last executing test programs: 15.087358131s ago: executing program 2: ioctl$EVIOCGMASK(0xffffffffffffffff, 0x5452, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000780)={{0x12, 0x1, 0x0, 0xf6, 0xb3, 0xe0, 0x40, 0xdf6, 0x4b, 0x56d7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x66, 0x87, 0xca}}]}}]}}, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) syz_usb_connect$cdc_ecm(0x0, 0x56, 0x0, 0x0) ioctl$EVIOCRMFF(r0, 0x40085503, 0x0) syz_usb_disconnect(0xffffffffffffffff) 12.054534954s ago: executing program 2: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = eventfd(0x0) r2 = fcntl$dupfd(r1, 0x0, r1) write$P9_RSTATFS(r2, &(0x7f0000000200)={0x43, 0x9, 0x0, {0xfffffff7}}, 0x43) r3 = dup2(r2, r2) writev(r2, &(0x7f0000001800)=[{&(0x7f0000000340)="4de47e8abad5ca20", 0x8}], 0x1) r4 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) dup3(r4, r3, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) rt_sigreturn() mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) lsetxattr$system_posix_acl(0x0, 0x0, 0x0, 0xfffffd24, 0x2) 9.097645052s ago: executing program 3: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r1, &(0x7f0000000000)={0x7}, 0x69ff9a93bfc25838) socket$inet_udp(0x2, 0x2, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) rt_sigreturn() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$TIOCEXCL(r2, 0x8903) 8.226952258s ago: executing program 3: bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, r0}, 0x10) r1 = memfd_create(&(0x7f00000000c0)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\xa7\x1dp\t\x9a\xceb \x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00J[\xc4\x04\xc1\xa6\x10\xc2\x9d\x11\t|\xc0\t\xd9(\x80\xe6s\xaa\x88\x8a\xd6\xa2\x01\x10W]Z\x8d\xf7\xd1P\xf9d\x01|\xa3\x03hSq\x95\x8f\xe1J\xd3#/fcCz\xff\x80\xe2M\xa3-r\xf6\x1a\xd74\xdc\xe1\xe4\xc3\x9dU t}\x02\x9a{C|S\xf4\x98\x05\xb9\x15}\xfa\"\xdc\xc2r\xf9\a\xadnD\xb6\x06\xd3\'\x10\x9f|\x17\xd6\x89O\f\x98@\x85\xa5m\x9d\\&\x17o\x11Z=l\xfb\x93\x8exZ', 0x6) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x8010002}) 7.481912464s ago: executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) futex(&(0x7f0000000700)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0) rt_sigreturn() mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) pipe2(0x0, 0x0) 7.066562246s ago: executing program 1: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000073797a300000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000000006a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000065850000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) r1 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0}, 0x90) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000040)="01000000", 0x4}], 0x1) 5.860560094s ago: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) preadv(r0, &(0x7f0000000180)=[{&(0x7f0000001a80)=""/102400, 0x19000}, {0x0}], 0x2, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_open_procfs(0x0, &(0x7f0000000280)='net/protocols\x00') syz_open_dev$evdev(&(0x7f0000000480), 0x7, 0x2000) preadv(r1, &(0x7f0000000080), 0x0, 0xfffffffa, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "00000100ebffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', "006e34e400"}, 0x28) sendto$inet6(r2, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', &(0x7f0000000840)='%\\,:\x85X\\\x03\xa6\xd7}\xcd\xeb*\xb1\xa8\xb7\x81\xc8\xcbR\xa8?\x97 \xcbz&\x17\xa4\xfd^\xe1I\x11X\x90\x03\xb7W\x05\xb0\x99\x10F0\xb5YP9\xc3\xe2M\xaa\x81\xfev:\xe40\x9e\xdb\x98\xb4\xd0\xdcE\x14\x910\x1b.G\xab\x86\xdfy\xe6\xde11_H]\xe2\xc3\xb2fa\x7f\x8c\xf3\xc6\x85\xc9\xd6j\xff\xaa\xdbWD\x87\xe3\\mUSy\x0f\x82qW\fE\xd15ec>:D+', 0x0) r3 = fsopen(&(0x7f0000000240)='romfs\x00', 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=ANY=[@ANYBLOB="600000000206010100000000000000000000000005000100070000000900020073797a300000000005000500020000001400078005001500020000000800124000000000050004000000000012000300686173683a6e6574"], 0x60}, 0x1, 0x0, 0x0, 0x4008820}, 0x1) sendfile(0xffffffffffffffff, r3, &(0x7f0000000100)=0x800, 0x5) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, &(0x7f00000000c0)='%(:2', 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) utime(0x0, 0x0) 5.846486403s ago: executing program 1: bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=ANY=[@ANYBLOB="580000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100766c616e00000000180002800c0002000d0000001f000000060001000000000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x58}}, 0x0) 5.754847562s ago: executing program 2: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000140)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sys_exit\x00'}, 0x10) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r0}, 0x10) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x0, @loopback}, @in6={0xa, 0x0, 0x0, @private0}], 0x2c) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000000)={@map, 0xffffffffffffffff, 0x0, 0x0, 0x4, @prog_fd}, 0x20) 5.405754074s ago: executing program 4: r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000001280)=ANY=[@ANYBLOB='^'], 0x8, 0x0) msgrcv(r0, &(0x7f0000001b00)={0x0, ""/101}, 0x6d, 0x0, 0x1800) 4.976173493s ago: executing program 2: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000bbdffc)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r1, 0x26, &(0x7f0000000000)) fcntl$lock(r1, 0x7, &(0x7f00000006c0)={0x1}) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r3 = dup(r2) dup3(r3, r1, 0x0) rt_sigreturn() poll(0x0, 0x0, 0x64) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x77359400}, {0x0, 0x3938700}}, 0x0) rt_sigreturn() mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) syz_open_procfs(0x0, 0x0) 4.915550757s ago: executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r1, &(0x7f0000000000)={0x7}, 0x69ff9a93bfc25838) rt_sigreturn() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$TIOCEXCL(r2, 0x8903) 4.719287407s ago: executing program 1: syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xa00, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b00000000010000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0) syz_emit_ethernet(0x1aa, &(0x7f00000003c0)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x174, 0x3a, 0x0, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af2502"}, {0x0, 0x1, "000000050000000026000400"}, {0x0, 0x1d, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x21, 0x2, "b8a3e100908f61640000000200fe80ffff00000000"}, {}]}}}}}}, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x3, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x85}}, 0x0}, 0x90) 4.455958658s ago: executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) socket(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10) ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448dd, &(0x7f0000000240)={0x0, 0x0, "957008"}) write$binfmt_misc(0xffffffffffffffff, 0x0, 0xfdef) syz_emit_ethernet(0x3e, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd60122d9200083a0000000000000000000000ffffac1414aaff02000000000000000000000000b70001"], 0x0) connect$bt_l2cap(r0, &(0x7f0000000240)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) r3 = socket$inet6(0xa, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000fee000)=0x3fa, 0x4) listen(r3, 0x2) listen(r2, 0x80) getsockopt$EBT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000140)={'broute\x00'}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x4}, 0x6) ioctl$AUTOFS_IOC_CATATONIC(r1, 0x400443c8, 0x20000002) 4.143356261s ago: executing program 2: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x3938700}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) accept(r1, 0x0, 0x0) 3.9857659s ago: executing program 4: bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001280)='/proc/vmallocinfo\x00', 0x0, 0x0) read$hiddev(r0, &(0x7f00000000c0)=""/4092, 0xffc) 2.895943213s ago: executing program 1: socket$netlink(0x10, 0x3, 0x4) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x4b8, 0xc8, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3e8, 0xffffffff, 0xffffffff, 0x3e8, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0xa8, 0xc8, 0x60030000, {0x0, 0xff000000}}, @unspec=@TRACE={0x20}}, {{@ipv6={@rand_addr=' \x01\x00', @ipv4={'\x00', '\xff\xff', @remote}, [], [], 'wg2\x00', 'team_slave_1\x00'}, 0x0, 0x300, 0x320, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @fd}, @common=@inet=@set2={{0x28}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x518) socket$nl_netfilter(0x10, 0x3, 0xc) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x4924924924924b9, 0x0) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/73, 0x49}, {&(0x7f0000000200)=""/83, 0x53}], 0x3a}, 0x0) sendmmsg$alg(r2, &(0x7f0000000180)=[{0x0, 0x0, &(0x7f00000026c0)=[{&(0x7f0000000300)="0046ba3c405b5da814d7f2ee0c", 0xd}], 0x1}], 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'geneve0\x00', 0x0}) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000000f140100000000000000000008000100000000000c0045007264a1615f636d006dfc6f8f0739c0b0b52404d3c9670c8cbf5652e990d70c2c38031aa0af5e1b6e165f4b39bcaa270806a6ad97e2290180a965d67527e0f1b163b6d4015806c0beff035001f9085b5ded448081631cbb9923a219ed9a33bf978d"], 0x24}}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r5, &(0x7f0000000200), 0x12) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@bloom_filter={0x1e, 0x1, 0x5, 0x3ff, 0xa04, r0, 0xffffff81, '\x00', r3, r5, 0x0, 0x4, 0x0, 0x8}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000005c0), &(0x7f0000000640), 0x5}, 0x38) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x60ff, 0x0) r6 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r6, &(0x7f0000e5c000)={0x2, 0x4e20, @remote}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000000000180000000020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000e40000b703000000000000850000009b000000850000002300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) getsockopt$inet_int(r6, 0x10d, 0xad, &(0x7f0000000000), &(0x7f0000000240)=0x4) 2.674319341s ago: executing program 2: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={'ipvlan0\x00', 0x2}) preadv2(r1, 0x0, 0x0, 0x0, 0x0, 0x0) close(r1) rt_sigreturn() futex(&(0x7f0000000700)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) rt_sigreturn() mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) socket$inet6(0xa, 0x1, 0x0) mlock2(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x0) 2.571454862s ago: executing program 0: timer_create(0x0, 0x0, &(0x7f0000bbdffc)) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/class/dmi', 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/class/dmi', 0x0, 0x0) r1 = socket(0x1, 0x3, 0x0) recvmsg$inet_nvme(r1, &(0x7f00000014c0)={&(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, 0x0}, 0x0) close(r2) rt_sigreturn() ioctl$NS_GET_USERNS(r0, 0x5451, 0x0) socket$unix(0x1, 0x0, 0x0) 2.365039739s ago: executing program 4: setsockopt$packet_drop_memb(0xffffffffffffffff, 0x107, 0x2, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/if_inet6\x00') read$FUSE(r0, &(0x7f0000000f40)={0x2020}, 0x2020) preadv(r0, &(0x7f0000000180)=[{&(0x7f0000000040)=""/95, 0x5f}], 0x1, 0x0, 0x0) read$FUSE(r0, 0x0, 0x0) 1.946035122s ago: executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000140)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sys_exit\x00'}, 0x10) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r0}, 0x10) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x0, @loopback}, @in6={0xa, 0x0, 0x0, @private0}], 0x2c) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000000)={@map, 0xffffffffffffffff, 0x0, 0x0, 0x4, @prog_fd}, 0x20) 1.917045471s ago: executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000000380)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = dup3(r1, r0, 0x0) r3 = accept$unix(r2, 0x0, 0x0) recvmsg(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 1.712340576s ago: executing program 4: bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) r0 = socket$nl_route(0x10, 0x3, 0x0) socket(0x1, 0x803, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=ANY=[@ANYBLOB="580000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100766c616e00000000180002800c0002000d0000001f000000060001000000000008000500", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x58}}, 0x0) 1.493766412s ago: executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) preadv(r0, &(0x7f0000000180)=[{&(0x7f0000001a80)=""/102400, 0x19000}, {0x0}], 0x2, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_open_procfs(0x0, &(0x7f0000000280)='net/protocols\x00') syz_open_dev$evdev(&(0x7f0000000480), 0x7, 0x2000) preadv(r1, &(0x7f0000000080), 0x0, 0xfffffffa, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "00000100ebffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', "006e34e400"}, 0x28) sendto$inet6(r2, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', &(0x7f0000000840)='%\\,:\x85X\\\x03\xa6\xd7}\xcd\xeb*\xb1\xa8\xb7\x81\xc8\xcbR\xa8?