2.653'. [ 152.718745][ T5089] EXT4-fs (loop5): unmounting filesystem. [ 152.724388][ T6680] netlink: 4 bytes leftover after parsing attributes in process `syz.2.653'. [ 153.303484][ T6696] loop5: detected capacity change from 0 to 1024 [ 153.305101][ T6696] journal_path: Lookup failure for './file0/../file0' [ 153.306458][ T6696] EXT4-fs: error: could not find journal device path [ 153.820776][ T4332] Bluetooth: hci2: command 0x0406 tx timeout [ 153.821524][ T4331] Bluetooth: hci4: command 0x0406 tx timeout [ 153.821547][ T4327] Bluetooth: hci1: command 0x0406 tx timeout [ 153.824622][ T4331] Bluetooth: hci3: command 0x0406 tx timeout [ 154.390142][ T6706] loop1: detected capacity change from 0 to 16 [ 154.393848][ T6706] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 155.359017][ T27] kauditd_printk_skb: 20 callbacks suppressed [ 155.359028][ T27] audit: type=1326 audit(155.340:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6716 comm="syz.4.666" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa49771a8 code=0x7ffc0000 [ 155.363957][ T27] audit: type=1326 audit(155.340:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6716 comm="syz.4.666" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffa49771a8 code=0x7ffc0000 [ 155.367289][ T27] audit: type=1326 audit(155.340:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6716 comm="syz.4.666" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa49771a8 code=0x7ffc0000 [ 155.370699][ T27] audit: type=1326 audit(155.340:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6716 comm="syz.4.666" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffa49771a8 code=0x7ffc0000 [ 155.380280][ T6720] netlink: 1347 bytes leftover after parsing attributes in process `syz.4.666'. [ 155.388080][ T27] audit: type=1326 audit(155.340:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6716 comm="syz.4.666" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa49771a8 code=0x7ffc0000 [ 155.391701][ T27] audit: type=1326 audit(155.340:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6716 comm="syz.4.666" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=206 compat=0 ip=0xffffa49771a8 code=0x7ffc0000 [ 155.397089][ T27] audit: type=1326 audit(155.360:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6716 comm="syz.4.666" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa49771a8 code=0x7ffc0000 [ 155.475757][ T27] audit: type=1326 audit(155.360:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6716 comm="syz.4.666" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa49771a8 code=0x7ffc0000 [ 155.479252][ T27] audit: type=1326 audit(155.360:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6716 comm="syz.4.666" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=207 compat=0 ip=0xffffa49771a8 code=0x7ffc0000 [ 155.482720][ T27] audit: type=1326 audit(155.360:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6716 comm="syz.4.666" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa49771a8 code=0x7ffc0000 [ 156.379445][ T6730] netlink: 16 bytes leftover after parsing attributes in process `syz.4.668'. [ 156.419807][ T6745] netlink: 12 bytes leftover after parsing attributes in process `syz.4.674'. [ 156.430506][ T6745] 8021q: adding VLAN 0 to HW filter on device bond2 [ 156.449295][ T6745] device bond2 entered promiscuous mode [ 156.460538][ T6745] 8021q: adding VLAN 0 to HW filter on device bond2 [ 156.463691][ T6745] team0: Port device bond2 added [ 156.969054][ T6745] device ip6gretap1 entered promiscuous mode [ 156.971080][ T6745] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link [ 156.975095][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 157.085548][ T6752] binder: 6751:6752 