last executing test programs: 1m12.12892227s ago: executing program 1 (id=1559): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="d8000000180081054e81f782db44b904021d005c06007c09e8fe55a10a0015400500142603600e1208000b0000000401a8001600a400014002000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e", 0x99}], 0x1}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4140aecd, &(0x7f0000000140)) 1m1.060677714s ago: executing program 1 (id=1559): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="d8000000180081054e81f782db44b904021d005c06007c09e8fe55a10a0015400500142603600e1208000b0000000401a8001600a400014002000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e", 0x99}], 0x1}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4140aecd, &(0x7f0000000140)) 48.588595002s ago: executing program 1 (id=1559): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="d8000000180081054e81f782db44b904021d005c06007c09e8fe55a10a0015400500142603600e1208000b0000000401a8001600a400014002000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e", 0x99}], 0x1}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4140aecd, &(0x7f0000000140)) 34.385056154s ago: executing program 1 (id=1559): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="d8000000180081054e81f782db44b904021d005c06007c09e8fe55a10a0015400500142603600e1208000b0000000401a8001600a400014002000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e", 0x99}], 0x1}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4140aecd, &(0x7f0000000140)) 22.249364768s ago: executing program 1 (id=1559): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="d8000000180081054e81f782db44b904021d005c06007c09e8fe55a10a0015400500142603600e1208000b0000000401a8001600a400014002000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e", 0x99}], 0x1}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4140aecd, &(0x7f0000000140)) 19.809862015s ago: executing program 4 (id=2305): r0 = syz_usb_connect(0x0, 0x41, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000e518a708ac0501859d200000690109022f00010000000009040000000e010000152403", @ANYRESHEX], 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) syz_usb_control_io$hid(r0, &(0x7f0000000300)={0x24, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0003080000000803"], 0x0, 0x0}, 0x0) 18.032871317s ago: executing program 4 (id=2315): syz_mount_image$f2fs(&(0x7f00000004c0), &(0x7f0000000040)='./bus\x00', 0x2008412, &(0x7f0000001f80)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000000000000003b814e50a959736d65720f73ecea54b5e5be45ace9a88f723cb005aeff24212c651baef614d442ae89412ad3dcd0b7586d02002a6d6d65cacd4fc5002207ce994dda65c4b1d23a9bd5ba0f4ce5c2b5a5718c6aa918080002223d2753a5cac974110144cd0a1e368652324a41b31e1eb3b32dccbdf8f68bd96a45a75427a5f789d267fd92f6a5540200b81d5b9fa9b40fe4d7fbd50a6afc3a989c6d60045663c59cbdc4c700000000bc7f6b22df0191acf5912afdcc1c061835177068c40f757dd123d2600b1c544f1525aa8d00000000000000000000002e8b5c733d362417c17f527c0bfebec112d57fc69fabb9b31ef97b2147931ff60cdf666c25244218b1f1a6010000000100000020563b835d0e8e9a09070ef1691fcb2f37bda5d4e3d9d7a2d0ac82b45a53001057f321acc45d5e065a461de90100000077d200000000000040b78f0dd3836f5ab2f6a1a5b798bb7752f192c6b48e568973a59cd9c74bd9a14721856c5499cd8f93f8beaa9cf76718ce7244c8426803000000005c000208886b313bd01a22d576e414011a4f0a897515329f86d4585fa0ea17068f8af349696da4a2b3e24310ca52ec51bc23b57897cb55a2d513e6a00765ee3f58b471c54dd57f0af584afe4a21f92b515d7f2fa6fbb273ca0f751e684584320534667aea39ad7222c8ef531f514939177a47395e94c1723abb3fd44fd64fde4b45cc2f55f4ae05ff48648a4c998257856bcdcf2fa02010000001f54fb936570450e91c8d55abad76a7b7a000016f81ec9da9ccc1191c211632266d907e4d9b23496ae19bac24dc23c43f514f1b4af19988bbe61ee29a368a999435d6872d01b79c7821e875859dfbf3c57e4f1fb0be46cb5f7a0fa13516c0926d19dd2d5862085e1e4cb8279be17cba17ee4d06ad97b4ca282e73ea142b01b4a742fa11c0927ba811dd60903