\x97 \xcbz&\x17\xa4\xfd^\xe1I\x11X\x90\x03\xb7W\x05\xb0\x99\x10F0\xb5YP9\xc3\xe2M\xaa\x81\xfev:\xe40\x9e\xdb\x98\xb4\xd0\xdcE\x14\x910\x1b.G\xab\x86\xdfy\xe6\xde11_H]\xe2\xc3\xb2fa\x7f\x8c\xf3\xc6\x85\xc9\xd6j\xff\xaa\xdbWD\x87\xe3\\mUSy\x0f\x82qW\fE\xd15ec>:D+', 0x0) r3 = fsopen(&(0x7f0000000240)='romfs\x00', 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=ANY=[@ANYBLOB="600000000206010100000000000000000000000005000100070000000900020073797a300000000005000500020000001400078005001500020000000800124000000000050004000000000012000300686173683a6e6574"], 0x60}, 0x1, 0x0, 0x0, 0x4008820}, 0x1) sendfile(0xffffffffffffffff, r3, &(0x7f0000000100)=0x800, 0x5) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, &(0x7f00000000c0)='%(:2', 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) utime(0x0, 0x0) 1.133674257s ago: executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r1, 0x26, &(0x7f0000000000)) fcntl$lock(r1, 0x7, &(0x7f00000006c0)={0x1}) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r3 = dup(r2) dup3(r3, r1, 0x0) openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) close(0xffffffffffffffff) rt_sigreturn() clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timer_settime(0x0, 0x1, &(0x7f0000000080)={{0x77359400}, {0x0, r4+60000000}}, 0x0) ioctl$BTRFS_IOC_BALANCE_CTL(0xffffffffffffffff, 0x5451, 0x0) 1.099090957s ago: executing program 3: futex(&(0x7f0000004040)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0) rt_sigreturn() syz_read_part_table(0x401f, &(0x7f0000000000)="$eJzs0DEOAUEUBuB/NqKgUbuERk2UjrKNTqLRuIrKMSQaB3EBJ9CMZElIVuv7mvlnMjMv741vp1WSMttu2l1eNJ28bJKSZF73Jf/nvedrsjgnGfX5pDvUtPcvNycfzveHGoZ96j4N6ro+Ti+/vAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAwAAACDM3zqP9gMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEsBAAD//4IoCls=") getsockname$unix(0xffffffffffffffff, &(0x7f0000002600), &(0x7f0000001380)=0x1fa) r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(0xffffffffffffffff, &(0x7f0000003000)=@abs={0x1}, 0x6e) listen(0xffffffffffffffff, 0x0) r1 = dup3(0xffffffffffffffff, r0, 0x0) accept4$inet(r1, 0x0, 0x0, 0x0) 921.434336ms ago: executing program 4: syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xa00, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b00000000010000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0) syz_emit_ethernet(0x1ac, &(0x7f00000003c0)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x176, 0x3a, 0x0, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af2502"}, {0x0, 0x1, "000000050000000026000400"}, {}, {0x0, 0x1d, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x21, 0x2, "b8a3e100908f61640000000200fe80ffff00000000"}, {}]}}}}}}, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x3, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x85}}, 0x0}, 0x90) 316.133023ms ago: executing program 3: gettid() poll(0x0, 0x0, 0x401) rt_sigreturn() futex(&(0x7f0000000700)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0) rt_sigreturn() mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$TCSBRK(r0, 0x8901, 0x0) 244.60951ms ago: executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000002000000000000000001801000020786c250000000000202020731af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000550000000000000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000440)='tlb_flush\x00', r0}, 0x10) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) write$cgroup_type(r1, &(0x7f0000000200), 0xf642e7e) pwritev2(r1, &(0x7f0000000100)=[{&(0x7f00000012c0)='\x00', 0x1}], 0x1, 0x0, 0x0, 0x0) fallocate(r1, 0x0, 0x0, 0x1000) 0s ago: executing program 1: sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) r2 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r2, &(0x7f0000000080)={0x1d, r1}, 0x18) sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) r3 = socket$nl_route(0x10, 0x3, 0x0) dup2(r0, r2) r4 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000f00)=@newtfilter={0x24, 0x11, 0x0, 0x0, 0x0, {0x0, 0x0, 0x74, r5}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.227' (ED25519) to the list of known hosts. 2024/06/08 01:21:10 fuzzer started 2024/06/08 01:21:11 dialing manager at 10.128.0.169:30024 [ 158.669342][ T5046] cgroup: Unknown subsys name 'net' [ 158.917757][ T5046] cgroup: Unknown subsys name 'rlimit' 2024/06/08 01:21:59 starting 5 executor processes [ 204.863437][ T5054] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 207.261357][ T5080] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 207.286559][ T5079] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 207.295005][ T5079] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 207.304864][ T5079] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 207.313450][ T5079] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 207.322757][ T5079] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 207.325173][ T5081] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 207.333707][ T5079] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 207.347493][ T5082] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 207.365932][ T5079] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 207.366217][ T5082] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 207.376312][ T5079] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 207.390705][ T5082] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 207.395245][ T5079] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 207.400551][ T5085] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 207.409597][ T5079] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 207.423149][ T5085] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 207.425340][ T5079] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 207.829148][ T50] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 207.896873][ T5079] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 207.909544][ T5079] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 207.924309][ T5079] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 207.936095][ T5079] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 207.945391][ T5079] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 208.006091][ T5079] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 208.018332][ T5079] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 208.030723][ T5079] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 208.107051][ T5079] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 208.147802][ T5079] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 208.161295][ T5079] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 208.930068][ T5073] chnl_net:caif_netlink_parms(): no params data found [ 209.199859][ T5075] chnl_net:caif_netlink_parms(): no params data found [ 209.312983][ T5077] chnl_net:caif_netlink_parms(): no params data found [ 209.383489][ T5087] chnl_net:caif_netlink_parms(): no params data found [ 209.502423][ T50] Bluetooth: hci2: command tx timeout [ 209.508078][ T50] Bluetooth: hci0: command tx timeout [ 209.582322][ T50] Bluetooth: hci1: command tx timeout [ 209.991419][ T50] Bluetooth: hci3: command tx timeout [ 209.991495][ T5077] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.004817][ T5077] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.012593][ T5077] bridge_slave_0: entered allmulticast mode [ 210.021687][ T5077] bridge_slave_0: entered promiscuous mode [ 210.044771][ T5077] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.053759][ T5077] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.061473][ T5077] bridge_slave_1: entered allmulticast mode [ 210.070758][ T5077] bridge_slave_1: entered promiscuous mode [ 210.223363][ T50] Bluetooth: hci4: command tx timeout [ 210.372176][ T5077] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 210.382111][ T5089] chnl_net:caif_netlink_parms(): no params data found [ 210.422340][ T5073] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.430075][ T5073] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.438258][ T5073] bridge_slave_0: entered allmulticast mode [ 210.447450][ T5073] bridge_slave_0: entered promiscuous mode [ 210.470563][ T5077] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 210.576013][ T5073] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.583995][ T5073] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.591708][ T5073] bridge_slave_1: entered allmulticast mode [ 210.600623][ T5073] bridge_slave_1: entered promiscuous mode [ 210.768298][ T5075] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.776095][ T5075] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.783934][ T5075] bridge_slave_0: entered allmulticast mode [ 210.792896][ T5075] bridge_slave_0: entered promiscuous mode [ 210.811427][ T5077] team0: Port device team_slave_0 added [ 210.821766][ T5075] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.829658][ T5075] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.839944][ T5075] bridge_slave_1: entered allmulticast mode [ 210.848945][ T5075] bridge_slave_1: entered promiscuous mode [ 210.981480][ T5077] team0: Port device team_slave_1 added [ 210.989747][ T5087] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.997639][ T5087] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.005379][ T5087] bridge_slave_0: entered allmulticast mode [ 211.014134][ T5087] bridge_slave_0: entered promiscuous mode [ 211.072079][ T5073] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 211.170616][ T5075] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 211.183200][ T5087] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.190900][ T5087] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.200814][ T5087] bridge_slave_1: entered allmulticast mode [ 211.212784][ T5087] bridge_slave_1: entered promiscuous mode [ 211.229590][ T5073] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 211.275094][ T5077] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 211.282411][ T5077] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.309214][ T5077] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 211.329782][ T5075] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 211.342828][ T5077] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 211.350096][ T5077] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.376435][ T5077] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 211.543452][ T5075] team0: Port device team_slave_0 added [ 211.582323][ T50] Bluetooth: hci0: command tx timeout [ 211.587968][ T50] Bluetooth: hci2: command tx timeout [ 211.633926][ T5073] team0: Port device team_slave_0 added [ 211.650272][ T5087] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 211.666566][ T5073] team0: Port device team_slave_1 added [ 211.674281][ T50] Bluetooth: hci1: command tx timeout [ 211.685168][ T5075] team0: Port device team_slave_1 added [ 211.739480][ T5087] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 212.041268][ T5073] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 212.048671][ T5073] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 212.075087][ T5073] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 212.078328][ T50] Bluetooth: hci3: command tx timeout [ 212.130153][ T5087] team0: Port device team_slave_0 added [ 212.139837][ T5075] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 212.147224][ T5075] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 212.173482][ T5075] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 212.200806][ T5077] hsr_slave_0: entered promiscuous mode [ 212.211496][ T5077] hsr_slave_1: entered promiscuous mode [ 212.222570][ T5089] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.230252][ T5089] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.238473][ T5089] bridge_slave_0: entered allmulticast mode [ 212.247607][ T5089] bridge_slave_0: entered promiscuous mode [ 212.260074][ T5073] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 212.267538][ T5073] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 212.293877][ T5073] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 212.302344][ T50] Bluetooth: hci4: command tx timeout [ 212.312685][ T5087] team0: Port device team_slave_1 added [ 212.336536][ T5075] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 212.343775][ T5075] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 212.370183][ T5075] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 212.400953][ T5089] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.408821][ T5089] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.416761][ T5089] bridge_slave_1: entered allmulticast mode [ 212.425843][ T5089] bridge_slave_1: entered promiscuous mode [ 212.510400][ T5087] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 212.518251][ T5087] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 212.544628][ T5087] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 212.639101][ T5087] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 212.646401][ T5087] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 212.672882][ T5087] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 212.839424][ T5089] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 212.908597][ T5075] hsr_slave_0: entered promiscuous mode [ 212.918782][ T5075] hsr_slave_1: entered promiscuous mode [ 212.928416][ T5075] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 212.937035][ T5075] Cannot create hsr debugfs directory [ 213.006544][ T5089] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 213.138559][ T5073] hsr_slave_0: entered promiscuous mode [ 213.147995][ T5073] hsr_slave_1: entered promiscuous mode [ 213.156474][ T5073] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 213.165855][ T5073] Cannot create hsr debugfs directory [ 213.225636][ T5087] hsr_slave_0: entered promiscuous mode [ 213.236697][ T5087] hsr_slave_1: entered promiscuous mode [ 213.245950][ T5087] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 213.254007][ T5087] Cannot create hsr debugfs directory [ 213.269744][ T5089] team0: Port device team_slave_0 added [ 213.297481][ T5089] team0: Port device team_slave_1 added [ 213.524263][ T5089] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 213.531632][ T5089] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.558136][ T5089] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 213.665265][ T50] Bluetooth: hci2: command tx timeout [ 213.670938][ T5079] Bluetooth: hci0: command tx timeout [ 213.674526][ T5089] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 213.683803][ T5089] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.710585][ T5089] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 213.743477][ T50] Bluetooth: hci1: command tx timeout [ 214.144166][ T50] Bluetooth: hci3: command tx timeout [ 214.164664][ T5089] hsr_slave_0: entered promiscuous mode [ 214.174027][ T5089] hsr_slave_1: entered promiscuous mode [ 214.181781][ T5089] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 214.189652][ T5089] Cannot create hsr debugfs directory [ 214.382593][ T50] Bluetooth: hci4: command tx timeout [ 214.574437][ T5077] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 214.594859][ T5077] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 214.659433][ T5077] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 214.704859][ T5077] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 214.920952][ T5073] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 214.947899][ T5073] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 215.034175][ T5075] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 215.055062][ T5073] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 215.078306][ T5073] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 215.156674][ T5075] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 215.199922][ T5075] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 215.222550][ T5075] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 215.475007][ T5087] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 