Warning: Permanently added '10.128.10.5' (ED25519) to the list of known hosts. 2024/05/20 16:45:59 fuzzer started 2024/05/20 16:45:59 dialing manager at 10.128.0.163:30008 [ 40.965265][ T3505] cgroup: Unknown subsys name 'net' [ 41.129220][ T3505] cgroup: Unknown subsys name 'rlimit' 2024/05/20 16:46:00 starting 5 executor processes [ 42.069261][ T3507] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 42.728516][ T3519] chnl_net:caif_netlink_parms(): no params data found [ 42.738677][ T3520] chnl_net:caif_netlink_parms(): no params data found [ 42.812747][ T3519] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.820450][ T3519] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.828234][ T3519] device bridge_slave_0 entered promiscuous mode [ 42.837702][ T3520] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.844912][ T3520] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.852654][ T3520] device bridge_slave_0 entered promiscuous mode [ 42.861211][ T3520] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.868304][ T3520] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.876072][ T3520] device bridge_slave_1 entered promiscuous mode [ 42.883658][ T3519] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.891858][ T3519] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.899585][ T3519] device bridge_slave_1 entered promiscuous mode [ 42.924637][ T3519] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 42.941915][ T3519] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 42.952447][ T3520] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 42.968397][ T3520] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 42.989943][ T3519] team0: Port device team_slave_0 added [ 43.004641][ T3519] team0: Port device team_slave_1 added [ 43.012208][ T3520] team0: Port device team_slave_0 added [ 43.030304][ T3520] team0: Port device team_slave_1 added [ 43.043376][ T3519] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 43.050540][ T3519] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.076695][ T3519] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 43.097447][ T3519] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 43.104436][ T3519] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.130459][ T3519] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 43.141842][ T3520] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 43.148768][ T3520] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.174680][ T3520] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 43.197345][ T3520] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 43.204393][ T3520] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.230312][ T3520] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 43.254441][ T3519] device hsr_slave_0 entered promiscuous mode [ 43.261783][ T3519] device hsr_slave_1 entered promiscuous mode [ 43.290175][ T3520] device hsr_slave_0 entered promiscuous mode [ 43.296711][ T3520] device hsr_slave_1 entered promiscuous mode [ 43.303339][ T3520] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 43.311336][ T3520] Cannot create hsr debugfs directory [ 43.443478][ T3519] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 43.458495][ T3519] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 43.470875][ T3519] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 43.485137][ T3519] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 43.504774][ T3520] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 43.513500][ T3520] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 43.524060][ T3520] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 43.538301][ T3520] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 43.550560][ T3519] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.557671][ T3519] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.565595][ T3519] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.572658][ T3519] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.598215][ T3520] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.605333][ T3520] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.612676][ T3520] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.619797][ T3520] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.668424][ T3519] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.687806][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.697413][ T1066] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.705869][ T1066] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.714233][ T1066] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.722338][ T1066] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.730947][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 43.744652][ T3519] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.758941][ T3520] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.767816][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.777528][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.786226][ T1066] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.793304][ T1066] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.804055][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 43.812685][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.821072][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.828091][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.843078][ T3538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 43.852028][ T3538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 43.866569][ T3520] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.876015][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.883982][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.891822][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 43.901227][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.909981][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 43.922608][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 43.931445][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.945667][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 43.954105][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.962978][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.972419][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.980833][ T1066] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.987877][ T1066] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.995456][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.003694][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.020743][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.029643][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.037935][ T3539] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.045014][ T3539] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.052964][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 44.061723][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 44.071112][ T3519] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 44.082371][ T3538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 44.091557][ T3538] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 44.104676][ T3538] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 44.112783][ T3538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 44.124102][ T3538] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 44.139602][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.148205][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.156562][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.165240][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.174677][ T3520] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 44.230049][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 44.237530][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 44.251422][ T3519] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 44.272888][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 44.281245][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 44.292268][ T3520] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 44.302870][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 44.311652][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.335937][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 44.345720][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.354082][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 44.364053][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.374333][ T3519] device veth0_vlan entered promiscuous mode [ 44.382925][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.390557][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.407314][ T3520] device veth0_vlan entered promiscuous mode [ 44.414719][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 