d575db449d775021b542db617086b3ed42e6e60fe043cff79b0c067c584bbf82657974c3736912b4b522052b9467d0da116ccc1652d861a420f09aaf67d3e9f6160100000001000000ae6335ad9896abd3cc00413638cb9bc62ab8054325d72e9144cf4f88702f586507e3147198e0bc4060a7c8f4dce73b653177ecf8228e6e6fae02510000000000000000000000000000f43739fdd2d24e50e0233acfe1c8639070fe00f40b0d01f8a0a35fcfe3ea10faf9c24b8488ed4ed83fb06a9a7c57442ede9e1fc2853b8f4d2241cff61d0125b7750e3fdae6a4ab9c776a191ed8098a780ea2bbaa64978cd3a6458fcc6b949bcbca0dceb7361f66e46731eba4f3aed335e7c8c541e82453218a19d39489e1525466ac93759787e767f601931d94c9c426489b741a6bc8abf475e4bf859e1ce7f7227069e9f51e25fa3d1b18dc565180a1af464a1dd697db85e2b27b90f6bd7cf1b6bc0bcd8ba552ced3d3cfbf9c9bc04f65b6f83cb40173b4bdc393d47e5da95b63a40ac18daf11e8d0706b47795fbe2b56d0ea7ffc5a59ede88621a08b25ca6ebe041317b62373a60951af33eb7954a9731aaa125add0913ed2435a207439e9122512d77096747a4b404459cebc8faff8f7a31758e630c75a1ff90402754d339dc21cf6b8e04e1aedf14df0b4aaf0e03194df3eb41ba066bc343b323a3162d7e7ba687633c2faa8f28b42364b72e3a457476fd6b2a54e670ba798172c44c4390f73fdab743a4cac88b2bd0545b8483f2e2f9846b138a4d8a7332978da70e9050417087c5ae034a735e8b448dd9701404", @ANYRES32], 0x5, 0x553b, &(0x7f000000ac00)="$eJzs3EtvG1UUAOA7TtPSJxFiwa4jVUiJVFt12lSwC9CKh0gV8ViwAsd2LLe2J4odJ2SFBEvEgn+CQGLFkt/AgjU7xALEDgnkuWNKKI9WduKk/T5pfGbujM+cO7ISnRnLAXhiLaS//pyES+FsCGEuhHAhCfl6Uiy51RieCyFcDiGU/rIkxfifA6dDCOdCCJdGyWPOpNj1+dXhlZWf3vjlm+/OnDr/xdffz27WwKw9H0LobsX13W6MWSvGu8V4bdjOY/fGsIhxR/desZ3FuNvcyDPs1sbH1fJ4vRWPz7Z2+qO42anVR7HV3szHt3rxhP1ha5wnf8Pd2na+3Whu5LHdz/LY2o917e3Hv237/UHM0yjyfZinD4PBOMbx5l4zzmfrXh7rvUExHvNmjebeKA6LWJwu1LNOI69jY5Irfby92e7t7KXD5na/nfXSlUr1hUr1Zrm6nTWag+aNcq3buHkjXWx1RoeVB81ad7WVZa1Os1LPukvpYqteL1er6eKt5ka71kur1cr1yrXyylKxdjV99c67aaeRLo7iy+3ezul2p59uZttpfMdSuly5/uJSeqWavr22nq6/dfv22vo77996785La6+/Uhz0QFnp4vK15eVy9Vp5ubp0DOY/+r/7kPMfTDL/T4qiH2H+yWSXB/6bDxjAI3ug/w/6f+DwnfT+P0yz/x+1VPr//+9/S5P3/xP1v8e1/z/B84eJ6P8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5YP8x/+Vq+shC3zxfjF4uhZ4rtJIRQCiH8/g/mwukDOeeKPPP/cvz832r4Ngl5htE5zhTLuRDCarH89vRhXwUAAAB4fH310eXPYrceXxZmXRBHKd60KV34YEr5khDC/MKPU8pWGr08O6Vk+ef7VNibUrb8BtZTU0oWb7mdmla2hzI3Dh9fvD+YTyiJoXSk5QAAAEdi7kA42i4EAACAo/TprAtgNpIwfpQ5fhacf/P+/qPNswf2AQAAACdQMusCAAAAgEOX9/9+/w8AAAAeb/H3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4g537uU0ciOIA/GwwsP+0aLX3bWVvUEZKyDHHQAFpghJIC2mAGsgtJUQQYY+QHIEUiXGsoO+TPM7Y0W9mgMsbSwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NJztZ4/3v97uDRnt79MntUAAAAAp2yr9bz+Y9r0f6Trv9KlP6lfREQZEadq90GMWpmDlFOd+f/q3RyeIuqEwxjjdHyPiP/peP3d9acAAAAA12uzXM2aar1ppn1PiM/UbNqUP28y5RURUU1fMqWVh+ZvprD69z2Mu0xp9QbWJFNYs+U2PH1vlGuQtkHrlFYyWdRfYt0ruxkXAADoU7sSOFOFAAAAcAVu+54A/SiOzfE547g5pQeC31o9AAAA4Asq+p4AAAAA0Lm6/vf+PwAAALhuzfv/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NK2Ws83y9Xs3P3FB3N2+8vkWxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBv7844CIRAGYbB3fWcy9z+sNGhobFIFwsffGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzPSwqEQBBEwZzxv5O+/2ElQc8gQgQ0PKqoRQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzcP28cRRQA8Hd7t5c/gDAGuTCgIFFAQ+xLSEgJBcii4CMgWc45GC4EEhckskBuoEKu0yAoEUICmS7fIXUspQldChdGogbt3u5lkxhyiszuEv9+0uy8Pa9m3uydLD/P2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAafedeCkp4m52mBnH5Wu39jZWsn7ngT5zY+v2fNayuPOoib55++CTb7eXqycn5ionX9WfDAAAAIdDt6zvI+JOur2U9clMXv+n5TVZzf/9M+O4rOcfrPt39jaOFl+aL+v/3369+8JkopnxPNmgq2uj4eLDqfT+oyW23rOPvKKX3/n8dy/d/A1J3t98fjfN72fn25s33+3n4ZE6sgUAHsfJsi+C8uehrB80mRgAh0avUniX9X93ptmcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOqwuxlPlXEnIuZ79+LMzt7Gyn79ja3b82U7e/36VnXMbIg0IlbXRsO0xrW03ZWr1z5ZHo2Gl+sPTkREc7MXwYdTXBPx79cUH89obhX/HHTakUajQVK8P23J5yCD8rN38CM39A0JAIAnVlq0rK6/k24vZa91ZiP++uH++v+1ShxT1v93Pzp7qzpXtf4f1LbC9ltYv/jZwpWr195Yu7h8YXhh+OmbpwZvDU6fO3Pm3EJ2rxYXViMZLjadJgAAAP9j/aJV6/9k9uH9/+OVOKas/z//bvBlda6u+n9f9zb9ms4EAADgMOpPoude+fOPzj5XdPr9+GJ5ff3yYHycnJ8aH2tN9zEdKVq1/u/ONp0VAAAAUIfdzc59+//nK3FMuf//9I8v/lwdsxsRxyIuRcTw5Mql0fn6ltNqdfyhcj5Rv+mVAgAA0JRjRavu/6f58//J5JGHJCJef3Ucl//rapr6v/ve1z9V56o+/3+6viW2UjI3vh95PxfRm2s6IwAAAJ5kR4uWFfu/p9tLH/9y/IO+5/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6vZ3AAAA//+pzDYD") ioctl$F2FS_IOC_SET_PIN_FILE(0xffffffffffffffff, 