215.527062][ T5087] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 215.616036][ T5087] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 215.680637][ T5087] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 215.743930][ T50] Bluetooth: hci2: command tx timeout [ 215.749601][ T5079] Bluetooth: hci0: command tx timeout [ 215.779128][ T5089] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 215.822527][ T5079] Bluetooth: hci1: command tx timeout [ 215.967303][ T5089] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 216.005286][ T5089] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 216.025156][ T5089] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 216.250987][ T5079] Bluetooth: hci3: command tx timeout [ 216.284214][ T5077] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.403068][ T5077] 8021q: adding VLAN 0 to HW filter on device team0 [ 216.463487][ T5079] Bluetooth: hci4: command tx timeout [ 216.478047][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.485863][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.595787][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.603545][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.780821][ T5073] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.827558][ T5075] 8021q: adding VLAN 0 to HW filter on device bond0 [ 217.043536][ T5073] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.119523][ T5123] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.127286][ T5123] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.174939][ T5075] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.267014][ T5087] 8021q: adding VLAN 0 to HW filter on device bond0 [ 217.299079][ T5123] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.306814][ T5123] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.328378][ T5123] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.336124][ T5123] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.466598][ T5087] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.533367][ T5123] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.541067][ T5123] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.707202][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.714983][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.848302][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.856080][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.969308][ T5089] 8021q: adding VLAN 0 to HW filter on device bond0 [ 218.187407][ T5089] 8021q: adding VLAN 0 to HW filter on device team0 [ 218.331575][ T5125] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.339414][ T5125] bridge0: port 1(bridge_slave_0) entered forwarding state [ 218.503310][ T5125] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.510998][ T5125] bridge0: port 2(bridge_slave_1) entered forwarding state [ 218.751349][ T5089] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 219.118953][ T1218] ieee802154 phy0 wpan0: encryption failed: -22 [ 219.126698][ T1218] ieee802154 phy1 wpan1: encryption failed: -22 [ 219.467822][ T5077] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 219.871643][ T5073] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 220.215146][ T5077] veth0_vlan: entered promiscuous mode [ 220.402931][ T5077] veth1_vlan: entered promiscuous mode [ 220.485390][ T5087] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 220.523213][ T5073] veth0_vlan: entered promiscuous mode [ 220.660311][ T5073] veth1_vlan: entered promiscuous mode [ 220.724892][ T5075] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 220.820121][ T5089] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 220.900232][ T5077] veth0_macvtap: entered promiscuous mode [ 221.013011][ T5077] veth1_macvtap: entered promiscuous mode [ 221.181549][ T5087] veth0_vlan: entered promiscuous mode [ 221.282754][ T5077] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 221.329624][ T5073] veth0_macvtap: entered promiscuous mode [ 221.378138][ T5087] veth1_vlan: entered promiscuous mode [ 221.397573][ T5077] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 221.466204][ T5077] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.475403][ T5077] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.484577][ T5077] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.493735][ T5077] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.513526][ T5073] veth1_macvtap: entered promiscuous mode [ 221.620512][ T5089] veth0_vlan: entered promiscuous mode [ 221.774647][ T5073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 221.786896][ T5073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.804762][ T5073] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 221.872213][ T5089] veth1_vlan: entered promiscuous mode [ 221.890370][ T5087] veth0_macvtap: entered promiscuous mode [ 221.981705][ T5073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 222.000398][ T5073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.015506][ T5073] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 222.057334][ T5087] veth1_macvtap: entered promiscuous mode [ 222.214745][ T5073] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.227622][ T5073] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.238162][ T5073] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.247353][ T5073] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.285458][ T5089] veth0_macvtap: entered promiscuous mode [ 222.410224][ T5089] veth1_macvtap: entered promiscuous mode [ 222.457971][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.469053][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.480476][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.491252][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.506821][ T5087] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 222.648856][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 222.661698][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.673459][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 222.686351][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.703172][ T5087] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 222.810908][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.821816][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.832195][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.843032][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.853183][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.864226][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.879247][ T5089] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 222.919524][ T5087] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.928739][ T5087] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.938022][ T5087] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.950249][ T5087] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.129904][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.142210][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.153371][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.164129][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.174343][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.185066][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.201198][ T5089] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 223.368864][ T5089] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.378057][ T5089] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.387319][ T5089] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.396548][ T5089] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.734621][ T5075] veth0_vlan: entered promiscuous mode [ 223.851472][ T5075] veth1_vlan: entered promiscuous mode [ 224.321698][ T5075] veth0_macvtap: entered promiscuous mode [ 224.439831][ T5075] veth1_macvtap: entered promiscuous mode [ 224.668072][ T5075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 224.680290][ T5075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.691200][ T5075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 224.705630][ T5075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.716355][ T5075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 224.727223][ T5075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.737407][ T5075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 224.748182][ T5075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.763492][ T5075] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 224.910220][ T5075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 224.922920][ T5075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.933225][ T5075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 224.947650][ T5075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.961441][ T5075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 224.973093][ T5075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.983265][ T5075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 224.994057][ T5075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.009145][ T5075] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 225.174876][ T5075] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.187273][ T5075] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.197756][ T5075] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.207125][ T5075] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.485055][ T3371] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.493212][ T3371] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.737651][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.746055][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.811087][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.819177][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 229.052781][ T780] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 229.062253][ T780] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 229.823669][ T780] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 229.832120][ T780] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 230.042671][ T5134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 230.050741][ T5134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 230.159026][ T3412] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 230.167397][ T3412] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 230.201140][ T4425] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 230.209846][ T4425] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 231.754211][ T5268] veth1_macvtap: left promiscuous mode [ 233.227689][ T4303] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 233.235904][ T4303] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 233.616557][ T4365] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 233.624771][ T4365] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.043650][ T5283] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 234.111551][ T5284] pim6reg1: entered promiscuous mode [ 234.117591][ T5284] pim6reg1: entered allmulticast mode [ 234.978976][ T5295] loop2: detected capacity change from 0 to 128 [ 235.175018][ T5297] loop4: detected capacity change from 0 to 512 [ 235.207655][ T5297] ======================================================= [ 235.207655][ T5297] WARNING: The mand mount option has been deprecated and [ 235.207655][ T5297] and is ignored by this kernel. Remove the mand [ 235.207655][ T5297] option from the mount to silence this warning. [ 235.207655][ T5297] ======================================================= [ 235.874211][ T5302] loop1: detected capacity change from 0 to 128 [ 236.441322][ T5297] EXT4-fs (loop4): Test dummy encryption mode enabled [ 236.672511][ T5297] EXT4-fs error (device loop4): ext4_orphan_get:1394: inode #17: comm syz-executor.4: iget: bogus i_mode (0) [ 236.920961][ T29] audit: type=1800 audit(1717809751.109:2): pid=5309 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=1048595 res=0 errno=0 [ 237.072900][ T5297] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz-executor.4: couldn't read orphan inode 17 (err -117) [ 237.133329][ T5297] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 237.738977][ T5075] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 239.903709][ T5317] loop1: detected capacity change from 0 to 256 [ 240.802634][ T5320] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 241.828633][ T5325] fuse: Unknown parameter '017777777777777777777770000000000000000000000000000000000000000' [ 242.349586][ T5328] loop3: detected capacity change from 0 to 512 [ 242.663295][ T5328] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=2842c018, mo2=0002] [ 242.732844][ T5328] System zones: 0-2, 18-18, 34-35 [ 242.823782][ T5328] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 242.837604][ T5328] ext4 filesystem being mounted at /root/syzkaller-testdir4235682268/syzkaller.Rmqdr6/7/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 244.012244][ T5340] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 244.037683][ T5338] loop0: detected capacity change from 0 to 128 [ 244.178753][ T5328] EXT4-fs error (device loop3): ext4_search_dir:1548: inode #2: block 3: comm syz-executor.3: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0 [ 244.468448][ T5328] fuse: Bad value for 'fd' [ 245.245341][ T5087] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 3: comm syz-executor.3: path /root/syzkaller-testdir4235682268/syzkaller.Rmqdr6/7/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0 [ 245.293276][ T29] audit: type=1800 audit(1717809759.289:3): pid=5345 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="loop0" ino=1048597 res=0 errno=0 [ 245.432286][ T5087] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 12: comm syz-executor.3: path /root/syzkaller-testdir4235682268/syzkaller.Rmqdr6/7/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 245.598555][ T5087] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 13: comm syz-executor.3: path /root/syzkaller-testdir4235682268/syzkaller.Rmqdr6/7/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 245.772991][ T5087] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 14: comm syz-executor.3: path /root/syzkaller-testdir4235682268/syzkaller.Rmqdr6/7/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 245.902381][ T5087] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 15: comm syz-executor.3: path /root/syzkaller-testdir4235682268/syzkaller.Rmqdr6/7/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 