44.422937][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.431800][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.439530][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.453236][ T3519] device veth1_vlan entered promiscuous mode [ 44.463517][ T3520] device veth1_vlan entered promiscuous mode [ 44.483485][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 44.492736][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 44.501409][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 44.509231][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 44.519017][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 44.527479][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.539950][ T3519] device veth0_macvtap entered promiscuous mode [ 44.550349][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 44.558743][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 44.568584][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.578438][ T3519] device veth1_macvtap entered promiscuous mode [ 44.586873][ T3520] device veth0_macvtap entered promiscuous mode [ 44.600256][ T3520] device veth1_macvtap entered promiscuous mode [ 44.616966][ T3519] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 44.625116][ T3538] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 44.634392][ T3538] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 44.642767][ T3538] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 44.652520][ T3538] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 44.660629][ T25] Bluetooth: hci1: command 0x0409 tx timeout [ 44.667682][ T3538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.677860][ T3538] Bluetooth: hci0: command 0x0409 tx timeout [ 44.678730][ T3520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 44.695026][ T3520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.706952][ T3520] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 44.717782][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 44.726515][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.737138][ T3519] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 44.746692][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 44.755415][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.768204][ T3520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 44.778849][ T3520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.791257][ T3520] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 44.800029][ T3519] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.808883][ T3519] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.818469][ T3519] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.827348][ T3519] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.837339][ T3538] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 44.846598][ T3538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.858139][ T3520] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.867327][ T3520] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.876378][ T3520] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.885383][ T3520] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.962535][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.991745][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.006893][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.013379][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.014384][ T697] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.026273][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 45.030835][ T1229] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.045544][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 45.046175][ T697] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 executing program 1: syz_open_dev$vbi(0x0, 0x2, 0x2) ioctl$VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000880)=@userptr={0x0, 0x9, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "546aa58d"}, 0x0, 0x2, {0x0}}) socket$nl_route(0x10, 0x3, 0x0) bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41, 0x80}}, 0x10) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="50000000100003df20e5f82158edd4214fa6ab07", @ANYRES32=0x0, @ANYBLOB="0000000000000000300012800b00010062726964676500"], 0x50}}, 0x0) executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000001880)={'wg1\x00', 0x0}) r3 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000006c0)={0x24, r3, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_LISTEN_PORT={0x6}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r2}]}, 0x24}}, 0x0) [ 45.061678][ T1229] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.071040][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 45.082218][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 45.199879][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 45.217527][ T3555] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'. executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x100201) write$P9_RRENAME(r0, 0x0, 0x0) executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$TUNSETOWNER(r0, 0x800454df, 0xffffffffffffffff) executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000045c0)={'ip6tnl0\x00', &(0x7f0000004540)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @private0}}) executing program 1: syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='nobarrier,mode=lfs,fsync_mode=strict\x00acl,\x00'], 0x1, 0x552d, &(0x7f000000d000)="$eJzs3M1rI2UYAPAn7Xa7X65FPHjbgUVoYRM23Q/0VnUXP7BLWfXgSdMkDdlNMqVJ09qTB4/iwf9EFDx59G/w4NmbeFC8CUpmJrpdFVybtN3294PJM/PmnWeeN5TCMxMSwKm1kPz6cykux/mImI2ISxHZfqnYMit5eCEirkTEzCNbqRj/c+BsRFyIiMtxbnx6qXjr82vDq7d+euuXb76bP3Pxi6+/P5IFA8fCixHR3cz3d7p5TFt5fFCM14btLHZvDouYv9F9WBynedxprmcZdmrjebUs3mjl89PN7f4obnRq9VFstTey8c1efsH+sDXOk53woLaVHTea61ls99Mstvbyunb38v+Xe/1BnqdR5PsoSx+DwTjm483dZr6ezYdZrPcGxXieN200d0dxWMTiclFPO42sjvWDfNLH29vt3vZuMmxu9dtpL7lVqb5Uqd4uV7fSRnPQvFmudRu3byaLrc5oWnnQrHVXWmna6jQr9bS7lCy26vVytZos3mmut2u9pFqt3KhcL99aKvauJa/fey/pNJLFUXy13dsetDv9ZCPdSvIzlpLlyo2Xl5Kr1eSd1bVk7f7du6tr735w5/17r6y++Vox6W9lJYvL15eXy9Xr5eXq0ila/ydF0RNcPxxI6cmmz0+rDoCnyBT7/4iFPKf+H3jc9Pr/rfsR0+//Q/8/EU9V/3va+/8prB8O5An7fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATo4f5r58I9tZyI8vFuPPFEPPFceliJiJiN//wWyc3Zdztsgz9y/z5x6r4dtSZBlG15gvtgsRsVJsvz077U8BAAAATq6vPr7yWd6t5y8LR10Qhym/aTNz6cMJ5StFxNzCjxPKNjN6eX5CybK/7zOxO6Fs2Q2scxNKlt9yOzOpbP/J7L5w7pFQysPMoZYDAAAciv2dwOF2IQAAABymT4+6AI5GKcaPMsfPgrNv3v/1QPD8viMAAADgKM3/v9NKk64DAAAAOHay/t/v/wEAAMDJlv/+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAHO3eUozQQxwH435YKikZifDTxKPoGx/AIPvpoOICX4Ah4BS/AGfDNIxjY0OmSZcNudtNp2d18X9IO0ww/Zgg8zEwyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQp7/1evH75+dfXXN2+27yjAYAAAA4Z1uvF82LWapP2+fv2kcf2noREWVEnJu7V/HqJLOKiE8RUd/Rvr7Vhz8RTcLhM8bt9SYivrbX//d9fwsAAADwcm2Wq3marafb7NIdYkhp0aZ8+y1TXhER9exfprTykPcxU1jz+x7Fj0xpzQLWJFNYWnIb5Up7kObvfly1m9woilSU978/29gBAIABVSfFsLMQAAAAhvT9cPty6V7QXfW45kVcb2UetwLHqWi3916f1AAAAIBnqLh0BwAAAIDeNfP/vs7/mzr/DwAAAJ6EdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfdrW68VmuZp3zdntu8kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAK/bnHQVCIAzCYO/6zmTuf1hp0NTUpAqEj78xGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC42J/fDIhhKIqjd2Yy/75V9r/YuqS6hCrnEH7yJDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABu5H/EY50zXo0tyUjybLx7PZN8Omp8O2r8+mCuD8e8cCMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY2bmf1ziqOADgb2Z2tmlVXKPkEBELHvRi021t7U08KMGDf4IQ0m2N3fqjzcGWIuTiTXLuRfQoIijx1v+h5xZ6qbcecqjguTK/kpc04KpkZtP9fODN+84wmfd9sxDynTdZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYY/v93TgrNoMqTutj9x7fWi36+/v6wp3NB4tFK+KkzaSPhtfinWQh2plrPxkAAABmQ9bU9yGEh/nWctGng7L+z5tzipr/hxequKnn99f9Td/U/kX7/bdHr+wMNKjGKS56aW08Ov10Kr3Dm+V0e/Efz+iVd7589pKVH0j60cbL23l5P5Pv7t79oF+Gx9rIFgD4L041fR00fw8V/bDLxACYGb2o8G7q/2zQbU4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbdjeCM81cRJCWOztxoX7j2+tHtTf2Xyw2LTzt29vxtcsLpGHEC6tjUenw1yLs5lu12/cvLIyHo+utR+8HkLoavT36ulf+WSCk0M4pDROdnTnZyxI6w97WvI5GkGHv5QAAHgm5XUr6vqH+dZycSyZD+HJj3vr/zejOExY/z/69Py9eKy4/h+2NsPpt7R+9cul6zduvr12deXy6PLo83fODN8dnr1w7tyFpfJZSbXtOk0AAACOsH7d4vo/nX96/f9EFIcJ6/+vvh9+E4+Vqf8PtLvo13UmAAAAs+2lk3/9mRxwPOn3w9cr6+vXhtV2Z/9Mte0g1X/tWN3i+j+b7zorAAAAoA3bG8me9f+LURwmXP9//qdXf4mvmYUQjtfr/6dWvxhfbG86U+1//Idw6E34413PEQAAgHY92fciw/G6xev/efn+f7pzZhpCeOuNKq6/BnCi+j/78Nuf47Hi9//PHvI8p126UN2Psl8IobfQdUYAAAA8y+bKNijr/z/yreXPfj3xcd/7/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABt+zsAAP//RP895g==") syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='.