0x4004f50d, &(0x7f0000000180)=0xfffffff9) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) bind$unix(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)) creat(&(0x7f0000000080)='./bus\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) write$binfmt_elf64(r1, &(0x7f00000004c0)=ANY=[], 0xfe3c) 16.60122977s ago: executing program 4 (id=2326): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001240)={{0x14}, [@NFT_MSG_DELOBJ={0x34, 0x14, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_OBJ_HANDLE={0xc}, @NFTA_OBJ_TYPE={0x8}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x5c}}, 0x0) 16.161160999s ago: executing program 4 (id=2327): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) io_submit(0x0, 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/partitions\x00', 0x0, 0x0) r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) sendfile(r2, r1, &(0x7f00000000c0)=0x58, 0x9) 15.004885704s ago: executing program 4 (id=2332): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)="d8000000180081054e81f782db4cb904021d0800fe00fe05e8fe55a10a0015000600142603600e1208000f007f370301a8001600a40002400f000100035c0461c1d67f6f94007134cf6edb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090014d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00350db798262f3d40fad95667e006dcdf63951f215c3f8b6ad2cba0e2375ee535e3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1}, 0x0) 14.929845965s ago: executing program 4 (id=2333): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000340)={'batadv_slave_0\x00', 0x0}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) process_vm_readv(0x0, &(0x7f0000008400)=[{0x0}], 0x1, &(0x7f0000008640)=[{0x0}], 0x1, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x80000000, 0x0, 0xffffffffffffffff, 0xfffffffb, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5}, 0x48) sendmsg$nl_route_sched_retired(r0, 0x0, 0x40) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000080005300000000faff0000940000000fad413e550000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r1}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) write$cgroup_int(r3, &(0x7f00000001c0)=0x2, 0xfffffdef) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x16, &(0x7f0000000340)={[{@grpjquota}, {@noblock_validity}, {@nouid32}, {@jqfmt_vfsv0}, {@nogrpid}, {@nouid32}, {@resuid={'resuid', 0x3d, 0xee00}}, {@data_err_abort}, {@grpid}, {@noauto_da_alloc}, {@nolazytime}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0xff}}]}, 0x0, 0x4f0, &(0x7f0000000640)="$eJzs3d9rW9cdAPDvla38dGZn20MWWGaWDCdskex4ScwesgzG9hTYlr2nxpaNsWwZS05iE4pD/4BCKW2hT33qS6F/QKHkTyiFQPte2tJSmqR56EurIumqtV0pdlLLCtbnAyf33F/+nqOgo3N0DroB9KzhiLgaEX0RcS4iBtPjmTTFeiPVrnv08M5ULSVRrV7/OokkPdb8W0m6PZredigi/vfviHhQrW6NW15dm58sFgvL6X6+srCUL6+unZ9bmJwtzBYWx8fHLk1cnrg4MfrMdbu5IT8UEVf++flrL7/9ryvv/+XWJze+PPtirbwD6fmN9dhNjdckW38tmvojYrkTwbqgL61PttsFAQBgR2r9019HxB/r/f/B6Kv35gAAAID9pPr3gfrcTRUAAADYtzL1NbBJJpeu9x2ITCaXa6zh/W0cyRRL5cqfZ0ori9ONtbJDkc3MzBULo+la4aHIJrX9sXSNbXP/wpb98Yg4HhGvDh6u7+emSsXpbn/5AQAAAD3i6Jbx/+PBxvgfAAAA2GeGul0AAAAAoOOM/wEAAGD/M/4HAACAfe0/167VUrX5/Ovpm6sr86Wb56cL5fncwspUbqq0vJSbLZVm67/Zt7Dd3yuWSkt/jcWV2/lKoVzJl1fXbiyUVhYrN+Y2PQIbAAAA2EPH/3Dv4yQi1v92uJ4iiTiQnst2uWxAZ2We5uLPOlcOYO/1dbsAQNf0d7sAQNcY4wPJNufbLt75YPfLAgAAdMbI77bM/4f5f+gVTzX/D+wr5v+hd7WY/7ckAHpEVg8Ael7n5/+r1acqEAAAsOsG6inJ5NK5wIHIZHK5iGP1xwJkk5m5YmE0In4VER8NZg/W9sfqdybbjhkAAAAAAAAAAAAAAAAAAAAAAAAAgIZqNYnqM3j8LDcBAAAAXRGR+SJJn/81MnhmYOv3AweSbwfr24i49eb1129PVirLY7XjD348XnkjPX5hmy8bPGwcAAAA9kRznN4cxwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAbnr08M5UM+1l3K/