tried to acquire reference to desc 0, got 1 instead [ 157.090716][ T4848] binder: release 6751:6752 transaction 151 out, still active [ 157.092066][ T4848] binder: undelivered TRANSACTION_COMPLETE [ 157.114904][ T4375] binder: send failed reply for transaction 151, target dead [ 157.186727][ T6759] loop1: detected capacity change from 0 to 1024 [ 157.192167][ T6762] netlink: 'syz.2.680': attribute type 1 has an invalid length. [ 157.200769][ T6762] 8021q: adding VLAN 0 to HW filter on device bond2 [ 157.203220][ T6759] EXT4-fs: Ignoring removed oldalloc option [ 157.204217][ T6759] EXT4-fs: Ignoring removed bh option [ 157.224424][ T6762] netlink: 12 bytes leftover after parsing attributes in process `syz.2.680'. [ 157.231688][ T6762] bond2: (slave gretap1): making interface the new active one [ 157.235042][ T6762] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 157.279834][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 157.684859][ T6767] loop0: detected capacity change from 0 to 1024 [ 157.686446][ T6767] journal_path: Lookup failure for './file0/../file0' [ 157.687732][ T6767] EXT4-fs: error: could not find journal device path [ 157.748208][ T6759] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 157.857238][ T4968] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 158.563284][ T6759] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 158.599278][ T6777] netlink: 12 bytes leftover after parsing attributes in process `syz.5.683'. [ 158.648885][ T6777] bond2: (slave gretap0): Enslaving as an active interface with an up link [ 158.681274][ T6777] bond2 (unregistering): (slave gretap0): Releasing backup interface [ 158.749154][ T6777] bond2 (unregistering): Released all slaves [ 158.800315][ T4321] EXT4-fs (loop1): unmounting filesystem. [ 159.459552][ T6785] block nbd1: shutting down sockets [ 159.659029][ T6813] device syzkaller0 entered promiscuous mode [ 160.147762][ T6827] loop4: detected capacity change from 0 to 1024 [ 160.149567][ T6827] EXT4-fs: Ignoring removed bh option [ 160.150445][ T6827] EXT4-fs: Ignoring removed oldalloc option [ 160.151378][ T6827] EXT4-fs: Ignoring removed nomblk_io_submit option [ 160.153904][ T6827] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 160.180500][ T6827] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e841c01c, mo2=0003] [ 160.182098][ T6827] System zones: 0-1, 3-36 [ 160.188865][ T6827] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 161.069719][ T6833] loop0: detected capacity change from 0 to 1024 [ 161.071203][ T6833] EXT4-fs: Ignoring removed oldalloc option [ 161.072074][ T6833] EXT4-fs: Ignoring removed bh option [ 161.205779][ T6833] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 161.778219][ T6833] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 162.118275][ T6844] loop1: detected capacity change from 0 to 1024 [ 162.121617][ T6844] journal_path: Lookup failure for './file0/../file0' [ 162.122801][ T6844] EXT4-fs: error: could not find journal device path [ 162.946224][ T4333] EXT4-fs (loop4): unmounting filesystem. [ 162.997666][ T4329] EXT4-fs (loop0): unmounting filesystem. [ 163.268583][ T6860] device syzkaller0 entered promiscuous mode [ 163.271928][ T6862] netlink: 12 bytes leftover after parsing attributes in process `syz.4.701'. [ 163.617608][ T6862] bond3: (slave gretap0): Enslaving as an active interface with an up link [ 163.622255][ T6865] bond3 (unregistering): (slave gretap0): Releasing backup interface [ 163.666774][ T6865] bond3 (unregistering): Released all slaves [ 163.685769][ T6866] Injecting memory failure for pfn 0x14936b at process virtual address 0x20b6b000 [ 163.692626][ T6866] Memory failure: 0x14936b: recovery action for unsplit