\x00', 0x0, 0x0) getdents(r0, &(0x7f0000000280)=""/4096, 0x9005) executing program 0: bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x90) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="180000000000000000000000000000009500160000000000e2bac15d3b6641a215f099e26603a050337b2ccc70a9f928ba3c529bb6e7365e7e246317380f5884d79663e7fcaa89795d7b10e88378c33265a7af06040e3d0bbc6a5864dfa023c6ac1da574242785bbb4ece12b11da52496875e1e384042aad63a3094bf3bc0e40a79960f9f1610940e67e30611d9873d1e6cb9c4cce44c999c49ff52a6400192fd021d7158438d7686a6f66778022c93c544189b684754e7e0f77a4f498609e53104c8aa70632fcc58c757bbc06f6472622dce2729d7296959ce003ec84acd015e352484c42fc29e5aea62fb7977813f7254fd6f62fec638abf292e6c33925b29"], &(0x7f0000000000)='syzkaller\x00'}, 0x80) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r2}, 0x10) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8) close(r4) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r1, 0x0, 0x0}, 0x10) listen(r0, 0x0) syz_emit_ethernet(0x8a, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaac4bc9cac968686dd6000000000540600fe8000000000000000000000000000aafe8000000000000000000000000000aa00004e22c07d69022c4b43c1bf"], 0x0) executing program 0: syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000040)="f2a5bad104ed66b8af6400000f23c80f21f866350c0030000f23f8ba4000b000ee66b9800000c00f326635000800000f3066b98c0a000066b8c53b000066ba000000000f303a3d6765260f01fa0f01c9b85c088ee8", 0x55}], 0x1, 0x13, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 45.790933][ T3575] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 46.237718][ T3569] chnl_net:caif_netlink_parms(): no params data found [ 46.266307][ T3567] loop1: detected capacity change from 0 to 40427 [ 46.293595][ T3570] chnl_net:caif_netlink_parms(): no params data found [ 46.328041][ T3567] F2FS-fs (loop1): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 46.343895][ T3567] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 46.368724][ T3567] F2FS-fs (loop1): invalid crc value [ 46.398568][ T3567] F2FS-fs (loop1): Found nat_bits in checkpoint [ 46.417050][ T3577] chnl_net:caif_netlink_parms(): no params data found [ 46.427227][ T3569] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.435348][ T3569] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.443702][ T3569] device bridge_slave_0 entered promiscuous mode [ 46.457579][ T3567] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 46.465390][ T3567] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 46.472190][ T3569] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.484802][ T3569] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.497078][ T3569] device bridge_slave_1 entered promiscuous mode executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "00009200000000000000000000000058b200"}) write(r0, &(0x7f00000002c0)="75a33cfa187943c188a4af529c3eb5ec3853012fc2215239fea9c75d3dfbbaa05f7989732f2356219489e03f2c556b6f8eb4e0252113fd10038458b8d7d25721", 0x40) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "a86a5cd68a6e81364bfff47a860438db305389"}) r2 = dup(r1) read$FUSE(r2, &(0x7f0000005ac0)={0x2020}, 0x2020) [ 46.573443][ T3519] F2FS-fs (loop1): access invalid blkaddr:2048 [ 46.578161][ T3570] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.586813][ T3519] CPU: 0 PID: 3519 Comm: syz-executor.1 Not tainted 5.15.159-syzkaller #0 [ 46.586917][ T3570] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.595372][ T3519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 46.595383][ T3519] Call Trace: [ 46.595391][ T3519] [ 46.595397][ T3519] dump_stack_lvl+0x1e3/0x2d0 [ 46.595443][ T3519] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 46.595461][ T3519] ? f2fs_get_next_page_offset+0x6c0/0x6c0 [ 46.595491][ T3519] f2fs_is_valid_blkaddr+0xca6/0x1270 [ 46.595517][ T3519] f2fs_map_blocks+0x159a/0x3720 [ 46.595565][ T3519] ? f2fs_force_buffered_io+0x630/0x630 [ 46.595603][ T3519] ? unlock_page+0x188/0x200 [ 46.604478][ T3570] device bridge_slave_0 entered promiscuous mode [ 46.612894][ T3519] f2fs_mpage_readpages+0xe98/0x27c0 [ 46.612948][ T3519] ? dquot_release_reservation_block+0x90/0x90 [ 46.673193][ T3519] ? f2fs_is_compress_backend_ready+0x9d/0x130 [ 46.679337][ T3519] ? f2fs_readahead+0x16e/0x310 [ 46.684184][ T3519] ? f2fs_set_data_page_dirty+0xa90/0xa90 [ 46.689890][ T3519] read_pages+0x159/0x8e0 [ 46.694215][ T3519] ? page_cache_ra_unbounded+0x930/0x930 [ 46.699830][ T3519] ? add_to_page_cache_locked+0x40/0x40 [ 46.705363][ T3519] ? down_read+0x1b3/0x2e0 [ 46.709761][ T3519] page_cache_ra_unbounded+0x7b0/0x930 [ 46.715322][ T3519] ? read_cache_pages_invalidate_pages+0x1c0/0x1c0 [ 46.721819][ T3519] ? blk_cgroup_congested+0x30c/0x390 [ 46.727182][ T3519] f2fs_readdir+0x546/0xef0 [ 46.730796][ T3540] Bluetooth: hci1: command 0x041b tx timeout [ 46.731688][ T3519] ? f2fs_fill_dentries+0xd60/0xd60 [ 46.742833][ T3519] ? f2fs_fill_dentries+0xd60/0xd60 [ 46.748038][ T3519] ? iterate_dir+0x10a/0x570 [ 46.752636][ T3519] ? fsnotify_perm+0x438/0x5a0 [ 46.757385][ T3519] iterate_dir+0x224/0x570 [ 46.761782][ T3519] ? f2fs_fill_dentries+0xd60/0xd60 [ 46.766972][ T3519] __se_sys_getdents64+0x209/0x4f0 [ 46.772070][ T3519] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 46.778052][ T3519] ? __x64_sys_getdents64+0x80/0x80 [ 46.783244][ T3519] ? filldir+0x720/0x720 [ 46.787474][ T3519] ? syscall_enter_from_user_mode+0x2e/0x240 [ 46.793451][ T3519] ? lockdep_hardirqs_on+0x94/0x130 [ 46.798634][ T3519] ? syscall_enter_from_user_mode+0x2e/0x240 [ 46.804598][ T3519] do_syscall_64+0x3b/0xb0 [ 46.808995][ T3519] ? clear_bhb_loop+0x15/0x70 [ 46.813653][ T3519] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 46.819524][ T3519] RIP: 0033:0x7faaf206e3e3 [ 46.823919][ T3519] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 42 8b fa ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 b0 ff ff ff f7 d8 [ 46.843528][ T3519] RSP: 002b:00007fff3f8a9d38 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 46.851925][ T3519] RAX: ffffffffffffffda RBX: 0000555556e3f970 RCX: 00007faaf206e3e3 [ 46.859876][ T3519] RDX: 0000000000008000 RSI: 0000555556e3f970 RDI: 0000000000000005 executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x14, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c"], 0x0, 0x0, 0x0}, 0x0) [ 46.867841][ T3519] RBP: 0000555556e3f944 R08: 0000000000000000 R09: 0000000000000000 [ 46.875791][ T3519] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffb0 [ 46.883743][ T3519] R13: 0000000000000010 R14: 0000555556e3f940 R15: 0000000000000006 [ 46.891716][ T3519] [ 46.899459][ T3538] Bluetooth: hci0: command 0x041b tx timeout [ 46.907042][ T3519] attempt to access beyond end of device [ 46.907042][ T3519] loop1: rw=524288, want=45072, limit=40427 [ 46.920880][ T3519] attempt to access beyond end of device [ 46.920880][ T3519] loop1: rw=0, want=45072, limit=40427 [ 46.942289][ T3569] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.967517][ T3570] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.984163][ T3570] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.992669][ T3570] device bridge_slave_1 entered promiscuous mode [ 47.006553][ T3569] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.076456][ T3569] team0: Port device team_slave_0 added [ 47.084488][ T3570] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.102512][ T3569] team0: Port device team_slave_1 added [ 47.108827][ T3577] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.116029][ T3577] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.123888][ T3577] device bridge_slave_0 entered promiscuous mode [ 47.133806][ T3570] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.158447][ T3577] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.167637][ T3577] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.175916][ T3577] device bridge_slave_1 entered promiscuous mode [ 47.188261][ T3569] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.195237][ T3569] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.221436][ T3569] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.232597][ T3538] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 47.234676][ T3569] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.247276][ T3569] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.274001][ T3569] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.316526][ T3570] team0: Port device team_slave_0 added [ 47.324995][ T3577] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.335915][ T3570] team0: Port device team_slave_1 added [ 47.349701][ T3577] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.388857][ T3570] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.396040][ T3570] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.422982][ T3570] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.446139][ T3569] device hsr_slave_0 entered promiscuous mode [ 47.454112][ T3569] device hsr_slave_1 entered promiscuous mode [ 47.460881][ T3569] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.468885][ T3569] Cannot create hsr debugfs directory [ 47.483674][ T3570] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.489709][ T3538] usb 1-1: Using ep0 maxpacket: 