+ERFDreL3x6H69lBkI+LIN0n0b7gviYi+XYi/fjciTrSKn9SKFUNpKbbGz0TE4S7HP7oL8aGX3au1P1dbvf8yMVzftn7/9afpl9rY/tWag43xm+1fX5v279gOY5y8/26+bfy7ESf7W7c/zfhJm/in20Y8uGnvhf+vrbW7svpWxEjLz59kU6x8ZWEpX15dOz+3MDlbmC0sjo+PXZq4PHFxYjQ/M1cspP+2jPHK79/7/kn1P9Im/tA29T/Ttv6bfXf/9sPfNLLZVvHPnt4cfzg9d6JN/Ez62fenNF87P9LMrzfyG51658NTafZnH1m1+NNt6r/d///ZHdb/3H9f+nSHlwIAe6C8ujY/WSwWljueGW59qtkj2qtiyDx/mb7YfKTZ9d/tWLVu63NS5ec/08VGCQAA6IifOv07uHjThPvBzhUKAAAAAAAAAAAAAAAAAAAAesxe/JzY1pjr3akqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAT/RAAAP//b2XLiA==") syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000280)='./file0\x00', 0x18d8086, &(0x7f0000000100)=ANY=[@ANYBLOB="756e695f786c6174653d312c73686f72746e616d653d77696e39352c756e695f786c6174653d312c646f733178666c6f7070792c757466383d312c757466383d302c73686f72746e616d653d77696e6e742c73686f72746e616d653d6c6f7765722c756e695f786c6174653d312c009aaa21b508352ac75af86d4f32151f53248eb7ec539fff0bd244bb2559d414561138c259cecc8dccf4475a9e05a9b714d4939bee6cf0f1e7a889f8100c41c843380270c2e4a4b5ba0d68cc15c5"], 0x0, 0x23d, &(0x7f00000004c0)="$eJzs3EGLG2UYB/Cn29rubmmzBxEUxBe96GXoxk8QpAUxoKyNqAdh6k40ZEyWTFiJiPXm1c9RPHoT1C+wF2/eve1F8NKDGGmyaZM2IoJ11Px+EOZJ3vzhGTKE5w1kTt/+8qN+t8q6+Ti2tlNsbceZrUUR55ZeORcXY9nn8dLlX3589s133n2t1W5fP0jpRuvmy82U0tXnvv3406+e/358+a2vr35zKU723jv9ufnTyVMnT5/+dvPDXpV6VRoMxylPt4bDcX6rLNJhr+pnKb1RFnlVpN6gKkYr691yeHQ0Sfng8Mru0aioqpQPJqlfTNJ4mMajSco/yHuDlGVZurIb/JnOnYODvFV3Fzxeo1ErPx8RO4+sdO7U0hAAUKtH5v97I/3diD3z/wYw/2+Ce/P/7sqOfsH8DwAAAAAAAAAAAAAA/wV3p9PGdDptLI6Lx6WI2I6IxfO6++Tx8PlvtqU/7m1HlF8cd4478+N8vdWNXpRRxLVoxK+z6+HMvL7xavv6tTSzF9+Vt8/yt48751fz+9GIvfX5/Xk+reafiN3lfDMa8eT6fHNt/mK8+MJSPotG/PB+DHfKOJxd1w/yn+2n9Mrr7YfyO7P3AQAAwP9Blu5bu3/Psj9an+f/wu8DD+2vL8QzF+o9dwAAANgU1eSTfl6WxUihUCjuF3V/MwEAAH+3B0N/3Z0AAAAAAAAAAAAAAAAAAADA5vonbidW9zkCAAAAAAAAAAAAAAAAAAAAAADAv8XvAQAA//+LHy6J") 9.973186195s ago: executing program 1 (id=1559): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="d8000000180081054e81f782db44b904021d005c06007c09e8fe55a10a0015400500142603600e1208000b0000000401a8001600a400014002000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e", 0x99}], 0x1}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4140aecd, &(0x7f0000000140)) 5.020983235s ago: executing program 0 (id=2398): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x22004006, &(0x7f00000010c0)={[{@jqfmt_vfsold}, {@nouid32}, {@nobh}, {@stripe={'stripe', 0x3d, 0xffff}}, {@block_validity}, {@grpjquota, 0x22}], [], 0x2}, 0xc4, 0x46f, &(0x7f0000000940)="$eJzs3EtvG0UcAPD/rpv0RR6U8ugDaiiIiELSpAUqxAUEUi9ISHCAY0hDFZq2qAkSrSpaECpHxCcAjkh8Ak5wQcAJxBXuCKlCvVA4IKO1d4kT28Gx67qpfz9p45l9eOa/uxPP7ngdwMAqZ3+SiEpE/BIRY7Xs6hXKtZfr1y7O/XXt4lwSlcorfyTV9f68dnGuWLXYbmeemUgj0g+T2Nek3KXzF07NLi7On8vzU8un355aOn/hiYXTsyfnT86fmTl27OiR6aefmnnyhsQ5ktV173tn9+85/vonL81V4o3vv8zqe0e+vD6OmvGuyyxHefW+rBqu/n2k63e/tYzUpZMtfawIG1KKiOxwDVXb/1iUYuXgjcWLH/S1ckBPVSqVytaGuaUicbkC3MaS6HcNgP4oPuiz699iuondj767+lztAiiL+3o+1ZZsiTR72Va7Yh/pUfnliHjt8t+fZlM0vQ/R3LYe1QcAuP19nfV/Hm/W/xtN7qlbbzQfGxqPiEMRsSsi7oqI3RFxd0Rk694bEfdtsPzymnxj/+en7R0F1qas//dsPra1uv+XFquMl/LcSDX+oeTNhcX5w/k+mYihrVl+ep0yvnnh549bLavv/2VTVn7RF8zr8fuWNTfoTswuz3YTc71nFmqvjfGv3BdIImJPROzt4P2zfbbw2Bf7s/Tozsbl/x//Om7AOFPl84hHa/FfjjXxF5JaSa3GJ6e2xeL84anirGj0w49XXq7PD9Wlu4r/Brj6fsSOFse/qmgGxXjt0sbLuPLrRy2vaTo9/4eTV6vp4Xzeu7PLy+emI4bzGavmz6xsW+SL9bP4Jw42i3802RXxz2f5dvsiIjuJ74+IByLiQF73ByPioYg4uE783z3/8Fvr76H+Hv8T6x3/iPGkfry+g0Tp1LdftSq/veN/tJqayOe08/+v3Qp2s+8AAABgs0ir34FP0sn/0mk6OVn7Dv/u2JEunl1aPlSOd86cqH1XfjyG0uJO11jd/dDp/N5wkZ9Zkz8SEXdW7yhur+Yn584u9mpMHWjPzhbtP/Nbqd+1A3puQ+NojU+0AZuY5zVhcGn/MLi0fxhc2j8Mrmbt/1LE9T5UBbjJfP7D4NL+YXBp/zC4tH8YSI2PxBc/t9LJk/4riV3Hu9p8gBKlHr1z1P9oRw8SkfZ913WeSG+FahzIE1sjot2tLvX0mK49fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADa/fwMAAP//GCvoLw==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000000)=@v2={0x2, @aes256, 0x0, '\x00', @c}) 4.614100714s