thp: Ignored [ 165.946465][ T6893] netlink: 'syz.1.712': attribute type 1 has an invalid length. [ 165.966280][ T6893] 8021q: adding VLAN 0 to HW filter on device bond1 [ 166.739399][ T6893] device ipip0 entered promiscuous mode [ 166.747173][ T6893] 8021q: adding VLAN 0 to HW filter on device bond1 [ 166.748531][ T6893] bond1: (slave ipip0): The slave device specified does not support setting the MAC address [ 166.750875][ T6893] bond1: (slave ipip0): Error -95 calling set_mac_address [ 166.818617][ T6893] bond1: (slave ip6gretap1): making interface the new active one [ 166.820356][ T6893] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 166.861899][ T6907] lo: Caught tx_queue_len zero misconfig [ 166.965873][ T6910] device syzkaller0 entered promiscuous mode [ 166.980290][ T6916] netlink: 'syz.2.720': attribute type 1 has an invalid length. [ 167.296369][ T6916] bond3: (slave veth7): Enslaving as an active interface with a down link [ 167.413696][ T6916] bond3: (slave dummy0): making interface the new active one [ 167.415451][ T6916] bond3: (slave dummy0): Enslaving as an active interface with an up link [ 167.416941][ T6921] netlink: 14 bytes leftover after parsing attributes in process `syz.2.720'. [ 167.513681][ T6921] bond3: (slave dummy0): Releasing active interface [ 167.685025][ T6929] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 168.529938][ T6951] device syzkaller0 entered promiscuous mode [ 169.769571][ T6963] netlink: 16 bytes leftover after parsing attributes in process `syz.0.733'. [ 170.113912][ T6968] loop4: detected capacity change from 0 to 256 [ 170.136379][ T6968] FAT-fs (loop4): Directory bread(block 64) failed [ 170.137617][ T6968] FAT-fs (loop4): Directory bread(block 65) failed [ 170.138834][ T6968] FAT-fs (loop4): Directory bread(block 66) failed [ 170.140044][ T6968] FAT-fs (loop4): Directory bread(block 67) failed [ 170.141134][ T6968] FAT-fs (loop4): Directory bread(block 68) failed [ 170.142142][ T6968] FAT-fs (loop4): Directory bread(block 69) failed [ 170.143593][ T6968] FAT-fs (loop4): Directory bread(block 70) failed [ 170.144574][ T6968] FAT-fs (loop4): Directory bread(block 71) failed [ 170.145934][ T6968] FAT-fs (loop4): Directory bread(block 72) failed [ 170.147052][ T6968] FAT-fs (loop4): Directory bread(block 73) failed [ 170.919042][ T6980] Unsupported ieee802154 address type: 0 [ 171.571221][ T6986] netlink: 12 bytes leftover after parsing attributes in process `syz.5.739'. [ 171.921462][ T6989] netlink: 12 bytes leftover after parsing attributes in process `syz.1.740'. [ 172.419934][ T6989] bond2: (slave gretap0): Enslaving as an active interface with an up link [ 172.424662][ T6997] bond2 (unregistering): (slave gretap0): Releasing backup interface [ 172.468352][ T6997] bond2 (unregistering): Released all slaves [ 172.576164][ T7013] netlink: 4 bytes leftover after parsing attributes in process `syz.2.746'. [ 172.641271][ T7011] loop4: detected capacity change from 0 to 40427 [ 172.645323][ T7011] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 172.647214][ T7011] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 172.651489][ T7011] F2FS-fs (loop4): invalid crc value [ 172.657780][ T7011] F2FS-fs (loop4): Found nat_bits in checkpoint [ 172.678729][ T7011] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 172.680090][ T7011] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 172.818006][ T7018] netlink: 8 bytes leftover after parsing attributes in process `syz.4.745'. [ 173.384333][ T7023] netlink: 16 bytes leftover after parsing attributes in process `syz.1.748'. [ 173.823644][ T7025] loop5: detected capacity change from 0 to 1764 [ 177.039927][ T7084] netlink: 16 bytes leftover after parsing