32 [ 47.490721][ T3570] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.521933][ T3570] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.536502][ T3577] team0: Port device team_slave_0 added [ 47.547812][ T3577] team0: Port device team_slave_1 added [ 47.584979][ T3577] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.592713][ T3577] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.618960][ T3538] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 47.624903][ T3577] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.630812][ T3538] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 47.650647][ T3577] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.657687][ T3577] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.683724][ T3577] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.717259][ T3570] device hsr_slave_0 entered promiscuous mode [ 47.724144][ T3570] device hsr_slave_1 entered promiscuous mode [ 47.731048][ T3570] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.738805][ T3570] Cannot create hsr debugfs directory [ 47.770718][ T3539] Bluetooth: hci3: command 0x0409 tx timeout [ 47.777566][ T3538] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 47.787267][ T3538] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 47.795798][ T3538] usb 1-1: Product: syz [ 47.801457][ T3538] usb 1-1: Manufacturer: syz [ 47.807992][ T3539] Bluetooth: hci2: command 0x0409 tx timeout [ 47.829885][ T3577] device hsr_slave_0 entered promiscuous mode [ 47.836566][ T3577] device hsr_slave_1 entered promiscuous mode [ 47.844403][ T3577] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.852695][ T3577] Cannot create hsr debugfs directory [ 47.862210][ T3538] hub 1-1:4.0: USB hub found [ 47.929511][ T1069] Bluetooth: hci4: command 0x0409 tx timeout [ 47.974339][ T3569] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 47.983677][ T3569] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 47.996482][ T3569] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 48.005213][ T3569] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 48.075977][ T3570] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 48.083721][ T3538] hub 1-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 48.109758][ T3570] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 48.118544][ T3570] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 48.129147][ T3570] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 48.193090][ T3577] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 48.207287][ T3569] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.215089][ T3577] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 48.227478][ T3577] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 48.237354][ T3577] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 48.265858][ T3541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.274089][ T3541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.290684][ T3569] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.317247][ T3570] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.324255][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.334150][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.343074][ T1069] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.350175][ T1069] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.358519][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.372500][ T3541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.381117][ T3541] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.389563][ T3541] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.396615][ T3541] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.410490][ T3538] usb 1-1: USB disconnect, device number 2 [ 48.438751][ T3570] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.451847][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.462922][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.471007][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 48.480379][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 48.507529][ T3602] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 48.516593][ T3602] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.525423][ T3602] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.534257][ T3602] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.543293][ T3602] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.550400][ T3602] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.558008][ T3602] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 48.566772][ T3602] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.575601][ T3602] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.584387][ T3602] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.592752][ T3602] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.599850][ T3602] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.607511][ T3602] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 48.616224][ T3602] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 48.624464][ T3602] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.633403][ T3602] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 48.641233][ T3602] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.659435][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 48.667913][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 48.676917][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.686759][ T3541] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 48.694914][ T3541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 48.703503][ T3541] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.728678][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 48.736636][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 48.746180][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.761166][ T3577] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.771773][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 48.780573][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.788738][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 48.797217][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'hsr0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x3c}}, 0x0) [ 48.810312][ T3570] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 48.834653][ T3577] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.846584][ T3541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.855759][ T3541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.880363][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.889793][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.898373][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.905476][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.921238][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.934771][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.944732][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.951839][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.960327][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 48.970809][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready executing program 0: syz_emit_ethernet(0x36, &(0x7f00000000c0)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./bus\x00', 0x10000, &(0x7f0000000100)={[{@utf8no}, {@numtail}, {@fat=@codepage={'codepage', 0x3d, '860'}}, {@shortname_win95}, {@fat=@dos1xfloppy}, {@shortname_lower}, {@utf8no}, {@utf8no}, {@utf8}, {@utf8}]}, 0x2, 0x217, &(0x7f00000004c0)="$eJzs3TFrE2EYB/CnttVSkGQQiiJ44uIUmop7ilQQA4qSQSeLTVGaWDAQ0KF180voV9DRVXAQV7+ACFIFF7t1ECL1YmNrYiM1OTG/35KH3Pu/e95LyEuGvLl1sr6ytNpY3tzciKmpsZgoRSm2xiIfh2I8Uo8CAPifbLVa8aWVyroXAGA4rP8AMHr6XP+vDrElAGDAfP8HgNFz/cbNy/Pl8sK1JJmKqD9uVpqV9DE9Pr8cd6MW1ZiNXHyNaO1I64uXyguzybaP+ajU19v59WZlfHe+GLnId88Xk9Tu/GRMt/PvpqMac5GLY93zc13zh+PsmZ+uX4hcvL0dq1GLpdjOdvJrxSS5cKW8J3/k+zgAAAAAAAAAAAAAAAAAAAAAABiEQrKj6/49hUKv42m+//2B9u7PMxEnJrKdOwAAAAAAAAAAAAAAAAAAAPwrGg8erizWatX7vyvuvXn2ar8xfRZj7ese9DwHL46e/vCk15jxP7s/f7d4eSrL29Jn8XrjzvFzjZnzmbUxGRG/PtPzrfU5FzGgfp5n+lr8mPW+g2eelhZfrL3/1O+Zh/5RBAAAAAAAAAAAAAAAAAAAI6/zo9+sOwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA7HT+/39wRdZzBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbwEAAP//uSidyw==") fgetxattr(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB="757365722efa"], 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 49.005414][ T25] Bluetooth: hci0: command 0x040f tx timeout [ 49.022290][ T3577] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 49.065199][ T3614] loop0: detected capacity change from 0 to 256 [ 49.066184][ T3577] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 49.084771][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 49.095164][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 49.104481][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 