ago: executing program 0 (id=2400): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34565559}}) listen(0xffffffffffffffff, 0x0) r4 = openat$uhid(0xffffffffffffff9c, &(0x7f00000005c0), 0x802, 0x0) write$UHID_SET_REPORT_REPLY(r4, &(0x7f0000000600), 0xc) 3.969006088s ago: executing program 2 (id=2401): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000180)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xf, &(0x7f0000000240)={r4, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.572292373s ago: executing program 0 (id=2403): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x82, &(0x7f0000000040)={r1}, &(0x7f0000000080)=0x18) 3.156857415s ago: executing program 0 (id=2404): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x1000}, 0x4) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62) sendto$packet(r0, &(0x7f00000000c0)="3f033608260812002c001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) r2 = syz_io_uring_setup(0x279, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)=0x0) syz_io_uring_setup(0x60e6, &(0x7f0000000280), &(0x7f0000000300)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r2, 0x3701, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000ec0)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)=""/23, 0x17}], 0x1}}, {{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000500)=""/62, 0x3e}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) 3.027915696s ago: executing program 2 (id=2405): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r1, @ANYBLOB="0a003400020202020202000004001e01090049"], 0x70}}, 0x0) 2.904217331s ago: executing program 0 (id=2407): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000280)={[{@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x88}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@lazytime}, {@usrquota}, {@data_err_abort}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000001200)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") open(&(0x7f00000002c0)='./bus\x00', 0x4c143, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x84182, 0x0) ftruncate(r0, 0x2007ffb) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x13, r0, 0x0) preadv2(r0, &(0x7f0000000400)=[{&(0x7f0000001140)=""/4096, 0x2007ffb}], 0x1, 0x10000, 0x0, 0x1d) 2.75449845s ago: executing program 3 (id=2409): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x22004006, &(0x7f00000010c0)={[{@jqfmt_vfsold}, {@nouid32}, {@nobh}, {@stripe={'stripe', 0x3d, 0xffff}}, {@block_validity}, {@grpjquota, 0x22}], [], 0x2}, 0xc4, 0x46f, &(0x7f0000000940)="$eJzs3EtvG0UcAPD/rpv0RR6U8ugDaiiIiELSpAUqxAUEUi9ISHCAY0hDFZq2qAkSrSpaECpHxCcAjkh8Ak5wQcAJxBXuCKlCvVA4IKO1d4kT28Gx67qpfz9p45l9eOa/uxPP7ngdwMAqZ3+SiEpE/BIRY7Xs6hXKtZfr1y7O/XXt4lwSlcorfyTV9f68dnGuWLXYbmeemUgj0g+T2Nek3KXzF07NLi7On8vzU8un355aOn/hiYXTsyfnT86fmTl27OiR6aefmnnyhsQ5ktV173tn9+85/vonL81V4o3vv8zqe0e+vD6OmvGuyyxHefW+rBqu/n2k63e/tYzUpZMtfawIG1KKiOxwDVXb/1iUYuXgjcWLH/S1ckBPVSqVytaGuaUicbkC3MaS6HcNgP4oPuiz699iuondj767+lztAiiL+3o+1ZZsiTR72Va7Yh/pUfnliHjt8t+fZlM0vQ/R3LYe1QcAuP19nfV/Hm/W/xtN7qlbbzQfGxqPiEMRsSsi7oqI3RFxd0Rk694bEfdtsPzymnxj/+en7R0F1qas//dsPra1uv+XFquMl/LcSDX+oeTNhcX5w/k+mYihrVl+ep0yvnnh549bLavv/2VTVn7RF8zr8fuWNTfoTswuz3YTc71nFmqvjfGv3BdIImJPROzt4P2zfbbw2Bf7s/Tozsbl/x//Om7AOFPl84hHa/FfjjXxF5JaSa3GJ6e2xeL84anirGj0w49XXq7PD9Wlu4r/Brj6fsSOFse/qmgGxXjt0sbLuPLrRy2vaTo9/4eTV6vp4Xzeu7PLy+emI4bzGavmz6xsW+SL9bP4Jw42i3802RXxz2f5dvsiIjuJ74+IByLiQF73ByPioYg4uE783z3/8Fvr76H+Hv8T6x3/iPGkfry+g0Tp1LdftSq/veN/tJqayOe08/+v3Qp2s+8AAABgs0ir34FP0sn/0mk6OVn7Dv/u2JEunl1aPlSOd86cqH1XfjyG0uJO11jd/dDp/N5wkZ9Zkz8SEXdW7yhur+Yn584u9mpMHWjPzhbtP/Nbqd+1A3puQ+NojU+0AZuY5zVhcGn/MLi0fxhc2j8Mrmbt/1LE9T5UBbjJfP7D4NL+YXBp/zC4tH8YSI2PxBc/t9LJk/4riV3Hu9p8gBKlHr1z1P9oRw8SkfZ913WeSG+FahzIE1sjot2tLvX0mK49fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADa/fwMAAP//GCvoLw==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000000)=@v2={0x2, @aes256, 