246.034032][ T5087] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 16: comm syz-executor.3: path /root/syzkaller-testdir4235682268/syzkaller.Rmqdr6/7/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 246.143970][ T5087] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 17: comm syz-executor.3: path /root/syzkaller-testdir4235682268/syzkaller.Rmqdr6/7/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 246.271634][ T5087] EXT4-fs error (device loop3): ext4_map_blocks:580: inode #2: block 18: comm syz-executor.3: lblock 23 mapped to illegal pblock 18 (length 1) [ 246.829032][ T5350] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 247.013925][ T5350] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 247.252431][ T29] audit: type=1326 audit(1717809761.369:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5352 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f223587cf69 code=0x0 [ 247.344828][ T5087] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 247.510801][ T4425] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.689701][ T4425] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.985413][ T4425] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.104960][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 248.147109][ T4425] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.625124][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 248.923785][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!! [ 249.025898][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 249.333797][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 249.342189][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 249.402235][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 249.435530][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 249.742776][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 249.751155][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 250.076334][ T5362] team0: Port device ip6gretap0 added [ 250.632849][ T4425] bridge_slave_1: left allmulticast mode [ 250.638856][ T4425] bridge_slave_1: left promiscuous mode [ 250.645677][ T4425] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.737224][ T4425] bridge_slave_0: left allmulticast mode [ 250.744379][ T4425] bridge_slave_0: left promiscuous mode [ 250.750937][ T4425] bridge0: port 1(bridge_slave_0) entered disabled state [ 251.208671][ T5370] loop0: detected capacity change from 0 to 128 [ 251.970911][ T4425] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 251.989373][ T4425] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 252.007183][ T4425] bond0 (unregistering): Released all slaves [ 252.214477][ T29] audit: type=1800 audit(1717809766.309:5): pid=5377 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="loop0" ino=1048598 res=0 errno=0 [ 254.673979][ T4425] hsr_slave_0: left promiscuous mode [ 254.736988][ T4425] hsr_slave_1: left promiscuous mode [ 254.781408][ T4425] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 254.789503][ T4425] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 254.875081][ T4425] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 254.883042][ T4425] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 254.940967][ T4425] veth1_macvtap: left promiscuous mode [ 254.955772][ T4425] veth0_macvtap: left promiscuous mode [ 254.966109][ T4425] veth1_vlan: left promiscuous mode [ 254.971695][ T4425] veth0_vlan: left promiscuous mode [ 256.265570][ T50] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 256.313306][ T50] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 256.327563][ T50] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 256.341171][ T50] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 256.353468][ T4425] team0 (unregistering): Port device team_slave_1 removed [ 256.384751][ T4425] team0 (unregistering): Port device team_slave_0 removed [ 256.432824][ T50] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 256.465776][ T50] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 258.070522][ T5404] chnl_net:caif_netlink_parms(): no params data found [ 258.706670][ T5079] Bluetooth: hci3: command tx timeout [ 259.198238][ T5429] bond0: entered promiscuous mode [ 259.203759][ T5429] bond_slave_0: entered promiscuous mode [ 259.210419][ T5429] bond_slave_1: entered promiscuous mode [ 259.518050][ T5426] bond0: left promiscuous mode [ 259.524063][ T5426] bond_slave_0: left promiscuous mode [ 259.530581][ T5426] bond_slave_1: left promiscuous mode [ 260.342422][ T5404] bridge0: port 1(bridge_slave_0) entered blocking state [ 260.350135][ T5404] bridge0: port 1(bridge_slave_0) entered disabled state [ 260.359483][ T5404] bridge_slave_0: entered allmulticast mode [ 260.368573][ T5404] bridge_slave_0: entered promiscuous mode [ 260.498685][ T5404] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.507053][ T5404] bridge0: port 2(bridge_slave_1) entered disabled state [ 260.515024][ T5404] bridge_slave_1: entered allmulticast mode [ 260.524380][ T5404] bridge_slave_1: entered promiscuous mode [ 260.785589][ T5079] Bluetooth: hci3: command tx timeout [ 260.882984][ T5404] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 261.010197][ T5404] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 261.398519][ T5404] team0: Port device team_slave_0 added [ 261.479837][ T5404] team0: Port device team_slave_1 added [ 261.874172][ T5404] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 261.881339][ T5404] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 261.907729][ T5404] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 262.464744][ T5404] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 262.472105][ T5404] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 262.498851][ T5404] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 262.874738][ T5079] Bluetooth: hci3: command tx timeout [ 263.223409][ T5404] hsr_slave_0: entered promiscuous mode [ 263.304592][ T5404] hsr_slave_1: entered promiscuous mode [ 263.372298][ T5404] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 263.380197][ T5404] Cannot create hsr debugfs directory [ 263.847879][ T5494] blktrace: Concurrent blktraces are not allowed on sg0 [ 263.992705][ T5494] bond0: entered promiscuous mode [ 263.998082][ T5494] bond_slave_0: entered promiscuous mode [ 264.004967][ T5494] bond_slave_1: entered promiscuous mode [ 264.526183][ T5491] bond0: left promiscuous mode [ 264.531340][ T5491] bond_slave_0: left promiscuous mode [ 264.538037][ T5491] bond_slave_1: left promiscuous mode [ 264.844129][ T5505] loop0: detected capacity change from 0 to 256 [ 264.956382][ T5079] Bluetooth: hci3: command tx timeout [ 265.170198][ T29] audit: type=1804 audit(1717809779.359:6): pid=5505 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir732149281/syzkaller.Lhn5Ai/19/file0" dev="sda1" ino=1962 res=1 errno=0 [ 265.195966][ T5505] Process accounting resumed [ 265.950293][ T5404] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 266.043880][ T5404] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 266.127435][ T5404] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 266.136951][ T4702] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 266.209858][ T5404] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 266.393127][ T4702] usb 1-1: Using ep0 maxpacket: 8 [ 266.538781][ T4702] usb 1-1: config 0 has an invalid descriptor of length 106, skipping remainder of the config [ 266.549698][ T4702] usb 1-1: New USB device found, idVendor=0bac, idProduct=8501, bcdDevice=20.9d [ 266.559513][ T4702] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.629611][ T4702] usb 1-1: config 0 descriptor?? [ 266.932920][ T4702] usb 1-1: string descriptor 0 read error: -71 [ 266.955283][ T4702] usb 1-1: Found UVC 0.00 device (0bac:8501) [ 266.963781][ T4702] usb 1-1: No valid video chain found. [ 267.096707][ T4702] usb 1-1: USB disconnect, device number 2 [ 267.726437][ T5404] 8021q: adding VLAN 0 to HW filter on device bond0 [ 267.949785][ T5404] 8021q: adding VLAN 0 to HW filter on device team0 [ 268.022757][ T5156] bridge0: port 1(bridge_slave_0) entered blocking state [ 268.030528][ T5156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 268.151059][ T5156] bridge0: port 2(bridge_slave_1) entered blocking state [ 268.158884][ T5156] bridge0: port 2(bridge_slave_1) entered forwarding state [ 270.496209][ T5404] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 270.708173][ T5545] loop1: detected capacity change from 0 to 64 [ 271.275097][ T5404] veth0_vlan: entered promiscuous mode [ 271.415827][ T5404] veth1_vlan: entered promiscuous mode [ 271.811579][ T5557] Zero length message leads to an empty skb [ 271.853397][ T5404] veth0_macvtap: entered promiscuous mode [ 271.904973][ T5557] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 272.264272][ T5557] hsr_slave_1 (unregistering): left promiscuous mode [ 272.423074][ T5404] veth1_macvtap: entered promiscuous mode [ 272.743748][ T5404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 272.754563][ T5404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.764742][ T5404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 272.775584][ T5404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.789714][ T5404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 272.801660][ T5404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.811919][ T5404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 272.822629][ T5404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.837715][ T5404] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 273.180834][ T5404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 273.195770][ T5404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 273.207433][ T5404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 273.218187][ T5404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 273.228282][ T5404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 273.239102][ T5404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 273.249258][ T5404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 273.260123][ T5404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 273.277731][ T5404] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 273.586929][ T5404] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 273.596403][ T5404] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 273.610035][ T5404] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 273.620448][ T5404] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 274.133039][ T5572] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 274.939122][ T5583] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 275.160006][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.014019][ T5595] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.024819][ T5595] bridge0: port 2(bridge_slave_1) entered blocking state [ 276.033052][ T5595] bridge0: port 2(bridge_slave_1) entered forwarding state [ 276.785006][ T5601] loop1: detected capacity change from 0 to 64 [ 277.187114][ T5156] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 277.598210][ T5156] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 64, changing to 10 [ 277.610007][ T5156] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 277.620395][ T5156] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 277.629860][ T5156] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 277.713832][ T5605] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 277.930076][ T5619] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 278.163466][ T5156] usb 1-1: USB disconnect, device number 3 [ 278.430440][ T5416] udevd[5416]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 279.760771][ T5636] loop4: detected capacity change from 0 to 512 [ 279.813645][ T5636] EXT4-fs: quotafile must be on filesystem root [ 280.607678][ T1218] ieee802154 phy0 wpan0: encryption failed: -22 [ 280.614653][ T1218] ieee802154 phy1 wpan1: encryption failed: -22 [ 280.754480][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.544655][ T5664] loop0: detected capacity change from 0 to 256 [ 283.694627][ T5156] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 283.702834][ T5156] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 283.925872][ T3120] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 283.935523][ T3120] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 284.317822][ T5669] loop2: detected capacity change from 0 to 64 [ 285.110319][ T5681] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 285.447223][ T5681] hsr_slave_1 (unregistering): left promiscuous mode [ 285.950567][ T5684] loop2: detected capacity change from 0 to 2048 [ 287.019287][ T25] bridge0: port 2(bridge_slave_1) entered disabled state [ 288.523766][ T5710] loop1: detected capacity change from 0 to 256 [ 288.621393][ T5714] loop0: detected capacity change from 0 to 64 [ 290.118058][ T5717] warning: `syz-executor.2' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 291.274513][ T5728] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 293.407091][ T5748] loop1: detected capacity change from 0 to 64 [ 293.580375][ T5750] loop0: detected capacity change from 0 to 256 [ 294.908049][ T5752] netlink: 'syz-executor.2': attribute type 3 has an invalid length. [ 294.917806][ T5752] netlink: 666 bytes leftover after parsing attributes in process `syz-executor.2'. [ 298.313866][ T5125] bridge0: port 2(bridge_slave_1) entered disabled state [ 298.905363][ T5785] loop1: detected capacity change from 0 to 64 [ 300.057324][ T5792] loop2: detected capacity change from 0 to 256 [ 307.465425][ C1] vcan0: j1939_tp_rxtimer: 0xffff88802f063e00: rx timeout, send abort [ 307.765990][ T25] bridge0: port 2(bridge_slave_1) entered disabled state [ 307.974035][ C1] vcan0: j1939_tp_rxtimer: 0xffff88802f063e00: abort rx timeout. Force session deactivation [ 308.246432][ T5821] loop3: detected capacity change from 0 to 64 [ 308.455328][ T5823] syz-executor.2[5823] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 308.455883][ T5823] syz-executor.2[5823] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 308.849437][ T5828] loop1: detected capacity change from 0 to 256 [ 309.653182][ T3412] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 310.107452][ T3412] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 310.344572][ T3412] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 310.540597][ T3412] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 