49.113875][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 49.122807][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.132169][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.140519][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.148747][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 49.157204][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.166300][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 49.174318][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 49.197888][ T3570] 8021q: adding VLAN 0 to HW filter on device batadv0 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001c40)=@newtaction={0xf0, 0x30, 0x1, 0x0, 0x0, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}}, 0x0) [ 49.236860][ T3541] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 49.248374][ T3541] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 49.256550][ T3541] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 49.265104][ T3541] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 49.284599][ T3569] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.309496][ T3541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 49.318750][ T3541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.369265][ T3570] device veth0_vlan entered promiscuous mode [ 49.379931][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 49.388636][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.397756][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 49.406536][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.849679][ T13] Bluetooth: hci2: command 0x041b tx timeout [ 49.856061][ T13] Bluetooth: hci3: command 0x041b tx timeout [ 50.009758][ T13] Bluetooth: hci4: command 0x041b tx timeout [ 51.049605][ T3539] Bluetooth: hci0: command 0x0419 tx timeout [ 51.930269][ T1069] Bluetooth: hci3: command 0x040f tx timeout [ 51.937596][ T1069] Bluetooth: hci2: command 0x040f tx timeout [ 52.089753][ T1069] Bluetooth: hci4: command 0x040f tx timeout [ 54.009519][ T1069] Bluetooth: hci2: command 0x0419 tx timeout [ 54.015589][ T1069] Bluetooth: hci3: command 0x0419 tx timeout [ 54.169505][ T1069] Bluetooth: hci4: command 0x0419 tx timeout [ 71.213462][ T1377] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.220184][ T1377] ieee802154 phy1 wpan1: encryption failed: -22 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000001880)={'wg1\x00', 0x0}) r3 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000006c0)={0x24, r3, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_LISTEN_PORT={0x6}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r2}]}, 0x24}}, 0x0) [ 73.929432][ T3540] Bluetooth: hci1: command 0x0409 tx timeout [ 76.009630][ T1069] Bluetooth: hci1: command 0x041b tx timeout [ 76.338395][ T1281] cfg80211: failed to load regulatory.db [ 78.089568][ T3601] Bluetooth: hci1: command 0x040f tx timeout executing program 0: r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x4002011, r0, 0x0) poll(&(0x7f0000000100)=[{}], 0x1, 0x0) [ 80.169625][ T1069] Bluetooth: hci1: command 0x0419 tx timeout [ 81.449492][ T3601] Bluetooth: hci5: command 0x0409 tx timeout [ 83.529419][ T1069] Bluetooth: hci5: command 0x041b tx timeout [ 85.609724][ T3539] Bluetooth: hci5: command 0x040f tx timeout [ 87.689537][ T3539] Bluetooth: hci5: command 0x0419 tx timeout [ 107.053828][ T3589] attempt to access beyond end of device [ 107.053828][ T3589] loop1: rw=2049, want=45104, limit=40427 [ 112.809826][ T3539] Bluetooth: hci6: command 0x0409 tx timeout [ 112.817326][ T25] Bluetooth: hci8: command 0x0409 tx timeout [ 112.830451][ T25] Bluetooth: hci7: command 0x0409 tx timeout [ 114.889364][ T1069] Bluetooth: hci7: command 0x041b tx timeout [ 114.896607][ T1069] Bluetooth: hci8: command 0x041b tx timeout [ 114.911551][ T1069] Bluetooth: hci6: command 0x041b tx timeout [ 116.969429][ T1069] Bluetooth: hci6: command 0x040f tx timeout [ 116.976137][ T1069] Bluetooth: hci8: command 0x040f tx timeout [ 116.993909][ T1069] Bluetooth: hci7: command 0x040f tx timeout [ 119.049480][ T3539] Bluetooth: hci7: command 0x0419 tx timeout [ 119.055593][ T3539] Bluetooth: hci8: command 0x0419 tx timeout [ 119.070001][ T3539] Bluetooth: hci6: command 0x0419 tx timeout [ 132.651216][ T1377] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.657967][ T1377] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.889437][ T1069] Bluetooth: hci9: command 0x0409 tx timeout [ 140.969377][ T1069] Bluetooth: hci9: command 0x041b tx timeout [ 143.049391][ T3539] Bluetooth: hci9: command 0x040f tx timeout [ 145.129430][ T1069] Bluetooth: hci9: command 0x0419 tx timeout [ 146.489388][ T1069] Bluetooth: hci10: command 0x0409 tx timeout [ 148.569381][ T1069] Bluetooth: hci10: command 0x041b tx timeout [ 150.649330][ T3539] Bluetooth: hci10: command 0x040f tx timeout [ 152.729422][ T1069] Bluetooth: hci10: command 0x0419 tx timeout [ 165.449606][ T3539] Bluetooth: hci0: command 0x0406 tx timeout [ 170.569560][ T3539] Bluetooth: hci2: command 0x0406 tx timeout [ 170.575638][ T3539] Bluetooth: hci3: command 0x0406 tx timeout [ 170.598326][ T1069] Bluetooth: hci4: command 0x0406 tx timeout [ 177.849336][ T3539] Bluetooth: hci13: command 0x0409 tx timeout [ 177.855877][ T3539] Bluetooth: hci12: command 0x0409 tx timeout [ 177.863162][ T3539] Bluetooth: hci11: command 0x0409 tx timeout [ 179.929347][ T1069] Bluetooth: hci11: command 0x041b tx timeout [ 179.936030][ T1069] Bluetooth: hci12: command 0x041b tx timeout [ 179.959373][ T3539] Bluetooth: hci13: command 0x041b tx timeout [ 182.009339][ T3539] Bluetooth: hci13: command 0x040f tx timeout [ 182.016252][ T3539] Bluetooth: hci12: command 0x040f tx timeout [ 182.031117][ T3539] Bluetooth: hci11: command 0x040f tx timeout [ 184.089393][ T1069] Bluetooth: hci11: command 0x0419 tx timeout [ 184.098816][ T1069] Bluetooth: hci12: command 0x0419 tx timeout [ 184.109911][ T1069] Bluetooth: hci13: command 0x0419 tx timeout [ 194.090980][ T1377] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.097289][ T1377] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.169341][ T3539] Bluetooth: hci1: command 0x0406 tx timeout [ 203.929399][ T3539] Bluetooth: hci14: command 0x0409 tx timeout [ 204.330520][ T27] INFO: task syz-executor.1:3519 blocked for more than 143 seconds. [ 204.338678][ T27] Not tainted 5.15.159-syzkaller #0 [ 204.346182][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 204.355189][ T27] task:syz-executor.1 state:D stack:19640 pid: 3519 ppid: 1 flags:0x00004002 [ 204.364777][ T27] Call Trace: [ 204.368063][ T27] [ 204.371342][ T27] __schedule+0x12c4/0x45b0 [ 204.375889][ T27] ? release_firmware_map_entry+0x190/0x190 [ 204.382189][ T27] ? __mutex_trylock_common+0x8d/0x2e0 [ 204.387676][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 204.393361][ T27] schedule+0x11b/0x1f0 [ 204.398076][ T27] schedule_preempt_disabled+0xf/0x20 [ 204.404145][ T27] __mutex_lock_common+0xe34/0x25a0 [ 204.409603][ T27] ? netdev_run_todo+0xa4f/0xc40 [ 204.414549][ T27] ? mutex_lock_io_nested+0x60/0x60 [ 204.421088][ T27] ? free_netdev+0x1f4/0x480 [ 204.425707][ T27] ? dev_addr_flush+0x18b/0x200 [ 204.436306][ T27] ? kobject_put+0x422/0x460 [ 204.442312][ T27] ? free_netdev+0x366/0x480 [ 204.446921][ T27] mutex_lock_nested+0x17/0x20 [ 204.457415][ T27] netdev_run_todo+0xa4f/0xc40 [ 204.462548][ T27] ? netdev_refcnt_read+0x50/0x50 [ 204.467585][ T27] ? netdev_state_change+0xa3/0x250 [ 204.478768][ T27] ? netdev_features_change+0x1b0/0x1b0 [ 204.484634][ T27] ? tun_chr_close+0x104/0x1b0 [ 204.496430][ T27] ? kfree+0xf1/0x270 [ 204.502569][ T27] tun_chr_close+0x136/0x1b0 [ 204.507221][ T27] ? tun_chr_open+0x4d0/0x4d0 [ 204.515679][ T27] __fput+0x3bf/0x890 [ 204.522282][ T27] task_work_run+0x129/0x1a0 [ 204.526903][ T27] do_exit+0x6a3/0x2480 [ 204.534731][ T27] ? rcu_is_watching+0x11/0xa0 [ 204.542122][ T27] ? put_task_struct+0x80/0x80 [ 204.546916][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 204.557779][ T27] ? vtime_user_exit+0x2d1/0x400 [ 204.565244][ T27] do_group_exit+0x144/0x310 [ 204.575506][ T27] __x64_sys_exit_group+0x3b/0x40 [ 204.583209][ T27] do_syscall_64+0x3b/0xb0 [ 204.587630][ T27] ? clear_bhb_loop+0x15/0x70 [ 204.596178][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 204.605195][ T27] RIP: 0033:0x7faaf2042ee9 [ 204.613199][ T27] RSP: 002b:00007fff3f8a9c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 204.624187][ T27] RAX: ffffffffffffffda RBX: 00007faaf208e3a8 RCX: 00007faaf2042ee9 [ 204.635713][ T27] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 204.646808][ T27] RBP: 0000000000000010 R08: 00007fff3f8a7a06 R09: 00007fff3f8aaf20 [ 204.658652][ T27] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff3f8aaf20 [ 204.670276][ T27] R13: 00007faaf208e336 R14: 0000555556e36430 R15: 0000000000000006 [ 204.678274][ T27] [ 204.687845][ T27] INFO: task kworker/1:5:3541 blocked for more than 143 seconds. [ 204.695846][ T27] Not tainted 5.15.159-syzkaller #0 [ 204.707842][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 204.716772][ T27] task:kworker/1:5 state:D stack:24408 pid: 3541 ppid: 2 flags:0x00004000 [ 204.731752][ T27] Workqueue: ipv6_addrconf addrconf_dad_work [ 204.737758][ T27] Call Trace: [ 204.745128][ T27] [ 204.748067][ T27] __schedule+0x12c4/0x45b0 [ 204.756303][ T27] ? mark_lock+0x98/0x340 [ 204.763123][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 204.769119][ T27] ? release_firmware_map_entry+0x190/0x190 [ 204.778725][ T27] ? __mutex_trylock_common+0x8d/0x2e0 [ 204.787852][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 204.796779][ T27] ? _raw_spin_unlock_irq+0x1f/0x40 [ 204.805149][ T27] ? lockdep_hardirqs_on+0x94/0x130 [ 204.813975][ T27] schedule+0x11b/0x1f0 [ 204.818146][ T27] schedule_preempt_disabled+0xf/0x20 [ 204.826005][ T27] __mutex_lock_common+0xe34/0x25a0 [ 204.834767][ T27] ? addrconf_dad_work+0xcc/0x1720 [ 204.842270][ T27] ? mutex_lock_io_nested+0x60/0x60 [ 204.847491][ T27] mutex_lock_nested+0x17/0x20 [ 204.855760][ T27] addrconf_dad_work+0xcc/0x1720 [ 204.863113][ T27] ? read_lock_is_recursive+0x10/0x10 [ 204.868497][ T27] ? rcu_lock_release+0x20/0x20 [ 204.876931][ T27] ? print_irqtrace_events+0x210/0x210 [ 204.884841][ T27] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 204.895451][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 204.903103][ T27] process_one_work+0x8a1/0x10c0 [ 204.908627][ T27] ? worker_detach_from_pool+0x260/0x260 [ 204.917852][ T27] ? _raw_spin_lock_irqsave+0x120/0x120 [ 204.925823][ T27] ? kthread_data+0x4e/0xc0 [ 204.934081][ T27] ? wq_worker_running+0x97/0x170 [ 204.947417][ T27] worker_thread+0xaca/0x1280 [ 204.955618][ T27] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 204.963977][ T27] kthread+0x3f6/0x4f0 [ 204.968056][ T27] ? rcu_lock_release+0x20/0x20 [ 204.978786][ T27] ? kthread_blkcg+0xd0/0xd0 [ 204.985803][ T27] ret_from_fork+0x1f/0x30 [ 204.993778][ T27] [ 204.996825][ T27] INFO: task syz-executor.2:3569 blocked for more than 144 seconds. [ 205.009014][ T27] Not tainted 5.15.159-syzkaller #0 [ 205.018989][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 205.030293][ T27] task:syz-executor.2 state:D stack:20952 pid: 3569 ppid: 1 flags:0x00004006 [ 205.044195][ T27] Call Trace: [ 205.047476][ T27] [ 205.059372][ T27] __schedule+0x12c4/0x45b0 [ 205.063919][ T27] ? release_firmware_map_entry+0x190/0x190 [ 205.077055][ T27] ? __mutex_trylock_common+0x8d/0x2e0 [ 205.082766][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 205.087976][ T27] schedule+0x11b/0x1f0 [ 205.097884][ T27] schedule_preempt_disabled+0xf/0x20 [ 205.103509][ T27] __mutex_lock_common+0xe34/0x25a0 [ 205.108724][ T27] ? rtnetlink_rcv_msg+0x94c/0xee0 [ 205.121351][ T27] ? mutex_lock_io_nested+0x60/0x60 [ 205.126582][ T27] mutex_lock_nested+0x17/0x20 [ 205.136400][ T27] rtnetlink_rcv_msg+0x94c/0xee0 [ 205.142686][ T27] ? rtnetlink_bind+0x80/0x80 [ 205.147380][ T27] ? __local_bh_enable_ip+0x164/0x1f0 [ 205.157446][ T27] ? lockdep_hardirqs_on+0x94/0x130 [ 205.164015][ T27] ? __local_bh_enable_ip+0x164/0x1f0 [ 205.174106][ T27] ? local_bh_enable+0x5/0x20 [ 205.178792][ T27] ? _local_bh_enable+0xa0/0xa0 [ 205.185074][ T27] ? __dev_queue_xmit+0x1c56/0x3230 [ 205.194963][ T27] ? __copy_skb_header+0x47b/0x600 [ 205.202019][ T27] ? dev_queue_xmit+0x20/0x20 [ 205.206700][ T27] ? memcpy+0x3c/0x60 [ 205.215998][ T27] ? __copy_skb_header+0x47b/0x600 [ 205.222509][ T27] netlink_rcv_skb+0x1cf/0x410 [ 205.227282][ T27] ? rtnetlink_bind+0x80/0x80 [ 205.237888][ T27] ? netlink_ack+0xb10/0xb10 [ 205.243916][ T27] netlink_unicast+0x7b6/0x980 [ 205.249046][ T27] ? netlink_detachskb+0x90/0x90 [ 205.258783][ T27] ? __virt_addr_valid+0x39e/0x450 [ 205.265246][ T27] ? 0xffffffff81000000 [ 205.273974][ T27] ? __check_object_size+0x300/0x410 [ 205.280656][ T27] ? bpf_lsm_netlink_send+0x5/0x10 [ 205.285780][ T27] netlink_sendmsg+0xa30/0xd60 [ 205.295250][ T27] ? netlink_getsockopt+0x5b0/0x5b0 [ 205.301800][ T27] ? aa_sock_msg_perm+0x91/0x150 [ 205.306917][ T27] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 205.317056][ T27] ? security_socket_sendmsg+0x7d/0xa0 [ 205.323890][ T27] ? netlink_getsockopt+0x5b0/0x5b0 [ 205.329099][ T27] __sys_sendto+0x564/0x720 [ 205.338231][ T27] ? __ia32_sys_getpeername+0x80/0x80 [ 205.346237][ T27] ? print_irqtrace_events+0x210/0x210 [ 205.356955][ T27] ? vtime_user_exit+0x2d1/0x400 [ 205.363264][ T27] __x64_sys_sendto+0xda/0xf0 [ 205.367956][ T27] do_syscall_64+0x3b/0xb0 [ 205.380201][ T27] ? clear_bhb_loop+0x15/0x70 [ 205.384895][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 205.395460][ T27] RIP: 0033:0x7fef43c95bdc [ 205.401494][ T27] RSP: 002b:00007ffc53b3f0e0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 205.414498][ T27] RAX: ffffffffffffffda RBX: 00007fef448eb620 RCX: 00007fef43c95bdc [ 205.424065][ T27] RDX: 000000000000002c RSI: 00007fef448eb670 RDI: 0000000000000003 [ 205.436786][ T27] RBP: 0000000000000000 R08: 00007ffc53b3f134 R09: 000000000000000c [ 205.446556][ T27] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 205.463602][ T27] R13: 0000000000000000 R14: 00007fef448eb670 R15: 0000000000000000 [ 205.474053][ T27] [ 205.477099][ T27] INFO: task syz-executor.3:3570 blocked for more than 144 seconds. [ 205.489283][ T27] Not tainted 5.15.159-syzkaller #0 [ 205.495036][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 205.509756][ T27] task:syz-executor.3 state:D stack:20320 pid: 3570 ppid: 1 flags:0x00004006 [ 205.518990][ T27] Call Trace: [ 205.527902][ T27] [ 205.535001][ T27] __schedule+0x12c4/0x45b0 [ 205.544106][ T27] ? release_firmware_map_entry+0x190/0x190 [ 205.551351][ T27] ? __mutex_trylock_common+0x8d/0x2e0 [ 205.556832][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 205.566897][ T27] schedule+0x11b/0x1f0 [ 205.573600][ T27] schedule_preempt_disabled+0xf/0x20 [ 205.578983][ T27] __mutex_lock_common+0xe34/0x25a0 [ 205.588861][ T27] ? rtnetlink_rcv_msg+0x94c/0xee0 [ 205.595335][ T27] ? mutex_lock_io_nested+0x60/0x60 [ 205.605161][ T27] mutex_lock_nested+0x17/0x20 [ 205.613320][ T27] rtnetlink_rcv_msg+0x94c/0xee0 [ 205.618281][ T27] ? rtnetlink_bind+0x80/0x80 [ 205.627901][ T27] ? __local_bh_enable_ip+0x164/0x1f0 [ 205.634649][ T27] ? lockdep_hardirqs_on+0x94/0x130 [ 205.644353][ T27] ? __local_bh_enable_ip+0x164/0x1f0 [ 205.651079][ T27] ? local_bh_enable+0x5/0x20 [ 205.655761][ T27] ? _local_bh_enable+0xa0/0xa0 [ 205.665441][ T27] ? __dev_queue_xmit+0x1c56/0x3230 [ 205.672066][ T27] ? __copy_skb_header+0x47b/0x600 [ 205.677184][ T27] ? dev_queue_xmit+0x20/0x20 [ 205.687864][ T27] ? memcpy+0x3c/0x60 [ 205.693833][ T27] ? __copy_skb_header+0x47b/0x600 [ 205.698970][ T27] netlink_rcv_skb+0x1cf/0x410 [ 205.708498][ T27] ? rtnetlink_bind+0x80/0x80 [ 205.714538][ T27] ? netlink_ack+0xb10/0xb10 [ 205.719147][ T27] netlink_unicast+0x7b6/0x980 [ 205.728640][ T27] ? netlink_detachskb+0x90/0x90 [ 205.734934][ T27] ? __virt_addr_valid+0x39e/0x450 [ 205.744654][ T27] ? 0xffffffff81000000 [ 205.748819][ T27] ? __check_object_size+0x300/0x410 [ 205.756138][ T27] ? bpf_lsm_netlink_send+0x5/0x10 [ 205.765920][ T27] netlink_sendmsg+0xa30/0xd60 [ 205.771030][ T27] ? netlink_getsockopt+0x5b0/0x5b0 [ 205.776236][ T27] ? aa_sock_msg_perm+0x91/0x150 [ 205.785776][ T27] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 205.792445][ T27] ? security_socket_sendmsg+0x7d/0xa0 [ 205.797918][ T27] ? netlink_getsockopt+0x5b0/0x5b0 [ 205.803537][ T27] __sys_sendto+0x564/0x720 [ 205.808053][ T27] ? __ia32_sys_getpeername+0x80/0x80 [ 205.813740][ T27] ? print_irqtrace_events+0x210/0x210 [ 205.819411][ T27] ? vtime_user_exit+0x2d1/0x400 [ 205.824383][ T27] __x64_sys_sendto+0xda/0xf0 [ 205.829194][ T27] do_syscall_64+0x3b/0xb0 [ 205.834044][ T27] ? clear_bhb_loop+0x15/0x70 [ 205.838723][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 205.844925][ T27] RIP: 0033:0x7f93bcf45bdc [ 205.850001][ T27] RSP: 002b:00007ffcd7117dd0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 205.858423][ T27] RAX: ffffffffffffffda RBX: 00007f93bdb9b620 RCX: 00007f93bcf45bdc [ 205.866777][ T27] RDX: 0000000000000028 RSI: 00007f93bdb9b670 RDI: 0000000000000003 [ 205.874974][ T27] RBP: 0000000000000000 R08: 00007ffcd7117e24 R09: 000000000000000c [ 205.883159][ T27] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 205.891388][ T27] R13: 0000000000000000 R14: 00007f93bdb9b670 R15: 0000000000000000 [ 205.900941][ T27] [ 205.904027][ T27] INFO: task syz-executor.4:3577 blocked for more than 144 seconds. [ 205.912292][ T27] Not tainted 5.15.159-syzkaller #0 [ 205.918188][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 205.927259][ T27] task:syz-executor.4 state:D stack:20632 