0x0, '\x00', @c}) 2.527268479s ago: executing program 2 (id=2410): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)={0x264, 0x0, 0x400, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME={0x23c, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, @device_a, @broadcast, @random="90e488f9971a", {}, @value=@ver_80211n={0x0, 0xc, 0x2, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x1}}, 0x0, @random, 0x0, @void, @void, @val={0x3, 0x1}, @val={0x4, 0x6}, @void, @void, @void, @val={0x2a, 0x1}, @void, @void, @val={0x72, 0x6}, @void, @void, [{0xdd, 0x6, "2d5014b2109a"}, {0xdd, 0x6, "ce9a1a6153bf"}, {0xdd, 0x5d, "eb13a8b3df323b58645505746aa35226d44912415c3d4ac256aa5c2291a3317d27815fda589135d0308f4ff131b3c4a96dde0f9c497c9bbde281223c0596f01156deb1f851f7602fb2299c382c07898a4d7dddbc046ef6a9b938b13f76"}, {0xdd, 0xe4, "4f2a899e94bcf0613609929460dda7b3421f2af277170aab1eef1bc7a6bad283ec72e75c78d8f4f30f5e2ee79daf8ece54852b5b93eabb5832b001d39227230802e601a7f9749d370367565ddb88a137c4572cce24103d4337027917c48d29a1860dad1f99fe412ea5a5eff0a43812f63ec34a05279e6dc25839f828e60b01f9b6a65bf411101d89dc154716566458aa4111340a6d895801f8d51908b9bdd47762550f4ee51c8a3f64cfe2f8b701e79d393a957fa4e3e620099b226f683280ec0f5d85f9c59d29d9159126c9f114d0e08f17f96e4757dd81825d8f432246cdb8ab571fcf"}, {0xdd, 0x65, "5dad8ac12f96664d51c30bd3379c2d305630cd93fec0b4249d429b451f52399f26b866650e0e9464949a974045190fa9251c8b6aacda7ecc351ee9cb5512364284512cf7643040ee1f52573ed7bb7527b9a86fc2f33bffce71947a0f29cfb9ac7bd9e7642c"}, {0xdd, 0x3c, "83534cd40fda26eabadf3814f88fa9c5d39124ac6ffcf2583cbdd58fa0969b3e6783c46ed2318e977c080347f36fa8d773079f6224521c4c8b10e4a9"}]}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x264}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r7, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(0xffffffffffffffff, 0x28, 0x6, &(0x7f0000000080)={0x0, 0xea60}, 0x10) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @host}, 0x10) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000), 0x10) connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, @host}, 0x10) getsockopt$packet_int(0xffffffffffffffff, 0x107, 0xb, &(0x7f0000000000), &(0x7f0000000040)=0x4) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000003100)={@ifindex, 0xffffffffffffffff, 0x11, 0x10, 0xffffffffffffffff, @prog_fd}, 0x20) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'syztnl1\x00', &(0x7f00000001c0)={'syztnl0\x00', 0x0, 0x2f, 0x6e, 0x1, 0x2fb, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x15}}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x40, 0x80, 0x800, 0xe5b}}) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x3, 0xe, &(0x7f0000000200)=ANY=[@ANYRESOCT=r6], &(0x7f00000001c0)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2c, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000005b000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r8, 0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xe5) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f00000006c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x1, 0xffffffff}}, @int={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4}]}}, &(0x7f0000000740)=""/105, 0x42, 0x69, 0x1}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000008c0)={r9, 0x0, 0x14, 0x0, &(0x7f00000006c0)="f6f4e9a1d78ad62ceef1884366a578bb3fb7dbfc", 0x0, 0x0, 0x0, 0x9, 0x0, &(0x7f0000000240)="482eadffffffffffff", 0x0}, 0x50) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000000)={r3, 0x1, 0x6, @multicast}, 0x10) r10 = socket$nl_route(0x10, 0x3, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000240)=ANY=[@ANYBLOB="ffffffffffff0180c2000b0086dd6012000800383a00fc010000000000000000000000000000ff02000000000000000000000000000101"], 0x0) sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010000100"/20, @ANYRES32=0x0, @ANYBLOB="00e7ff0000000000140003007465616d5f736c6176655f300000000008000a"], 