310.958690][ T3412] bridge_slave_1: left allmulticast mode [ 310.965061][ T3412] bridge_slave_1: left promiscuous mode [ 310.971460][ T3412] bridge0: port 2(bridge_slave_1) entered disabled state [ 311.045904][ T3412] bridge_slave_0: left allmulticast mode [ 311.052415][ T3412] bridge_slave_0: left promiscuous mode [ 311.058678][ T3412] bridge0: port 1(bridge_slave_0) entered disabled state [ 311.120631][ T50] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 311.129737][ T50] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 311.139924][ T50] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 311.240255][ T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 311.286123][ T50] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 311.304972][ T50] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 312.124909][ T3412] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 312.207050][ T3412] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 312.301117][ T3412] bond0 (unregistering): Released all slaves [ 313.444163][ T5864] loop2: detected capacity change from 0 to 64 [ 313.582456][ T50] Bluetooth: hci1: command tx timeout [ 313.645774][ T3412] hsr_slave_0: left promiscuous mode [ 313.697490][ T3412] hsr_slave_1: left promiscuous mode [ 313.760847][ T3412] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 313.768953][ T3412] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 313.826567][ T3412] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 313.834457][ T3412] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 313.977004][ T3412] veth1_macvtap: left promiscuous mode [ 313.983065][ T3412] veth0_macvtap: left promiscuous mode [ 313.988992][ T3412] veth1_vlan: left promiscuous mode [ 313.994769][ T3412] veth0_vlan: left promiscuous mode [ 315.106894][ T3412] team0 (unregistering): Port device team_slave_1 removed [ 315.260894][ T3412] team0 (unregistering): Port device team_slave_0 removed [ 315.700615][ T50] Bluetooth: hci1: command tx timeout [ 316.343912][ T5891] loop1: detected capacity change from 0 to 256 [ 317.753253][ T50] Bluetooth: hci1: command tx timeout [ 317.830915][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 317.914630][ T5900] loop3: detected capacity change from 0 to 64 [ 319.824378][ T50] Bluetooth: hci1: command tx timeout [ 320.115684][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 320.124029][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 320.131682][ T5844] bridge_slave_0: entered allmulticast mode [ 320.140908][ T5844] bridge_slave_0: entered promiscuous mode [ 320.369648][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 320.378828][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 320.386689][ T5844] bridge_slave_1: entered allmulticast mode [ 320.399196][ T5844] bridge_slave_1: entered promiscuous mode [ 320.798249][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 320.953625][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 321.027679][ T5939] loop2: detected capacity change from 0 to 256 [ 321.356948][ T5945] loop1: detected capacity change from 0 to 64 [ 321.406488][ T5844] team0: Port device team_slave_0 added [ 324.259602][ T5945] hfs: unable to open extent tree [ 324.265112][ T5945] hfs: can't find a HFS filesystem on dev loop1 [ 324.332879][ T5844] team0: Port device team_slave_1 added [ 324.636730][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 324.644127][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.670544][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 324.786616][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 324.793958][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.825049][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 325.633307][ T5844] hsr_slave_0: entered promiscuous mode [ 325.695786][ T5844] hsr_slave_1: entered promiscuous mode [ 325.745945][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 325.754316][ T5844] Cannot create hsr debugfs directory [ 327.737603][ T5991] loop2: detected capacity change from 0 to 64 [ 327.943179][ T5844] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 327.967220][ T5844] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 327.997341][ T5844] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 328.049049][ T5844] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 328.147478][ T5997] loop3: detected capacity change from 0 to 256 [ 330.694338][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 331.012580][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 331.154326][ T780] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.162246][ T780] bridge0: port 1(bridge_slave_0) entered forwarding state [ 331.314937][ T780] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.322771][ T780] bridge0: port 2(bridge_slave_1) entered forwarding state [ 331.757038][ T5844] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 333.669739][ T6036] loop1: detected capacity change from 0 to 64 [ 333.801978][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 333.832579][ T4431] Bluetooth: hci0: command 0x0406 tx timeout [ 333.839348][ T4431] Bluetooth: hci2: command 0x0406 tx timeout [ 333.848684][ T4431] Bluetooth: hci4: command 0x0406 tx timeout [ 335.708578][ T6058] loop1: detected capacity change from 0 to 256 [ 339.275972][ T5844] veth0_vlan: entered promiscuous mode [ 339.453548][ T6067] ptrace attach of "/root/syz-executor.3 exec"[5404] was attempted by "/root/syz-executor.3 exec"[6067] [ 339.454681][ T5844] veth1_vlan: entered promiscuous mode [ 340.152840][ T5844] veth0_macvtap: entered promiscuous mode [ 340.303302][ T5844] veth1_macvtap: entered promiscuous mode [ 340.446154][ T6081] loop2: detected capacity change from 0 to 64 [ 340.667436][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 340.683529][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 340.695152][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 340.705971][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 340.716068][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 340.726813][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 340.737038][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 340.747744][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 340.762912][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 341.013853][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 341.024535][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 341.034652][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 341.045339][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 341.055339][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 341.065994][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 341.076001][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 341.089776][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 341.104265][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 341.552236][ T5844] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.561312][ T5844] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.570782][ T5844] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.580012][ T5844] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.031116][ T1218] ieee802154 phy0 wpan0: encryption failed: -22 [ 342.039489][ T1218] ieee802154 phy1 wpan1: encryption failed: -22 [ 342.602156][ T6111] loop3: detected capacity change from 0 to 256 [ 346.332969][ T6128] loop0: detected capacity change from 0 to 64 [ 346.456341][ T6124] bond0: entered promiscuous mode [ 346.461649][ T6124] bond_slave_0: entered promiscuous mode [ 346.472600][ T6124] bond_slave_1: entered promiscuous mode [ 346.590062][ T6124] team0: entered promiscuous mode [ 346.595554][ T6124] team_slave_0: entered promiscuous mode [ 346.602696][ T6124] team_slave_1: entered promiscuous mode [ 349.901310][ T6176] loop1: detected capacity change from 0 to 256 [ 349.913768][ T6175] loop3: detected capacity change from 0 to 64 [ 351.623610][ T5079] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 351.648607][ T5079] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 351.669754][ T5079] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 351.733689][ T5079] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 351.782805][ T5079] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 351.793992][ T5079] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 353.218947][ T6183] chnl_net:caif_netlink_parms(): no params data found [ 353.570485][ T3412] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.828763][ T3412] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.845797][ T5079] Bluetooth: hci5: command tx timeout [ 354.027273][ T3412] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 354.249827][ T3412] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 354.364120][ T6217] loop3: detected capacity change from 0 to 64 [ 354.395973][ T4425] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 354.404225][ T4425] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 354.852796][ T3412] bridge_slave_1: left allmulticast mode [ 354.858915][ T3412] bridge_slave_1: left promiscuous mode [ 354.866481][ T3412] bridge0: port 2(bridge_slave_1) entered disabled state [ 354.978965][ T3412] bridge_slave_0: left allmulticast mode [ 354.985048][ T3412] bridge_slave_0: left promiscuous mode [ 354.991667][ T3412] bridge0: port 1(bridge_slave_0) entered disabled state [ 355.582086][ T6226] loop1: detected capacity change from 0 to 256 [ 355.688173][ T3412] bond0 (unregistering): left promiscuous mode [ 355.694767][ T3412] bond_slave_0: left promiscuous mode [ 355.701239][ T3412] bond_slave_1: left promiscuous mode [ 355.798672][ T3412] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 356.616680][ T5079] Bluetooth: hci5: command tx timeout [ 356.670439][ T3412] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 356.690512][ T3412] bond0 (unregistering): Released all slaves [ 356.912785][ T4425] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 356.920844][ T4425] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 357.324740][ T6183] bridge0: port 1(bridge_slave_0) entered blocking state [ 357.334830][ T6183] bridge0: port 1(bridge_slave_0) entered disabled state [ 357.360576][ T6183] bridge_slave_0: entered allmulticast mode [ 357.378898][ T6183] bridge_slave_0: entered promiscuous mode [ 357.630500][ T6183] bridge0: port 2(bridge_slave_1) entered blocking state [ 357.638350][ T6183] bridge0: port 2(bridge_slave_1) entered disabled state [ 357.646461][ T6183] bridge_slave_1: entered allmulticast mode [ 357.655636][ T6183] bridge_slave_1: entered promiscuous mode [ 357.750476][ T3412] team0: left promiscuous mode [ 357.755971][ T3412] team_slave_0: left promiscuous mode [ 357.764521][ T3412] team_slave_1: left promiscuous mode [ 358.709901][ T5079] Bluetooth: hci5: command tx timeout [ 358.787377][ T3412] hsr_slave_0: left promiscuous mode [ 358.829764][ T3412] hsr_slave_1: left promiscuous mode [ 358.841320][ T3412] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 358.849322][ T3412] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 358.870876][ T3412] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 358.880171][ T3412] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 358.905636][ T3412] veth1_macvtap: left promiscuous mode [ 358.911672][ T3412] veth0_macvtap: left promiscuous mode [ 358.917975][ T3412] veth1_vlan: left promiscuous mode [ 358.924209][ T3412] veth0_vlan: left promiscuous mode [ 359.625676][ T6258] loop3: detected capacity change from 0 to 64 [ 359.797097][ C0] vcan0: j1939_tp_rxtimer: 0xffff888048bd2600: rx timeout, send abort [ 359.944256][ T3412] team0 (unregistering): Port device team_slave_1 removed [ 360.013970][ T3412] team0 (unregistering): Port device team_slave_0 removed [ 360.305700][ C0] vcan0: j1939_tp_rxtimer: 0xffff888048bd2600: abort rx timeout. Force session deactivation [ 360.663906][ T6244] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 360.806377][ T5079] Bluetooth: hci5: command tx timeout [ 360.826106][ T6183] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 360.983798][ T6183] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 361.067787][ T6267] loop0: detected capacity change from 0 to 256 [ 362.347003][ T6183] team0: Port device team_slave_0 added [ 362.434670][ T6183] team0: Port device team_slave_1 added [ 362.619186][ T6183] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 362.626477][ T6183] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 362.653799][ T6183] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 362.976462][ T6183] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 362.985109][ T6183] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 363.014409][ T6183] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 363.901107][ T6183] hsr_slave_0: entered promiscuous mode [ 363.965820][ T6183] hsr_slave_1: entered promiscuous mode [ 364.334422][ T6296] loop1: detected capacity change from 0 to 164 [ 365.142863][ T6304] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 365.434040][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 366.190988][ C0] vcan0: j1939_tp_rxtimer: 0xffff888048bf6800: rx timeout, send abort [ 366.276467][ T6313] loop3: detected capacity change from 0 to 2048 [ 366.479862][ T6313] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 366.616043][ T6313] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 366.699614][ C0] vcan0: j1939_tp_rxtimer: 0xffff888048bf6800: abort rx timeout. Force session deactivation [ 366.945494][ T6324] loop4: detected capacity change from 0 to 256 [ 366.991441][ T29] audit: type=1804 audit(1717809881.059:7): pid=6313 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir1341077866/syzkaller.C0TOtR/48/file0/bus" dev="loop3" ino=1367 res=1 errno=0 [ 367.017578][ T29] audit: type=1800 audit(1717809881.059:8): pid=6313 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=1367 res=0 errno=0 [ 367.038792][ T29] audit: type=1804 audit(1717809881.119:9): pid=6327 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir1341077866/syzkaller.C0TOtR/48/file0/bus" dev="loop3" ino=1367 res=1 errno=0 [ 367.065098][ T29] audit: type=1800 audit(1717809881.119:10): pid=6327 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=1367 res=0 errno=0 [ 367.256820][ T6183] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 367.379130][ T6183] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 369.840142][ T6183] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 369.919190][ T6183] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 371.755520][ T6346] loop1: detected capacity change from 0 to 512 [ 371.814886][ T6183] 8021q: adding VLAN 0 to HW filter on device bond0 [ 371.840260][ T6346] EXT4-fs (loop1): blocks per group (255) and clusters per group (8192) inconsistent [ 372.283828][ T6355] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 372.306461][ T6183] 8021q: adding VLAN 0 to HW filter on device team0 [ 372.497088][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 372.504881][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 372.794124][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 372.802036][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 372.920806][ T5346] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 373.879055][ C0] vcan0: j1939_tp_rxtimer: 0xffff88804a096400: rx timeout, send abort [ 373.948615][ T6373] loop3: detected capacity change from 0 to 256 [ 373.984950][ T43] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 374.165352][ C1] hrtimer: interrupt took 495394 ns [ 374.387674][ C0] vcan0: j1939_tp_rxtimer: 0xffff88804a096400: abort rx timeout. Force session deactivation [ 375.285168][ T43] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 375.296574][ T43] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 375.307305][ T43] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 375.514285][ T43] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 375.523859][ T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 375.532415][ T43] usb 5-1: Product: syz [ 375.536817][ T43] usb 5-1: Manufacturer: syz [ 375.541754][ T43] usb 5-1: SerialNumber: syz [ 375.708809][ T6379] loop0: detected capacity change from 0 to 256 [ 375.988184][ T6379] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011a37, chksum : 0xd675b107, utbl_chksum : 0xe619d30d) [ 376.663447][ T6183] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 377.459866][ T6183] veth0_vlan: entered promiscuous mode [ 377.577007][ T6183] veth1_vlan: entered promiscuous mode [ 377.931640][ T6404] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 378.224685][ T6183] veth0_macvtap: entered promiscuous mode [ 378.377104][ T6183] veth1_macvtap: entered promiscuous mode [ 378.451276][ T6183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 378.466970][ T6183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.478232][ T6183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 378.489479][ T6183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.499706][ T6183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 378.510553][ T6183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.520683][ T6183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 378.531455][ T6183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.546692][ T6183] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 378.781231][ T6183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 378.792919][ T6183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.803115][ T6183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 378.814405][ T6183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.824848][ T6183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 378.835741][ T6183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.846166][ T6183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 378.857103][ T6183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.877340][ T6183] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 379.004503][ T6408] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 379.088178][ T6183] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.097405][ T6183] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.107653][ T6183] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.116813][ T6183] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.351018][ T29] audit: type=1800 audit(1717809893.479:11): pid=6413 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=1960 res=0 errno=0 [ 379.388329][ C1] vcan0: j1939_tp_rxtimer: 0xffff88804a0ad200: rx timeout, send abort [ 379.897512][ C1] vcan0: j1939_tp_rxtimer: 0xffff88804a0ad200: abort rx timeout. Force session deactivation [ 379.907814][ T5085] Bluetooth: hci3: command 0x0406 tx timeout [ 380.035360][ T43] cdc_ncm 5-1:1.0: bind() failure [ 380.101695][ T6414] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 380.165898][ T43] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71 [ 380.276641][ T43] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71 [ 380.398479][ T43] usbtest 5-1:1.1: probe with driver usbtest failed with error -71 [ 381.636064][ T43] usb 5-1: USB disconnect, device number 2 [ 382.536651][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 383.189476][ T6447] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 384.707055][ T5134] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 384.832068][ C1] vcan0: j1939_tp_rxtimer: 0xffff88804880d400: rx timeout, send abort [ 384.972429][ T5134] usb 4-1: Using ep0 maxpacket: 16 [ 385.103302][ T5134] usb 4-1: config 0 has no interfaces? [ 385.340526][ C1] vcan0: j1939_tp_rxtimer: 0xffff88804880d400: abort rx timeout. Force session deactivation [ 385.432758][ T5134] usb 4-1: string descriptor 0 read error: -71 [ 385.439732][ T5134] usb 4-1: New USB device found, idVendor=f76d, idProduct=c71d, bcdDevice= 0.40 [ 385.450074][ T5134] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 385.529167][ T5134] usb 4-1: config 0 descriptor?? [ 385.576505][ T5134] usb 4-1: can't set config #0, error -71 [ 385.644377][ T5134] usb 4-1: USB disconnect, device number 2 [ 388.923940][ T6506] loop0: detected capacity change from 0 to 512 [ 388.972785][ T25] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 389.124657][ T6506] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 389.138427][ T6506] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 389.224059][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 389.308902][ T5134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 389.320509][ T5134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 389.490936][ T6506] EXT4-fs (loop0): 1 truncate cleaned up [ 389.497906][ T6506] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 389.602156][ T3412] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 389.610609][ T3412] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 389.627384][ T25] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 389.638036][ T25] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 389.813383][ T25] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 389.828341][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 389.838462][ T25] usb 2-1: SerialNumber: syz [ 389.980810][ C0] vcan0: j1939_tp_rxtimer: 0xffff888039b17400: rx timeout, send abort [ 390.169304][ T6520] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 390.272866][ T6520] syz_tun: entered promiscuous mode [ 390.302236][ T6520] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 390.489463][ C0] vcan0: j1939_tp_rxtimer: 0xffff888039b17400: abort rx timeout. Force session deactivation [ 390.765215][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 391.491260][ T6528] syzkaller0: entered promiscuous mode [ 391.497173][ T6528] syzkaller0: entered allmulticast mode [ 391.648801][ T25] usb 2-1: 0:2 : does not exist [ 391.654471][ T25] usb 2-1: unit 5: unexpected type 0x0b [ 392.064386][ T25] usb 2-1: USB disconnect, device number 2 [ 392.471218][ T5346] udevd[5346]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 394.249366][ T6547] loop1: detected capacity change from 0 to 512 [ 394.271170][ T5123] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 394.290522][ T6547] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 394.299002][ T6547] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 394.308079][ T6547] System zones: 0-1, 15-15, 18-18, 34-34 [ 394.316721][ T6547] EXT4-fs (loop1): orphan cleanup on readonly fs [ 394.323637][ T6547] Quota error (device loop1): v2_read_header: Failed header read: expected=8 got=0 [ 394.341180][ T6547] EXT4-fs warning (device loop1): ext4_enable_quotas:7100: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 394.356125][ T6547] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 394.365548][ T6547] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz-executor.1: bg 0: block 40: padding at end of block bitmap is not set [ 394.392790][ T6547] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6537: Corrupt filesystem [ 394.407032][ T6547] EXT4-fs (loop1): 1 truncate cleaned up [ 394.413180][ T6547] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 394.812090][ C1] vcan0: j1939_tp_rxtimer: 0xffff888053e0ec00: rx timeout, send abort [ 394.983334][ T6550] loop2: detected capacity change from 0 to 256 [ 395.223711][ T3120] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.320694][ C1] vcan0: j1939_tp_rxtimer: 0xffff888053e0ec00: abort rx timeout. Force session deactivation [ 395.436343][ T5123] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 395.447873][ T5123] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 395.463034][ T5123] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 395.478331][ T5123] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 395.487802][ T5123] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 395.642619][ T6550] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 395.668758][ T3120] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.697281][ T5123] usb 5-1: config 0 descriptor?? [ 396.063051][ T3120] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 396.165560][ T29] audit: type=1800 audit(1717809910.109:12): pid=6550 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file1" dev="loop2" ino=1048610 res=0 errno=0 [ 396.210331][ T5123] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x1 [ 396.218225][ T5123] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 396.226107][ T5123] plantronics 0003:047F:FFFF.0001: item fetching failed at offset 14/15 [ 396.436627][ T3120] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 396.598445][ T5123] plantronics 0003:047F:FFFF.0001: parse failed [ 396.606168][ T5123] plantronics 0003:047F:FFFF.0001: probe with driver plantronics failed with error -22 [ 396.688933][ T6562] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 396.726317][ T5079] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 396.746305][ T5079] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 396.783027][ T5079] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 396.816199][ T5079] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 396.829715][ T5079] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 396.842807][ T5079] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 396.999306][ T5123] usb 5-1: USB disconnect, device number 3 [ 397.322313][ T5089] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 397.489491][ T3120] bridge_slave_1: left allmulticast mode [ 397.495645][ T3120] bridge_slave_1: left promiscuous mode [ 397.508019][ T3120] bridge0: port 2(bridge_slave_1) entered disabled state [ 397.602979][ T3120] bridge_slave_0: left allmulticast mode [ 397.614730][ T3120] bridge_slave_0: left promiscuous mode [ 397.621430][ T3120] bridge0: port 1(bridge_slave_0) entered disabled state [ 398.790442][ T3120] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 398.874581][ T3120] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 398.977173][ T3120] bond0 (unregistering): Released all slaves [ 399.024202][ T5085] Bluetooth: hci0: command tx timeout [ 399.529124][ T4365] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 400.278785][ T6596] net_ratelimit: 44 callbacks suppressed [ 400.278868][ T6596] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 400.332396][ T6565] chnl_net:caif_netlink_parms(): no params data found [ 400.364452][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 400.371965][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 401.000567][ T3120] hsr_slave_0: left promiscuous mode [ 401.051407][ T3120] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 401.059699][ T3120] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 401.112325][ T5085] Bluetooth: hci0: command tx timeout [ 401.128684][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880494fde00: rx timeout, send abort [ 401.637266][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880494fde00: abort rx timeout. Force session deactivation [ 401.823912][ T6607] hub 9-0:1.0: USB hub found [ 401.830419][ T6607] hub 9-0:1.0: 8 ports detected [ 402.732669][ T6609] hub 9-0:1.0: USB hub found [ 402.832384][ T6609] hub 9-0:1.0: 8 ports detected [ 404.598261][ T5085] Bluetooth: hci0: command tx timeout [ 404.609408][ T1218] ieee802154 phy0 wpan0: encryption failed: -22 [ 404.617481][ T1218] ieee802154 phy1 wpan1: encryption failed: -22 [ 404.636754][ T3120] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 404.656227][ T3120] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 404.943144][ T3120] veth0_macvtap: left promiscuous mode [ 404.949195][ T3120] veth1_vlan: left promiscuous mode [ 404.955052][ T3120] veth0_vlan: left promiscuous mode [ 406.355384][ T6633] loop4: detected capacity change from 0 to 8 [ 406.568171][ T6633] SQUASHFS error: xz decompression failed, data probably corrupt [ 406.577035][ T6633] SQUASHFS error: Failed to read block 0x108: -5 [ 406.583758][ T6633] SQUASHFS error: Unable to read metadata cache entry [106] [ 406.591245][ T6633] SQUASHFS error: Unable to read inode 0x11f [ 406.665453][ T5085] Bluetooth: hci0: command tx timeout [ 406.725179][ T3120] team0 (unregistering): Port device team_slave_1 removed [ 406.897946][ T3120] team0 (unregistering): Port device team_slave_0 removed [ 410.924253][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 411.681091][ C0] vcan0: j1939_tp_rxtimer: 0xffff888048826600: rx timeout, send abort [ 411.910562][ T6659] netlink: 'syz-executor.2': attribute type 10 has an invalid length. [ 412.040599][ T6659] syz_tun: entered promiscuous mode [ 412.077046][ T6659] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 412.189754][ C0] vcan0: j1939_tp_rxtimer: 0xffff888048826600: abort rx timeout. Force session deactivation [ 412.446410][ T6664] hub 9-0:1.0: USB hub found [ 412.454837][ T6664] hub 9-0:1.0: 8 ports detected [ 414.223396][ T6565] bridge0: port 1(bridge_slave_0) entered blocking state [ 