pid: 3577 ppid: 1 flags:0x00004006 [ 205.937213][ T27] Call Trace: [ 205.945033][ T27] [ 205.947973][ T27] __schedule+0x12c4/0x45b0 [ 205.954143][ T27] ? release_firmware_map_entry+0x190/0x190 [ 205.964670][ T27] ? __mutex_trylock_common+0x8d/0x2e0 [ 205.971500][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 205.976705][ T27] schedule+0x11b/0x1f0 [ 205.985562][ T27] schedule_preempt_disabled+0xf/0x20 [ 205.992315][ T27] __mutex_lock_common+0xe34/0x25a0 [ 205.997534][ T27] ? rtnetlink_rcv_msg+0x94c/0xee0 [ 206.007348][ T27] ? mutex_lock_io_nested+0x60/0x60 [ 206.009384][ T3539] Bluetooth: hci14: command 0x041b tx timeout [ 206.016267][ T27] mutex_lock_nested+0x17/0x20 [ 206.027960][ T27] rtnetlink_rcv_msg+0x94c/0xee0 [ 206.034719][ T27] ? rtnetlink_bind+0x80/0x80 [ 206.043973][ T27] ? __local_bh_enable_ip+0x164/0x1f0 [ 206.050687][ T27] ? lockdep_hardirqs_on+0x94/0x130 [ 206.055896][ T27] ? __local_bh_enable_ip+0x164/0x1f0 [ 206.065902][ T27] ? local_bh_enable+0x5/0x20 [ 206.072514][ T27] ? _local_bh_enable+0xa0/0xa0 [ 206.077381][ T27] ? __dev_queue_xmit+0x1c56/0x3230 [ 206.087207][ T27] ? __copy_skb_header+0x47b/0x600 [ 206.102812][ T27] ? dev_queue_xmit+0x20/0x20 [ 206.107499][ T27] ? memcpy+0x3c/0x60 [ 206.117690][ T27] ? __copy_skb_header+0x47b/0x600 [ 206.124113][ T27] netlink_rcv_skb+0x1cf/0x410 [ 206.128885][ T27] ? rtnetlink_bind+0x80/0x80 [ 206.139355][ T27] ? netlink_ack+0xb10/0xb10 [ 206.143975][ T27] netlink_unicast+0x7b6/0x980 [ 206.148747][ T27] ? netlink_detachskb+0x90/0x90 [ 206.159577][ T27] ? __virt_addr_valid+0x39e/0x450 [ 206.164697][ T27] ? 0xffffffff81000000 [ 206.168973][ T27] ? __check_object_size+0x300/0x410 [ 206.179037][ T27] ? bpf_lsm_netlink_send+0x5/0x10 [ 206.185539][ T27] netlink_sendmsg+0xa30/0xd60 [ 206.194909][ T27] ? netlink_getsockopt+0x5b0/0x5b0 [ 206.201464][ T27] ? aa_sock_msg_perm+0x91/0x150 [ 206.206409][ T27] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 206.216414][ T27] ? security_socket_sendmsg+0x7d/0xa0 [ 206.223230][ T27] ? netlink_getsockopt+0x5b0/0x5b0 [ 206.228437][ T27] __sys_sendto+0x564/0x720 [ 206.238911][ T27] ? __ia32_sys_getpeername+0x80/0x80 [ 206.245779][ T27] ? print_irqtrace_events+0x210/0x210 [ 206.256132][ T27] ? vtime_user_exit+0x2d1/0x400 [ 206.262465][ T27] __x64_sys_sendto+0xda/0xf0 [ 206.267156][ T27] do_syscall_64+0x3b/0xb0 [ 206.276192][ T27] ? clear_bhb_loop+0x15/0x70 [ 206.282271][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 206.288170][ T27] RIP: 0033:0x7f370999ebdc [ 206.297756][ T27] RSP: 002b:00007ffcbb740050 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 206.307654][ T27] RAX: ffffffffffffffda RBX: 00007f370a5f4620 RCX: 00007f370999ebdc [ 206.320268][ T27] RDX: 0000000000000028 RSI: 00007f370a5f4670 RDI: 0000000000000003 [ 206.328249][ T27] RBP: 0000000000000000 R08: 00007ffcbb7400a4 R09: 000000000000000c [ 206.341380][ T27] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 206.353963][ T27] R13: 0000000000000000 R14: 00007f370a5f4670 R15: 0000000000000000 [ 206.364370][ T27] [ 206.367456][ T27] INFO: task kworker/0:7:3602 blocked for more than 145 seconds. [ 206.378758][ T27] Not tainted 5.15.159-syzkaller #0 [ 206.387005][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 206.399110][ T27] task:kworker/0:7 state:D stack:25592 pid: 3602 ppid: 2 flags:0x00004000 [ 206.409292][ T3539] Bluetooth: hci5: command 0x0406 tx timeout [ 206.410946][ T27] Workqueue: ipv6_addrconf addrconf_dad_work [ 206.428526][ T27] Call Trace: [ 206.434145][ T27] [ 206.437085][ T27] __schedule+0x12c4/0x45b0 [ 206.442338][ T27] ? mark_lock+0x98/0x340 [ 206.446687][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 206.452749][ T27] ? release_firmware_map_entry+0x190/0x190 [ 206.458815][ T27] ? __mutex_trylock_common+0x8d/0x2e0 [ 206.465672][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 206.470986][ T27] ? _raw_spin_unlock_irq+0x1f/0x40 [ 206.476314][ T27] ? lockdep_hardirqs_on+0x94/0x130 [ 206.481558][ T27] schedule+0x11b/0x1f0 [ 206.485842][ T27] schedule_preempt_disabled+0xf/0x20 [ 206.491328][ T27] __mutex_lock_common+0xe34/0x25a0 [ 206.496669][ T27] ? addrconf_dad_work+0xcc/0x1720 [ 206.501884][ T27] ? mutex_lock_io_nested+0x60/0x60 [ 206.507228][ T27] mutex_lock_nested+0x17/0x20 [ 206.512223][ T27] addrconf_dad_work+0xcc/0x1720 [ 206.517171][ T27] ? read_lock_is_recursive+0x10/0x10 [ 206.523493][ T27] ? rcu_lock_release+0x20/0x20 [ 206.528370][ T27] ? print_irqtrace_events+0x210/0x210 [ 206.534156][ T27] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 206.540266][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 206.545607][ T27] process_one_work+0x8a1/0x10c0 [ 206.550914][ T27] ? worker_detach_from_pool+0x260/0x260 [ 206.556557][ T27] ? _raw_spin_lock_irqsave+0x120/0x120 [ 206.562398][ T27] ? kthread_data+0x4e/0xc0 [ 206.566911][ T27] ? wq_worker_running+0x97/0x170 [ 206.573447][ T27] worker_thread+0xaca/0x1280 [ 206.578141][ T27] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 206.584471][ T27] kthread+0x3f6/0x4f0 [ 206.588547][ T27] ? rcu_lock_release+0x20/0x20 [ 206.593769][ T27] ? kthread_blkcg+0xd0/0xd0 [ 206.598366][ T27] ret_from_fork+0x1f/0x30 [ 206.603188][ T27] [ 206.606269][ T27] INFO: task kworker/0:8:3603 blocked for more than 145 seconds. [ 206.614282][ T27] Not tainted 5.15.159-syzkaller #0 [ 206.620261][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 206.629017][ T27] task:kworker/0:8 state:D stack:25160 pid: 3603 ppid: 2 flags:0x00004000 [ 206.638656][ T27] Workqueue: events linkwatch_event [ 206.644227][ T27] Call Trace: [ 206.647993][ T27] [ 206.651347][ T27] __schedule+0x12c4/0x45b0 [ 206.655883][ T27] ? mark_lock+0x98/0x340 [ 206.660554][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 206.666541][ T27] ? release_firmware_map_entry+0x190/0x190 [ 206.672752][ T27] ? __mutex_trylock_common+0x8d/0x2e0 [ 206.678220][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 206.685002][ T27] ? _raw_spin_unlock_irq+0x1f/0x40 [ 206.690437][ T27] ? lockdep_hardirqs_on+0x94/0x130 [ 206.695643][ T27] schedule+0x11b/0x1f0 [ 206.700132][ T27] schedule_preempt_disabled+0xf/0x20 [ 206.705521][ T27] __mutex_lock_common+0xe34/0x25a0 [ 206.711032][ T27] ? linkwatch_event+0xa/0x50 [ 206.715720][ T27] ? mutex_lock_io_nested+0x60/0x60 [ 206.721626][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 206.727637][ T27] ? print_irqtrace_events+0x210/0x210 [ 206.733580][ T27] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 206.739752][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 206.745048][ T27] mutex_lock_nested+0x17/0x20 [ 206.750272][ T27] linkwatch_event+0xa/0x50 [ 206.754809][ T27] process_one_work+0x8a1/0x10c0 [ 206.760100][ T27] ? worker_detach_from_pool+0x260/0x260 [ 206.765744][ T27] ? _raw_spin_lock_irqsave+0x120/0x120 [ 206.771708][ T27] ? kthread_data+0x4e/0xc0 [ 206.776233][ T27] ? wq_worker_running+0x97/0x170 [ 206.781601][ T27] worker_thread+0xaca/0x1280 [ 206.786385][ T27] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 206.793839][ T27] kthread+0x3f6/0x4f0 [ 206.797924][ T27] ? rcu_lock_release+0x20/0x20 [ 206.803657][ T27] ? kthread_blkcg+0xd0/0xd0 [ 206.808258][ T27] ret_from_fork+0x1f/0x30 [ 206.813083][ T27] [ 206.816166][ T27] [ 206.816166][ T27] Showing all locks held in the system: [ 206.824340][ T27] 1 lock held by khungtaskd/27: [ 206.829185][ T27] #0: ffffffff8c91fae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 206.838770][ T27] 3 locks held by kworker/0:3/1281: [ 206.844584][ T27] #0: ffff888011c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 206.855434][ T27] #1: ffffc90005bbfd20 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 206.872502][ T27] #2: ffffffff8d9e7e48 (rtnl_mutex){+.+.}-{3:3}, at: regdb_fw_cb+0x7e/0x1b0 [ 206.883778][ T27] 2 locks held by getty/3262: [ 206.888451][ T27] #0: ffff88814ad17098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 206.904962][ T27] #1: ffffc9000229b2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6af/0x1db0 [ 206.918613][ T27] 1 lock held by syz-executor.1/3519: [ 206.927514][ T27] #0: ffffffff8d9e7e48 (rtnl_mutex){+.+.