attributes in process `syz.5.766'. [ 178.107876][ T7104] 9pnet: p9_errstr2errno: server reported unknown error ÈVmI®LÓâ—…N [ 180.867482][ T4332] Bluetooth: hci4: Malformed Event: 0x48 [ 181.399465][ T7157] netlink: 8 bytes leftover after parsing attributes in process `syz.4.789'. [ 181.439298][ T7159] loop4: detected capacity change from 0 to 256 [ 182.265477][ T7175] loop1: detected capacity change from 0 to 256 [ 183.460119][ T7182] loop1: detected capacity change from 0 to 32768 [ 183.486328][ T7184] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 183.492534][ T7184] fuse: Bad value for 'user_id' [ 183.504003][ T7184] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 183.589729][ T7182] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 183.829772][ T7195] loop5: detected capacity change from 0 to 1024 [ 184.036561][ T7197] loop0: detected capacity change from 0 to 16 [ 184.041950][ T7197] erofs: (device loop0): mounted with root inode @ nid 36. [ 184.054972][ T7197] erofs: (device loop0): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 184.056747][ T7197] erofs: (device loop0): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535 [ 184.058215][ T7197] erofs: (device loop0): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 184.059805][ T7197] erofs: (device loop0): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535 [ 184.061352][ T7197] erofs: (device loop0): z_erofs_read_folio: failed to read, err [-117] [ 184.081458][ T7201] netlink: 4 bytes leftover after parsing attributes in process `syz.4.804'. [ 184.086319][ T7201] device bridge_slave_1 left promiscuous mode [ 184.101012][ T7201] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.159966][ T7201] device bridge_slave_0 left promiscuous mode [ 184.161817][ T7201] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.829076][ T4996] hfsplus: b-tree write err: -5, ino 25 [ 184.830999][ T4996] hfsplus: b-tree write err: -5, ino 4 [ 184.838011][ T4996] hfsplus: b-tree write err: -5, ino 2 [ 184.889719][ T4321] (syz-executor,4321,1):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 76 [ 184.897776][ T4321] ocfs2: Unmounting device (7,1) on (node local) [ 185.223562][ T7225] loop0: detected capacity change from 0 to 64 [ 185.498817][ T7232] binder: 7229:7232 tried to acquire reference to desc 0, got 1 instead [ 185.891979][ T7237] binder: 7236:7237 tried to acquire reference to desc 0, got 1 instead [ 185.893849][ T7237] binder: 7236:7237 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 185.895836][ T7237] binder: 7237 RLIMIT_NICE not set [ 185.896699][ T7237] binder: 7237 RLIMIT_NICE not set [ 185.897646][ T7237] binder: send failed reply for transaction 168 to 7236:7237 [ 185.898852][ T7237] binder: 7236:7237 ioctl c0306201 20000240 returned -14 [ 186.194289][ T4375] binder: undelivered TRANSACTION_COMPLETE [ 186.195398][ T4375] binder: undelivered TRANSACTION_ERROR: 29201 [ 186.299237][ T7245] netlink: 12 bytes leftover after parsing attributes in process `syz.4.816'. [ 186.315876][ T4848] binder: release 7229:7232 transaction 156 out, still active [ 186.317149][ T4848] binder: undelivered TRANSACTION_COMPLETE [ 186.318182][ T4848] binder: send failed reply for transaction 163 to 7229:7232 [ 186.319629][ T4848] binder: undelivered TRANSACTION_COMPLETE [ 186.320624][ T4848] binder: undelivered TRANSACTION_ERROR: 29189 [ 186.321786][ T4848] binder: send failed reply for transaction 156, target dead [ 186.336501][ T7245] 8021q: adding VLAN 0 to HW filter on device bond4 [ 186.339741][ T7245] bond3: (slave bond4): Enslaving as an active interface with an up link [ 186.359117][ T7245] bond3: (slave gretap1): Enslaving as an active interface with an up link [ 186.366933][ T7245] bond3: (slave gretap1): Error: Slave device does not support XDP [ 186.442547][ T7258] binder: 7257:7258 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 186.448525][ T7258] binder: 7257:7258 got transaction to invalid handle, 1 [ 186.449782][ T7258] binder: 7258:7257 cannot find target node [ 186.451029][ T7258] binder: 7257:7258 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 186.453097][ T7258] binder: 7258 RLIMIT_NICE not set [ 186.454004][ T7258] binder: 7257:7258 ioctl c0306201 20000240 returned -11 [ 186.455354][ T7258] binder: 7257:7258 got reply transaction with no transaction stack [ 187.018014][ T7269] loop5: detected capacity change from 0 to 256 [ 187.052361][ T7269] FAT-fs (loop5): Directory bread(block 64) failed [ 187.053651][ T7269] FAT-fs (loop5): Directory bread(block 65) failed [ 187.054988][ T7269] FAT-fs (loop5): Directory bread(block 66) failed [ 187.056246][ T7269] FAT-fs (loop5): Directory bread(block 67) failed [ 187.057505][ T7269] FAT-fs (loop5): Directory bread(block 68) failed [ 187.058711][ T7269] FAT-fs (loop5): Directory bread(block 69) failed [ 187.060062][ T7269] FAT-fs (loop5): Directory bread(block 70) failed [ 187.061212][ T7269] FAT-fs (loop5): Directory bread(block 71) failed [ 187.062520][ T7269] FAT-fs (loop5): Directory bread(block 72) failed [ 187.063700][ T7269] FAT-fs (loop5): Directory bread(block 73) failed [ 187.375706][ T2061] ieee802154 phy0 wpan0: encryption failed: -22 [ 187.378409][ T2061] ieee802154 phy1 wpan1: encryption failed: -22 [ 188.214210][ T7217] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 188.409566][ T7284] netlink: 'syz.1.827': attribute type 1 has an invalid length. [ 188.668655][ T7301] ================================================================== [ 188.670030][ T7301] BUG: KASAN: use-after-free in ieee80211_monitor_select_queue+0x20c/0x210 [ 188.671413][ T7301] Read of size 2 at addr ffff0000debdddfb by task syz.4.831/7301 [ 188.672614][ T7301] [ 188.673045][ T7301] CPU: 1 PID: 7301 Comm: syz.4.831 Not tainted syzkaller #0 [ 188.674346][ T7301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026 [ 188.675973][ T7301] Call trace: [ 188.676490][ T7301] dump_backtrace+0x1c0/0x1ec [ 188.677376][ T7301] show_stack+0x2c/0x3c [ 188.678123][ T7301] __dump_stack+0x30/0x40 [ 188.678858][ T7301] dump_stack_lvl+0xf4/0x15c [ 188.679653][ T7301] print_address_description+0x88/0x218 [ 188.680625][ T7301] print_report+0x50/0x68 [ 188.681353][ T7301] kasan_report+0xa8/0xfc [ 188.682109][ T7301] __asan_report_load2_noabort+0x2c/0x38 [ 188.683029][ T7301] ieee80211_monitor_select_queue+0x20c/0x210 [ 188.684076][ T7301] netdev_core_pick_tx+0x130/0x320 [ 188.684977][ T7301] __dev_queue_xmit+0x738/0x3118 [ 188.685845][ T7301] dev_queue_xmit+0x24/0x34 [ 188.686588][ T7301] packet_sendmsg+0x2f9c/0x3fd0 [ 188.687387][ T7301] ____sys_sendmsg+0x5c8/0x938 [ 188.688187][ T7301] __sys_sendmsg+0x288/0x374 [ 188.688949][ T7301] __arm64_sys_sendmsg+0x80/0x94 [ 188.689782][ T7301] invoke_syscall+0x98/0x2b4 [ 188.690605][ T7301] el0_svc_common+0x138/0x258 [ 188.691410][ T7301] do_el0_svc+0x58/0x130 [ 188.692112][ T7301] el0_svc+0x58/0x128 [ 188.692782][ T7301] el0t_64_sync_handler+0x84/0xf0 [ 188.693650][ T7301] el0t_64_sync+0x18c/0x190 [ 188.694355][ T7301] [ 188.694724][ T7301] Allocated by task 4602: [ 188.695412][ T7301] kasan_set_track+0x4c/0x80 [ 188.696182][ T7301] kasan_save_alloc_info+0x24/0x30 [ 188.697022][ T7301] __kasan_kmalloc+0xa0/0xb8 [ 188.697797][ T7301] kmalloc_trace+0x7c/0x94 [ 188.698603][ T7301] batadv_forw_packet_alloc+0x19c/0x3b0 [ 188.699571][ T7301] batadv_iv_ogm_queue_add+0x6f4/0xb74 [ 188.700484][ T7301] batadv_iv_ogm_schedule+0x994/0xd48 [ 188.701431][ T7301] batadv_iv_send_outstanding_bat_ogm_packet+0x6f8/0x858 [ 188.702559][ T7301] process_one_work+0x7f8/0x13a4 [ 188.703375][ T7301] worker_thread+0x8c4/0xfec [ 188.704150][ T7301] kthread+0x250/0x2d8 [ 188.704820][ T7301] ret_from_fork+0x10/0x20 [ 188.705531][ T7301] [ 188.705898][ T7301] Last potentially related work creation: [ 188.706814][ T7301] kasan_save_stack+0x40/0x70 [ 188.707638][ T7301] __kasan_record_aux_stack+0xc0/0xdc [ 188.708561][ T7301] kasan_record_aux_stack_noalloc+0x14/0x20 [ 188.709538][ T7301] insert_work+0x64/0x37c [ 188.710320][ T7301] __queue_work+0xcbc/0x1234 [ 188.711118][ T7301] delayed_work_timer_fn+0x74/0x90 [ 188.711935][ T7301] call_timer_fn+0x1b8/0x95c [ 188.712753][ T7301] __run_timers+0x4d0/0x6f0 [ 188.713493][ T7301] run_timer_softirq+0x7c/0x114 [ 188.714285][ T7301] handle_softirqs+0x318/0xc60 [ 188.715046][ T7301] __do_softirq+0x14/0x20 [ 188.715725][ T7301] [ 188.716128][ T7301] Second to last potentially related work creation: [ 188.717159][ T7301] kasan_save_stack+0x40/0x70 [ 188.717893][ T7301] __kasan_record_aux_stack+0xc0/0xdc [ 188.718737][ T7301] kasan_record_aux_stack_noalloc+0x14/0x20 [ 188.719691][ T7301] kvfree_call_rcu+0xb4/0x6e8 [ 188.720449][ T7301] drop_sysctl_table+0x278/0x3c0 [ 188.721296][ T7301] drop_sysctl_table+0x298/0x3c0 [ 188.722072][ T7301] unregister_sysctl_table+0x90/0x130 [ 188.722993][ T7301] unregister_net_sysctl_table+0x20/0x30 [ 188.723947][ T7301] inetdev_event+0x55c/0x12d8 [ 188.724722][ T7301] raw_notifier_call_chain+0xd4/0x164 [ 188.725568][ T7301] unregister_netdevice_many+0xe6c/0x177c [ 188.726514][ T7301] unregister_netdevice_queue+0x2b0/0x304 [ 188.727463][ T7301] __tun_detach+0xb04/0x1224 [ 188.728168][ T7301] tun_chr_close+0x118/0x1f4 [ 188.728958][ T7301] __fput+0x1bc/0x7b8 [ 188.729674][ T7301] ____fput+0x20/0x30 [ 188.730383][ T7301] task_work_run+0x1ec/0x278 [ 188.731150][ T7301] do_notify_resume+0x1fa0/0x2aa4 [ 188.731986][ T7301] el0_svc+0x98/0x128 [ 188.732671][ T7301] el0t_64_sync_handler+0x84/0xf0 [ 188.733478][ T7301] el0t_64_sync+0x18c/0x190 [ 188.734198][ T7301] [ 188.734586][ T7301] The buggy address belongs to the object at ffff0000debddc00 [ 188.734586][ T7301] which belongs to the cache kmalloc-512 of size 512 [ 188.736928][ T7301] The buggy address is located 507 bytes inside of [ 188.736928][ T7301] 512-byte region [ffff0000debddc00, ffff0000debdde00) [ 188.739151][ T7301] [ 188.739551][ T7301] The buggy address belongs to the physical page: [ 188.740698][ T7301] page:00000000324adb88 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff0000debdec00 pfn:0x11ebdc [ 188.742763][ T7301] head:00000000324adb88 order:2 compound_mapcount:0 compound_pincount:0 [ 188.744079][ T7301] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 188.745339][ T7301] raw: 05ffc00000010200 fffffc0003cf3608 fffffc0003df7208 ffff0000c0002600 [ 188.746655][ T7301] raw: ffff0000debdec00 0000000000100008 00000001ffffffff 0000000000000000 [ 188.747986][ T7301] page dumped because: kasan: bad access detected [ 188.748938][ T7301] [ 188.749300][ T7301] Memory state around the buggy address: [ 188.750215][ T7301] ffff0000debddc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 188.751463][ T7301] ffff0000debddd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 188.752712][ T7301] >ffff0000debddd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 188.754041][ T7301] ^ [ 188.755346][ T7301] ffff0000debdde00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 188.756678][ T7301] ffff0000debdde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 188.758045][ T7301] ================================================================== [ 188.759430][ T7301] Disabling lock debugging due to kernel taint