414.231261][ T6565] bridge0: port 1(bridge_slave_0) entered disabled state [ 414.239389][ T6565] bridge_slave_0: entered allmulticast mode [ 414.248758][ T6565] bridge_slave_0: entered promiscuous mode [ 414.595126][ T6565] bridge0: port 2(bridge_slave_1) entered blocking state [ 414.609712][ T6565] bridge0: port 2(bridge_slave_1) entered disabled state [ 414.617775][ T6565] bridge_slave_1: entered allmulticast mode [ 414.627244][ T6565] bridge_slave_1: entered promiscuous mode [ 415.003896][ T6565] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 415.163436][ T6565] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 415.613192][ T6565] team0: Port device team_slave_0 added [ 415.701598][ T6565] team0: Port device team_slave_1 added [ 416.305054][ T6565] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 416.312442][ T6565] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 416.338772][ T6565] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 416.474869][ T5133] bridge0: port 2(bridge_slave_1) entered disabled state [ 416.612797][ T6565] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 416.619982][ T6565] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 416.647044][ T6565] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 417.736363][ T6704] loop2: detected capacity change from 0 to 1024 [ 417.809323][ T6565] hsr_slave_0: entered promiscuous mode [ 417.919839][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 417.936220][ T6565] hsr_slave_1: entered promiscuous mode [ 417.956115][ T6565] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 417.964127][ T6565] Cannot create hsr debugfs directory [ 418.172555][ T6709] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 418.585361][ T6714] netlink: 'syz-executor.1': attribute type 10 has an invalid length. [ 418.643290][ T6714] syz_tun: entered promiscuous mode [ 418.665330][ T6714] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 418.676694][ C0] vcan0: j1939_tp_rxtimer: 0xffff88804a28c600: rx timeout, send abort [ 419.185144][ C0] vcan0: j1939_tp_rxtimer: 0xffff88804a28c600: abort rx timeout. Force session deactivation [ 420.626952][ T6565] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 420.802750][ T6731] hub 9-0:1.0: USB hub found [ 420.808630][ T6731] hub 9-0:1.0: 8 ports detected [ 421.098576][ T6565] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 421.214610][ T6565] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 421.458908][ T6565] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 423.850881][ T6565] 8021q: adding VLAN 0 to HW filter on device bond0 [ 423.889437][ T6748] loop4: detected capacity change from 0 to 256 [ 424.164913][ T6565] 8021q: adding VLAN 0 to HW filter on device team0 [ 424.261259][ T6737] loop2: detected capacity change from 0 to 1024 [ 424.347754][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 424.355726][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 424.489293][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 424.497255][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 425.683979][ T6762] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 426.241052][ C0] vcan0: j1939_tp_rxtimer: 0xffff88804a213e00: rx timeout, send abort [ 426.749614][ C0] vcan0: j1939_tp_rxtimer: 0xffff88804a213e00: abort rx timeout. Force session deactivation [ 427.436384][ T6784] capability: warning: `syz-executor.3' uses deprecated v2 capabilities in a way that may be insecure [ 427.835837][ T6565] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 428.493692][ T6565] veth0_vlan: entered promiscuous mode [ 428.687520][ T6565] veth1_vlan: entered promiscuous mode [ 429.436978][ T6565] veth0_macvtap: entered promiscuous mode [ 429.521327][ T6565] veth1_macvtap: entered promiscuous mode [ 429.786921][ T6814] loop4: detected capacity change from 0 to 1024 [ 430.020999][ T6565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 430.032131][ T6565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 430.048565][ T6565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 430.060079][ T6565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 430.098832][ T6565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 430.110174][ T6565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 430.122108][ T6565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 430.133262][ T6565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 430.158768][ T6565] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 431.921530][ T6565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 431.932703][ T6565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 431.942944][ T6565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 431.953888][ T6565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 431.964675][ T6565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 431.975555][ T6565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 432.011239][ T6565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 432.034134][ T6565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 432.056887][ T6565] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 432.127452][ T29] audit: type=1804 audit(1717809945.999:13): pid=6822 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3004153269/syzkaller.mXHepP/33/file0/bus" dev="loop4" ino=26 res=1 errno=0 [ 434.057488][ T6565] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.073071][ T6565] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.085050][ T6565] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.094219][ T6565] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.308749][ T5844] hfsplus: bad catalog entry type [ 434.333639][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 434.895926][ T6831] loop2: detected capacity change from 0 to 1024 [ 434.950895][ T6831] EXT4-fs: Ignoring removed orlov option [ 434.993588][ T6831] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 435.002712][ T6831] EXT4-fs (loop2): Test dummy encryption mode enabled [ 435.090454][ C0] vcan0: j1939_tp_rxtimer: 0xffff888017076200: rx timeout, send abort [ 435.131414][ T6838] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 435.175449][ T6831] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 435.599903][ C0] vcan0: j1939_tp_rxtimer: 0xffff888017076200: abort rx timeout. Force session deactivation [ 435.814421][ T6831] fscrypt (loop2): Missing crypto API support for AES-256-XTS (API name: "xts(aes)") [ 435.935368][ T6844] fscrypt (loop2): Missing crypto API support for AES-256-XTS (API name: "xts(aes)") [ 436.302775][ T4303] hfsplus: b-tree write err: -5, ino 4 [ 436.310271][ T5079] Bluetooth: hci1: command 0x0406 tx timeout [ 436.493400][ T6183] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 436.877669][ T2869] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 437.104616][ T2869] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 437.318632][ T2869] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 437.462460][ T2869] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 437.944647][ T2869] bridge_slave_1: left allmulticast mode [ 437.956511][ T2869] bridge_slave_1: left promiscuous mode [ 437.963468][ T2869] bridge0: port 2(bridge_slave_1) entered disabled state [ 438.102580][ T2869] bridge_slave_0: left allmulticast mode [ 438.108574][ T2869] bridge_slave_0: left promiscuous mode [ 438.116484][ T2869] bridge0: port 1(bridge_slave_0) entered disabled state [ 438.810196][ T6867] loop3: detected capacity change from 0 to 1024 [ 439.204718][ T2869] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 439.394240][ T2869] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 439.499302][ T2869] bond0 (unregistering): Released all slaves [ 440.140273][ T5085] Bluetooth: hci5: hardware error 0x00 [ 440.792081][ T2869] hsr_slave_0: left promiscuous mode [ 441.281944][ T2869] hsr_slave_1: left promiscuous mode [ 441.291381][ T2869] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 441.299393][ T2869] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 441.354739][ T2869] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 441.363421][ T2869] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 441.408130][ T2869] veth1_macvtap: left promiscuous mode [ 441.414294][ T2869] veth0_macvtap: left promiscuous mode [ 441.420040][ T2869] veth1_vlan: left promiscuous mode [ 441.425757][ T2869] veth0_vlan: left promiscuous mode [ 442.294287][ T5085] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 442.302573][ T5085] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 442.313021][ T5085] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 442.337388][ T5085] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 442.359459][ T5085] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 442.372107][ T5085] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 442.382036][ T5085] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 442.759966][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 443.113726][ T2869] team0 (unregistering): Port device team_slave_1 removed [ 443.204310][ T2869] team0 (unregistering): Port device team_slave_0 removed [ 443.238633][ T6914] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 443.516879][ C1] vcan0: j1939_tp_rxtimer: 0xffff88804a2e4800: rx timeout, send abort [ 443.587367][ T6911] netlink: 'syz-executor.2': attribute type 10 has an invalid length. [ 444.025546][ C1] vcan0: j1939_tp_rxtimer: 0xffff88804a2e4800: abort rx timeout. Force session deactivation [ 444.472252][ T5085] Bluetooth: hci1: command tx timeout [ 445.037162][ T6907] chnl_net:caif_netlink_parms(): no params data found [ 446.178181][ T3120] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 446.186415][ T3120] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 446.403550][ T3371] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 446.411570][ T3371] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 446.542247][ T5085] Bluetooth: hci1: command tx timeout [ 447.609139][ T6907] bridge0: port 1(bridge_slave_0) entered blocking state [ 447.617653][ T6907] bridge0: port 1(bridge_slave_0) entered disabled state [ 447.625711][ T6907] bridge_slave_0: entered allmulticast mode [ 447.634067][ T6907] bridge_slave_0: entered promiscuous mode [ 448.004194][ T6907] bridge0: port 2(bridge_slave_1) entered blocking state [ 448.011721][ T6907] bridge0: port 2(bridge_slave_1) entered disabled state [ 448.019531][ T6907] bridge_slave_1: entered allmulticast mode [ 448.027872][ T6907] bridge_slave_1: entered promiscuous mode [ 448.487843][ T6907] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 448.625443][ T5085] Bluetooth: hci1: command tx timeout [ 448.665783][ T6907] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 448.864958][ T6907] team0: Port device team_slave_0 added [ 448.988445][ T6907] team0: Port device team_slave_1 added [ 449.287080][ T6907] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 449.294502][ T6907] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 449.323012][ T6907] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 449.603245][ T6907] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 449.610591][ T6907] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 449.641724][ T6907] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 450.702130][ T5085] Bluetooth: hci1: command tx timeout [ 450.724052][ T6907] hsr_slave_0: entered promiscuous mode [ 450.865428][ T6907] hsr_slave_1: entered promiscuous mode [ 450.967045][ T6907] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 450.975107][ T6907] Cannot create hsr debugfs directory [ 453.753487][ C1] vcan0: j1939_tp_rxtimer: 0xffff88812f848800: rx timeout, send abort [ 453.907028][ T6907] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 454.036133][ T6993] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 454.081160][ T6907] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 454.204646][ T6907] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 454.262053][ C1] vcan0: j1939_tp_rxtimer: 0xffff88812f848800: abort rx timeout. Force session deactivation [ 454.341866][ T6907] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 456.135869][ T6907] 8021q: adding VLAN 0 to HW filter on device bond0 [ 456.353655][ T6907] 8021q: adding VLAN 0 to HW filter on device team0 [ 456.446139][ T4702] bridge0: port 1(bridge_slave_0) entered blocking state [ 456.453733][ T4702] bridge0: port 1(bridge_slave_0) entered forwarding state [ 456.574086][ T4702] bridge0: port 2(bridge_slave_1) entered blocking state [ 456.582054][ T4702] bridge0: port 2(bridge_slave_1) entered forwarding state [ 458.506638][ T6907] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 460.327704][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 460.509489][ T29] audit: type=1804 audit(1717809974.519:14): pid=7025 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1304241216/syzkaller.jKnEft/8/file0" dev="sda1" ino=1961 res=1 errno=0 [ 460.543045][ T29] audit: type=1326 audit(1717809974.569:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7023 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5fbf07cf69 code=0x0 [ 461.086350][ C0] vcan0: j1939_tp_rxtimer: 0xffff88804a257200: rx timeout, send abort [ 461.373762][ T6907] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 461.595578][ C0] vcan0: j1939_tp_rxtimer: 0xffff88804a257200: abort rx timeout. Force session deactivation [ 462.766950][ T7047] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 464.105744][ T7055] netlink: 'syz-executor.3': attribute type 12 has an invalid length. [ 464.115107][ T7055] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.3'. [ 464.255261][ T6907] veth0_vlan: entered promiscuous mode [ 464.374403][ T6907] veth1_vlan: entered promiscuous mode [ 464.736383][ T6907] veth0_macvtap: entered promiscuous mode [ 465.196272][ T1218] ieee802154 phy0 wpan0: encryption failed: -22 [ 465.203310][ T1218] ieee802154 phy1 wpan1: encryption failed: -22 [ 465.382337][ T6907] veth1_macvtap: entered promiscuous mode [ 465.680268][ T6907] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 465.691298][ T6907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 465.704660][ T6907] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 465.716251][ T6907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 465.726524][ T6907] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 465.744008][ T6907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 465.754651][ T6907] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 465.765851][ T6907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 465.781151][ T6907] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 466.141123][ T6907] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 466.152748][ T6907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 466.163015][ T6907] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 466.173785][ T6907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 466.183984][ T6907] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 466.194819][ T6907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 466.205011][ T6907] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 466.218845][ T6907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 466.234963][ T6907] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 466.892206][ T6907] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.901273][ T6907] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.910489][ T6907] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.919895][ T6907] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 468.099684][ C1] vcan0: j1939_tp_rxtimer: 0xffff88804880d000: rx timeout, send abort [ 468.608318][ C1] vcan0: j1939_tp_rxtimer: 0xffff88804880d000: abort rx timeout. Force session deactivation [ 468.680109][ T7089] netlink: 'syz-executor.1': attribute type 10 has an invalid length. [ 470.475250][ T29] audit: type=1326 audit(1717809984.619:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7107 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1105a7cf69 code=0x7ffc0000 [ 472.270499][ T7136] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 474.177320][ T780] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 474.185975][ T780] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 474.241206][ T7154] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 474.249829][ T7154] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.3'. [ 474.309575][ T5134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 474.318004][ T5134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 474.997960][ T7162] bridge0: port 3(gretap0) entered blocking state [ 475.005646][ T7162] bridge0: port 3(gretap0) entered disabled state [ 475.013160][ T7162] gretap0: entered allmulticast mode [ 475.026918][ T7162] gretap0: entered promiscuous mode [ 475.035059][ T7162] bridge0: port 3(gretap0) entered blocking state [ 475.042303][ T7162] bridge0: port 3(gretap0) entered forwarding state [ 475.107845][ T7162] gretap0: left allmulticast mode [ 475.113589][ T7162] gretap0: left promiscuous mode [ 475.119721][ T7162] bridge0: port 3(gretap0) entered disabled state [ 477.000832][ T7200] netlink: 'syz-executor.1': attribute type 10 has an invalid length. [ 477.285979][ T25] bridge0: port 2(bridge_slave_1) entered disabled state [ 477.353118][ T7199] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa [ 477.984345][ T7208] tmpfs: Bad value for 'nr_inodes' [ 478.285760][ T29] audit: type=1326 audit(1717809992.419:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7210 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcda527cf69 code=0x7ffc0000 [ 478.313098][ T29] audit: type=1326 audit(1717809992.439:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7210 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7fcda527cf69 code=0x7ffc0000 [ 478.337464][ T29] audit: type=1326 audit(1717809992.439:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7210 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcda527cf69 code=0x7ffc0000 [ 479.481041][ T7229] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 481.068285][ T7263] netlink: 'syz-executor.0': attribute type 10 has an invalid length. [ 481.094310][ T7263] syz_tun: entered promiscuous mode [ 481.118571][ T7257] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa [ 481.259386][ T7263] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 482.707514][ T7286] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 482.812491][ T5123] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 483.372429][ T5123] usb 3-1: New USB device found, idVendor=0df6, idProduct=004b, bcdDevice=56.d7 [ 483.382013][ T5123] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 483.390157][ T5123] usb 3-1: Product: syz [ 483.394605][ T5123] usb 3-1: Manufacturer: syz [ 483.399320][ T5123] usb 3-1: SerialNumber: syz [ 483.458215][ T5123] usb 3-1: config 0 descriptor?? [ 483.581478][ T5123] r8712u: register rtl8712_netdev_ops to netdev_ops [ 483.593755][ T5123] usb 3-1: r8712u: USB_SPEED_HIGH with 0 endpoints [ 483.734452][ T5134] bridge0: port 2(bridge_slave_1) entered disabled state [ 484.219146][ T5123] usb 3-1: r8712u: Boot from EFUSE: Autoload Failed [ 484.226394][ T5123] usb 3-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 484.242775][ T5123] usb 3-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 484.355287][ T5123] usb 3-1: USB disconnect, device number 2 [ 484.704078][ T7319] netlink: 'syz-executor.0': attribute type 10 has an invalid length. [ 485.037461][ T7318] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa [ 486.524339][ T7338] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 489.115144][ T7368] netlink: 'syz-executor.0': attribute type 10 has an invalid length. [ 489.343590][ T5085] Bluetooth: hci1: link tx timeout [ 489.349220][ T5085] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 489.630804][ T7373] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa [ 491.144008][ T5123] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 491.160940][ T5123] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz0] on syz0 [ 491.423612][ T5085] Bluetooth: hci1: command 0x0406 tx timeout [ 493.130347][ T7424] netlink: 'syz-executor.1': attribute type 10 has an invalid length. [ 494.469766][ T7436] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa [ 497.073836][ T7479] netlink: 'syz-executor.4': attribute type 10 has an invalid length. [ 497.148888][ T7479] syz_tun: entered promiscuous mode [ 497.174902][ T7479] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 497.773583][ T7488] ===================================================== [ 497.780837][ T7488] BUG: KMSAN: uninit-value in strnchr+0x90/0xd0 [ 497.787359][ T7488] strnchr+0x90/0xd0 [ 497.791437][ T7488] bpf_bprintf_prepare+0x1c2/0x23c0 [ 497.796848][ T7488] bpf_trace_printk+0xec/0x3e0 [ 497.801799][ T7488] ___bpf_prog_run+0x13fe/0xe0f0 [ 497.806907][ T7488] __bpf_prog_run32+0xb2/0xe0 [ 497.811748][ T7488] bpf_trace_run2+0x116/0x300 [ 497.816582][ T7488] __bpf_trace_tlb_flush+0x2c/0x40 [ 497.821875][ T7488] switch_mm_irqs_off+0x9d2/0x1010 [ 497.827152][ T7488] __text_poke+0xb4e/0xfb0 [ 497.831743][ T7488] text_poke_bp_batch+0x17f/0x960 [ 497.836959][ T7488] text_poke_finish+0x7d/0xd0 [ 497.841823][ T7488] arch_jump_label_transform_apply+0x23/0x40 [ 497.847980][ T7488] __jump_label_update+0x6af/0x6d0 [ 497.853291][ T7488] jump_label_update+0x6a0/0x7a0 [ 497.858416][ T7488] static_key_enable_cpuslocked+0x229/0x260 [ 497.864516][ T7488] static_key_enable+0x23/0x30 [ 497.869469][ T7488] tracepoint_add_func+0x1084/0x1280 [ 497.874967][ T7488] tracepoint_probe_register_prio_may_exist+0xa8/0xf0 [ 497.881962][ T7488] bpf_probe_register+0x201/0x250 [ 497.887171][ T7488] bpf_raw_tp_link_attach+0x627/0x8a0 [ 497.892771][ T7488] bpf_raw_tracepoint_open+0x485/0x8a0 [ 497.898432][ T7488] __sys_bpf+0x5a6/0xd90 [ 497.902838][ T7488] __x64_sys_bpf+0xa0/0xe0 [ 497.907409][ T7488] x64_sys_call+0x96b/0x3b50 [ 497.912191][ T7488] do_syscall_64+0xcf/0x1e0 [ 497.916889][ T7488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 497.922979][ T7488] [ 497.925407][ T7488] Local variable stack created at: [ 497.930602][ T7488] __bpf_prog_run32+0x43/0xe0 [ 497.935445][ T7488] bpf_trace_run2+0x116/0x300 [ 497.940283][ T7488] [ 497.942703][ T7488] CPU: 0 PID: 7488 Comm: syz-executor.0 Not tainted 6.9.0-syzkaller-02707-g614da38e2f7a #0 [ 497.952846][ T7488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 497.963031][ T7488] ===================================================== [ 497.970053][ T7488] Disabling lock debugging due to kernel taint [ 497.976389][ T7488] Kernel panic - not syncing: kmsan.panic set ... [ 497.982894][ T7488] CPU: 0 PID: 7488 Comm: syz-executor.0 Tainted: G B 6.9.0-syzkaller-02707-g614da38e2f7a #0 [ 497.994502][ T7488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 498.004682][ T7488] Call Trace: [ 498.008047][ T7488] [ 498.011055][ T7488] dump_stack_lvl+0x216/0x2d0 [ 498.015910][ T7488] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 498.021876][ T7488] dump_stack+0x1e/0x30 [ 498.026177][ T7488] panic+0x4e2/0xcd0 [ 498.030234][ T7488] ? kmsan_get_metadata+0xf1/0x1d0 [ 498.035526][ T7488] kmsan_report+0x2d5/0x2e0 [ 498.040168][ T7488] ? __msan_warning+0x95/0x120 [ 498.045046][ T7488] ? strnchr+0x90/0xd0 [ 498.049277][ T7488] ? bpf_bprintf_prepare+0x1c2/0x23c0 [ 498.054814][ T7488] ? bpf_trace_printk+0xec/0x3e0 [ 498.059901][ T7488] ? ___bpf_prog_run+0x13fe/0xe0f0 [ 498.065153][ T7488] ? __bpf_prog_run32+0xb2/0xe0 [ 498.070134][ T7488] ? bpf_trace_run2+0x116/0x300 [ 498.075130][ T7488] ? __bpf_trace_tlb_flush+0x2c/0x40 [ 498.080564][ T7488] ? switch_mm_irqs_off+0x9d2/0x1010 [ 498.085978][ T7488] ? __text_poke+0xb4e/0xfb0 [ 498.090709][ T7488] ? text_poke_bp_batch+0x17f/0x960 [ 498.096058][ T7488] ? text_poke_finish+0x7d/0xd0 [ 498.101060][ T7488] ? arch_jump_label_transform_apply+0x23/0x40 [ 498.107467][ T7488] ? __jump_label_update+0x6af/0x6d0 [ 498.112942][ T7488] ? jump_label_update+0x6a0/0x7a0 [ 498.118202][ T7488] ? static_key_enable_cpuslocked+0x229/0x260 [ 498.124429][ T7488] ? static_key_enable+0x23/0x30 [ 498.129525][ T7488] ? tracepoint_add_func+0x1084/0x1280 [ 498.135149][ T7488] ? tracepoint_probe_register_prio_may_exist+0xa8/0xf0 [ 498.142265][ T7488] ? bpf_probe_register+0x201/0x250 [ 498.147594][ T7488] ? bpf_raw_tp_link_attach+0x627/0x8a0 [ 498.153300][ T7488] ? bpf_raw_tracepoint_open+0x485/0x8a0 [ 498.159079][ T7488] ? __sys_bpf+0x5a6/0xd90 [ 498.163623][ T7488] ? __x64_sys_bpf+0xa0/0xe0 [ 498.168330][ T7488] ? x64_sys_call+0x96b/0x3b50 [ 498.173256][ T7488] ? do_syscall_64+0xcf/0x1e0 [ 498.178085][ T7488] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 498.184309][ T7488] ? kmsan_get_metadata+0x146/0x1d0 [ 498.189646][ T7488] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 498.196060][ T7488] ? kmsan_get_metadata+0x146/0x1d0 [ 498.201657][ T7488] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 498.207630][ T7488] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 498.213584][ T7488] ? kmsan_get_metadata+0x146/0x1d0 [ 498.218913][ T7488] ? kmsan_get_metadata+0x146/0x1d0 [ 498.224238][ T7488] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 498.230198][ T7488] __msan_warning+0x95/0x120 [ 498.234923][ T7488] strnchr+0x90/0xd0 [ 498.238965][ T7488] bpf_bprintf_prepare+0x1c2/0x23c0 [ 498.244329][ T7488] ? kmsan_get_metadata+0x146/0x1d0 [ 498.249655][ T7488] ? kmsan_internal_memmove_metadata+0x91/0x230 [ 498.256075][ T7488] ? __msan_memcpy+0x108/0x1c0 [ 498.260999][ T7488] bpf_trace_printk+0xec/0x3e0 [ 498.265913][ T7488] ? __bpf_prog_run32+0x5c/0xe0 [ 498.270903][ T7488] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 498.276864][ T7488] ___bpf_prog_run+0x13fe/0xe0f0 [ 498.281940][ T7488] ? kmsan_get_metadata+0x146/0x1d0 [ 498.287284][ T7488] __bpf_prog_run32+0xb2/0xe0 [ 498.292102][ T7488] ? kmsan_get_metadata+0x110/0x1d0 [ 498.297442][ T7488] ? __pfx___bpf_prog_run32+0x10/0x10 [ 498.302962][ T7488] bpf_trace_run2+0x116/0x300 [ 498.307765][ T7488] ? kmsan_get_metadata+0x146/0x1d0 [ 498.313095][ T7488] __bpf_trace_tlb_flush+0x2c/0x40 [ 498.318354][ T7488] switch_mm_irqs_off+0x9d2/0x1010 [ 498.323620][ T7488] __text_poke+0xb4e/0xfb0 [ 498.328273][ T7488] ? __pfx_text_poke_memcpy+0x10/0x10 [ 498.333806][ T7488] ? switch_mm_irqs_off+0x920/0x1010 [ 498.339232][ T7488] ? switch_mm_irqs_off+0x920/0x1010 [ 498.344655][ T7488] text_poke_bp_batch+0x17f/0x960 [ 498.349836][ T7488] ? kmsan_get_metadata+0x146/0x1d0 [ 498.355193][ T7488] ? kmsan_get_metadata+0x146/0x1d0 [ 498.360523][ T7488] ? kmsan_get_shadow_origin_ptr+0x16/0xb0 [ 498.366473][ T7488] text_poke_finish+0x7d/0xd0 [ 498.371318][ T7488] arch_jump_label_transform_apply+0x23/0x40 [ 498.377450][ T7488] __jump_label_update+0x6af/0x6d0 [ 498.382826][ T7488] jump_label_update+0x6a0/0x7a0 [ 498.387917][ T7488] ? kmsan_report+0x2a0/0x2e0 [ 498.392721][ T7488] static_key_enable_cpuslocked+0x229/0x260 [ 498.398778][ T7488] ? __pfx___bpf_trace_tlb_flush+0x10/0x10 [ 498.404734][ T7488] static_key_enable+0x23/0x30 [ 498.409678][ T7488] ? __SCT__tp_func_exit_mmap+0x8/0x8 [ 498.415214][ T7488] tracepoint_add_func+0x1084/0x1280 [ 498.420715][ T7488] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 498.427146][ T7488] ? __pfx___bpf_trace_tlb_flush+0x10/0x10 [ 498.433112][ T7488] tracepoint_probe_register_prio_may_exist+0xa8/0xf0 [ 498.440066][ T7488] ? __pfx___bpf_trace_tlb_flush+0x10/0x10 [ 498.446035][ T7488] ? __pfx___bpf_trace_tlb_flush+0x10/0x10 [ 498.452002][ T7488] bpf_probe_register+0x201/0x250 [ 498.457187][ T7488] bpf_raw_tp_link_attach+0x627/0x8a0 [ 498.462733][ T7488] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 498.468991][ T7488] ? kmsan_get_metadata+0x146/0x1d0 [ 498.474450][ T7488] bpf_raw_tracepoint_open+0x485/0x8a0 [ 498.480071][ T7488] __sys_bpf+0x5a6/0xd90 [ 498.484478][ T7488] __x64_sys_bpf+0xa0/0xe0 [ 498.489024][ T7488] x64_sys_call+0x96b/0x3b50 [ 498.493789][ T7488] do_syscall_64+0xcf/0x1e0 [ 498.498449][ T7488] ? clear_bhb_loop+0x25/0x80 [ 498.503282][ T7488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 498.509338][ T7488] RIP: 0033:0x7f5fbf07cf69 [ 498.513853][ T7488] Code: Unable to access opcode bytes at 0x7f5fbf07cf3f. [ 498.520953][ T7488] RSP: 002b:00007f5fbfe870c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 498.529500][ T7488] RAX: ffffffffffffffda RBX: 00007f5fbf1b3f80 RCX: 00007f5fbf07cf69 [ 498.537588][ T7488] RDX: 0000000000000010 RSI: 0000000020000080 RDI: 0000000000000011 [ 498.545668][ T7488] RBP: 00007f5fbf0da6fe R08: 0000000000000000 R09: 0000000000000000 [ 498.553739][ T7488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 498.561808][ T7488] R13: 000000000000000b R14: 00007f5fbf1b3f80 R15: 00007fffc2a1a9d8 [ 498.569903][ T7488] [ 499.942003][ T7488] Shutting down cpus with NMI [ 499.946944][ T7488] Kernel Offset: disabled [ 499.951330][ T7488] Rebooting in 86400 seconds..