}-{3:3}, at: netdev_run_todo+0xa4f/0xc40 [ 206.939126][ T27] 3 locks held by kworker/1:5/3541: [ 206.947787][ T27] #0: ffff88814a77f538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 206.961414][ T27] #1: ffffc90002fb7d20 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 206.973966][ T27] #2: ffffffff8d9e7e48 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xcc/0x1720 [ 206.983663][ T27] 1 lock held by syz-executor.2/3569: [ 206.989033][ T27] #0: ffffffff8d9e7e48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 206.999051][ T27] 1 lock held by syz-executor.3/3570: [ 207.004634][ T27] #0: ffffffff8d9e7e48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 207.014336][ T27] 1 lock held by syz-executor.4/3577: [ 207.021175][ T27] #0: ffffffff8d9e7e48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 207.030863][ T27] 3 locks held by kworker/0:6/3601: [ 207.036059][ T27] #0: ffff888011c71938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 207.048124][ T27] #1: ffffc90003177d20 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 207.059416][ T27] #2: ffffffff8d9e7e48 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x7f/0xb70 [ 207.069018][ T27] 3 locks held by kworker/0:7/3602: [ 207.074913][ T27] #0: ffff88814a77f538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 207.086139][ T27] #1: ffffc90003187d20 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 207.098636][ T27] #2: ffffffff8d9e7e48 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xcc/0x1720 [ 207.108270][ T27] 3 locks held by kworker/0:8/3603: [ 207.113719][ T27] #0: ffff888011c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 207.124299][ T27] #1: ffffc90003197d20 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 207.143956][ T27] #2: ffffffff8d9e7e48 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xa/0x50 [ 207.153451][ T27] 2 locks held by syz-executor.0/3623: [ 207.159039][ T27] 1 lock held by syz-executor.1/3626: [ 207.164734][ T27] #0: ffffffff8d9e7e48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 207.174546][ T27] 1 lock held by syz-executor.0/3632: [ 207.180149][ T27] #0: ffffffff8d9e7e48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 207.189831][ T27] 1 lock held by syz-executor.3/3646: [ 207.195197][ T27] #0: ffffffff8d9e7e48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 207.204926][ T27] 1 lock held by syz-executor.2/3647: [ 207.210742][ T27] #0: ffffffff8d9e7e48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 207.220413][ T27] 1 lock held by syz-executor.4/3652: [ 207.225783][ T27] #0: ffffffff8d9e7e48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 207.235560][ T27] 1 lock held by syz-executor.1/3655: [ 207.242291][ T27] #0: ffffffff8d9e7e48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 207.252167][ T27] 1 lock held by syz-executor.0/3660: [ 207.257542][ T27] #0: ffffffff8d9e7e48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 207.267516][ T27] 1 lock held by syz-executor.3/3666: [ 207.276397][ T27] #0: ffffffff8d9e7e48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 207.288484][ T27] 1 lock held by syz-executor.4/3667: [ 207.297913][ T27] #0: ffffffff8d9e7e48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 207.309853][ T27] 1 lock held by syz-executor.2/3670: [ 207.315224][ T27] #0: ffffffff8d9e7e48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 207.329526][ T27] 1 lock held by syz-executor.1/3677: [ 207.334911][ T27] #0: ffffffff8d9e7e48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 207.349258][ T27] [ 207.351601][ T27] ============================================= [ 207.351601][ T27] [ 207.367203][ T27] NMI backtrace for cpu 1 [ 207.371546][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.159-syzkaller #0 [ 207.379524][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 207.389584][ T27] Call Trace: [ 207.392872][ T27] [ 207.395800][ T27] dump_stack_lvl+0x1e3/0x2d0 [ 207.400483][ T27] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 207.406114][ T27] ? panic+0x860/0x860 [ 207.410191][ T27] ? nmi_cpu_backtrace+0x23b/0x4a0 [ 207.415318][ T27] nmi_cpu_backtrace+0x46a/0x4a0 [ 207.420256][ T27] ? __wake_up_klogd+0xd5/0x100 [ 207.425112][ T27] ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0 [ 207.431266][ T27] ? _printk+0xd1/0x120 [ 207.435426][ T27] ? panic+0x860/0x860 [ 207.439517][ T27] ? __wake_up_klogd+0xcc/0x100 [ 207.444365][ T27] ? panic+0x860/0x860 [ 207.448434][ T27] ? __rcu_read_unlock+0x92/0x100 [ 207.453467][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 207.459544][ T27] nmi_trigger_cpumask_backtrace+0x181/0x2a0 [ 207.465536][ T27] watchdog+0xe72/0xeb0 [ 207.469705][ T27] kthread+0x3f6/0x4f0 [ 207.473774][ T27] ? hungtask_pm_notify+0x50/0x50 [ 207.478803][ T27] ? kthread_blkcg+0xd0/0xd0 [ 207.483408][ T27] ret_from_fork+0x1f/0x30 [ 207.487842][ T27] [ 207.491281][ T27] Sending NMI from CPU 1 to CPUs 0: [ 207.496490][ C0] NMI backtrace for cpu 0 [ 207.496500][ C0] CPU: 0 PID: 1229 Comm: kworker/u4:4 Not tainted 5.15.159-syzkaller #0 [ 207.496515][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 207.496523][ C0] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet [ 207.496545][ C0] RIP: 0010:rcu_is_watching+0x4/0xa0 [ 207.496561][ C0] Code: 5d 41 5e 41 5f 5d c3 e8 7a e9 b2 08 41 f7 c4 00 02 00 00 75 b4 eb b3 e8 5a e9 b2 08 66 2e 0f 1f 84 00 00 00 00 00 41 57 41 56 <53> 65 ff 05 6c 5b 97 7e e8 ff fc b2 08 89 c3 83 f8 08 73 72 49 bf [ 207.496573][ C0] RSP: 0018:ffffc9000554f8c8 EFLAGS: 00000257 [ 207.496584][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8162ac6c [ 207.496594][ C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8de46768 [ 207.496602][ C0] RBP: ffffc9000554fa40 R08: dffffc0000000000 R09: fffffbfff1bc8cee [ 207.496612][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff92000aa9f24 [ 207.496622][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: dffffc0000000000 [ 207.496631][ C0] FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 207.496643][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 207.496653][ C0] CR2: 0000557d14f311b0 CR3: 000000001f76c000 CR4: 00000000003506f0 [ 207.496665][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 207.496673][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 207.496681][ C0] Call Trace: [ 207.496685][ C0] [ 207.496690][ C0] ? nmi_cpu_backtrace+0x39f/0x4a0 [ 207.496706][ C0] ? read_lock_is_recursive+0x10/0x10 [ 207.496721][ C0] ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0 [ 207.496736][ C0] ? unknown_nmi_error+0xd0/0xd0 [ 207.496757][ C0] ? nmi_cpu_backtrace_handler+0x8/0x10 [ 207.496772][ C0] ? nmi_handle+0xf7/0x370 [ 207.496788][ C0] ? rcu_is_watching+0x4/0xa0 [ 207.496802][ C0] ? default_do_nmi+0x62/0x150 [ 207.496818][ C0] ? exc_nmi+0xa8/0x100 [ 207.496832][ C0] ? end_repeat_nmi+0x16/0x31 [ 207.496850][ C0] ? lock_acquire+0xcc/0x4f0 [ 207.496864][ C0] ? rcu_is_watching+0x4/0xa0 [ 207.496878][ C0] ? rcu_is_watching+0x4/0xa0 [ 207.496893][ C0] ? rcu_is_watching+0x4/0xa0 [ 207.496907][ C0] [ 207.496911][ C0] [ 207.496916][ C0] lock_acquire+0xdd/0x4f0 [ 207.496932][ C0] ? read_lock_is_recursive+0x10/0x10 [ 207.496946][ C0] ? _local_bh_enable+0xa0/0xa0 [ 207.496960][ C0] ? rcu_lock_release+0x5/0x20 [ 207.496975][ C0] ? __lock_acquire+0x1ff0/0x1ff0 [ 207.496991][ C0] ? batadv_tvlv_container_ogm_append+0x456/0x4c0 [ 207.497011][ C0] rcu_lock_acquire+0x2a/0x30 [ 207.497025][ C0] ? rcu_lock_acquire+0x5/0x30 [ 207.497039][ C0] batadv_iv_ogm_schedule+0x429/0x1000 [ 207.497057][ C0] ? skb_push+0x93/0x100 [ 207.497076][ C0] ? batadv_iv_send_outstanding_bat_ogm_packet+0x800/0x800 [ 207.497093][ C0] ? batadv_send_skb_packet+0x3bc/0x5f0 [ 207.497114][ C0] batadv_iv_send_outstanding_bat_ogm_packet+0x6fa/0x800 [ 207.497139][ C0] process_one_work+0x8a1/0x10c0 [ 207.497161][ C0] ? worker_detach_from_pool+0x260/0x260 [ 207.497178][ C0] ? _raw_spin_lock_irqsave+0x120/0x120 [ 207.497195][ C0] ? kthread_data+0x4e/0xc0 [ 207.497209][ C0] ? wq_worker_running+0x97/0x170 [ 207.497224][ C0] worker_thread+0xaca/0x1280 [ 207.497240][ C0] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 207.497272][ C0] kthread+0x3f6/0x4f0 [ 207.497285][ C0] ? rcu_lock_release+0x20/0x20 [ 207.497299][ C0] ? kthread_blkcg+0xd0/0xd0 [ 207.497314][ C0] ret_from_fork+0x1f/0x30 [ 207.497335][ C0] [ 207.500122][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 207.853247][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.159-syzkaller #0 [ 207.861226][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 207.871276][ T27] Call Trace: [ 207.874560][ T27] [ 207.877500][ T27] dump_stack_lvl+0x1e3/0x2d0 [ 207.882191][ T27] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 207.887825][ T27] ? panic+0x860/0x860 [ 207.891905][ T27] panic+0x318/0x860 [ 207.895802][ T27] ? schedule_preempt_disabled+0x20/0x20 [ 207.901436][ T27] ? nmi_trigger_cpumask_backtrace+0x221/0x2a0 [ 207.907678][ T27] ? fb_is_primary_device+0xd0/0xd0 [ 207.912878][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 207.918955][ T27] ? nmi_trigger_cpumask_backtrace+0x221/0x2a0 [ 207.925119][ T27] ? nmi_trigger_cpumask_backtrace+0x281/0x2a0 [ 207.931279][ T27] ? nmi_trigger_cpumask_backtrace+0x286/0x2a0 [ 207.937434][ T27] watchdog+0xeb0/0xeb0 [ 207.941602][ T27] kthread+0x3f6/0x4f0 [ 207.945727][ T27] ? hungtask_pm_notify+0x50/0x50 [ 207.951106][ T27] ? kthread_blkcg+0xd0/0xd0 [ 207.955702][ T27] ret_from_fork+0x1f/0x30 [ 207.960128][ T27] [ 207.963378][ T27] Kernel Offset: disabled [ 207.967697][ T27] Rebooting in 86400 seconds..