0x3c}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r0, @ANYBLOB="0000000002000000b70500000800000085000000aa00000095"], &(0x7f0000000300)='GPL\x00', 0x9, 0x1002, &(0x7f00000004c0)=""/4098}, 0x90) socket$nl_generic(0x10, 0x3, 0x10) 2.362012105s ago: executing program 0 (id=2411): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x10, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$bind(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x0, 0x0) mount$bind(&(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x0, 0x89101a, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0) open_tree(0xffffffffffffff9c, 0x0, 0x89901) umount2(&(0x7f0000000180)='./file0\x00', 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000e09d7040460a2196324f01020301090224000100000000090400000206d345000905010210000000"], 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0x0, 0x16}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000500)={0x0, "b7c913bb682eaddb954b9baa9e3beb3f62952860388464c531987523195928cd2bb67fb432881f0131abc85d7e683ac8222e8038d1cec8de23ca68d11b0e6b1e"}, 0x48, 0xffffffffffffffff) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "00f13000"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x16) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) mlock2(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x0) 2.256753664s ago: executing program 3 (id=2412): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34565559}}) listen(0xffffffffffffffff, 0x0) r4 = openat$uhid(0xffffffffffffff9c, &(0x7f00000005c0), 0x802, 0x0) write$UHID_SET_REPORT_REPLY(r4, &(0x7f0000000600), 0xc) 2.029088836s ago: executing program 2 (id=2413): syz_mount_image$minix(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0xc00, &(0x7f0000000200), 0x1, 0x172, &(0x7f0000000240)="$eJzs20tOwlAUxvGvPBTx/TaOTEyME6kCCWEmC3ADzghUQixqxAnExLgUd+JO3AAM3IA1to0KcVDbQI39/xJyz+TrvR0c7mGAACTWqbdkDeXcwnGchz1J52eSMvGeDcBkOf765gBInjStDyTUsJZ27/9nQ3p5vW8M/E8u4PwwrKW8wpAG3/JzQfOPhrvuZkbzeUnzQeaXJy9/oNH8wi/3z4/lFwPnvfc/3B/NL0lalrQiaVXSmqR1SRuSNn/Yvzm2/07A/QEAAAAACOLj12chaj7KAyRdtG3rOGQ26+dPQuZn/HwxYr4UMj/r5wuNa7sZ8hlAWKmY+z8dsf8zEfsfSLJur39Zt23rloKCguKziPubCcCkmXedG7Pb6x+1O/WW1bKuypVqtVIuFaumO5abUYZzAH/a16Uf90kAAAAAAAAAAAAAAEBYW5K24z4EAAAAgKmYxt+J4n5HAAAAAAAAAAAAAAD+u/cAAAD//wATSxg=") 1.604871422s ago: executing program 2 (id=2414): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000039000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000000)="f30f6f9d0400f30f1bc281fe0000dca300000f01cff20f225b0f6b0bd9f5ba410066b8d18b000066ef0f20c06635000001000f22c0", 0x35}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) 1.244047787s ago: executing program 3 (id=2415): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000180)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xf, &(0x7f0000000240)={r4, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.036230205s ago: executing program 2 (id=2416): socket$inet(0x2, 0x1, 0x0) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000002000)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e", @ANYRESDEC=0x0], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) pselect6(0x40, &(0x7f0000004580), &(0x7f0000000080)={0x3fe}, 0x0, 0x0, 0x0) 273.285928ms ago: executing program 3 (id=2417): bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x16, 0x0, 0xffff, 0x6, 0x4}, 0x48) 137.084517ms ago: executing program 3 (id=2418): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000600), 0xfec8) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0xc8}, {&(0x7f0000000140)=""/9, 0x9}], 0x2, 0x0, 0x0, 0x2000000}}], 0x1, 0x0, 0x0) 0s ago: executing program 3 (id=2419): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r1, @ANYBLOB="0a003400020202020202000004001e01090049"], 0x70}}, 0x0) kernel console output (not intermixed with test programs): 385.268688][T13042] veth1_macvtap: entered promiscuous mode [ 385.299804][T13042] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.311060][T13042] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.321326][T13042] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.331915][T13042] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.342588][T13042] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.363159][T13042] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.383227][T13042] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.403171][T13042] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.414788][T13042] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 385.417127][T13042] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 385.433360][T13042] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.444688][T13210] loop0: detected capacity change from 0 to 32768 [ 385.445293][T13210] XFS: attr2 mount option is deprecated. [ 385.451248][T13042] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 385.467531][T13210] XFS: ikeep mount option is deprecated. [ 385.467553][T13210] XFS: noikeep mount option is deprecated. [ 385.468213][T13042] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.468232][T13042] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 385.468248][T13042] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.468262][T13042] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 385.468275][T13042] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.469595][T13042] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 385.483060][T13042] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 385.496445][T13210] XFS (loop0): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 385.506811][T13042] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 385.549658][T13210] XFS (loop0): Ending clean mount [ 385.560189][T13042] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 385.568241][T13210] XFS (loop0): Quotacheck needed: Please wait. [ 385.571454][T13042] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 385.604045][T13210] XFS (loop0): Quotacheck: Done. [ 385.649876][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 385.650224][ T47] usb 3-1: USB disconnect, device number 20 [ 385.656837][ C0] cm109 3-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 385.673993][ T47] cm109 3-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 385.705840][T12900] XFS (loop0): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 385.715476][ T2461] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 385.728229][ T2461] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 385.758614][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 385.770282][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 385.781597][ T53] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 385.793284][ T5102] Bluetooth: hci3: command tx timeout [ 385.885726][ T53] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 385.938517][ T53] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 386.001890][ T53] bridge_slave_1: left allmulticast mode [ 386.008668][ T53] bridge_slave_1: left promiscuous mode [ 386.014930][ T53] bridge0: port 2(bridge_slave_1) entered disabled state [ 386.026963][ T53] bridge_slave_0: left allmulticast mode [ 386.032604][ T53] bridge_slave_0: left promiscuous mode [ 386.039397][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 386.138286][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 386.150084][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 386.160105][ T53] bond0 (unregistering): Released all slaves [ 386.448121][T13234] loop2: detected capacity change from 0 to 2048 [ 386.548560][T13234] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 386.588152][ T53] hsr_slave_0: left promiscuous mode [ 386.607034][ T53] hsr_slave_1: left promiscuous mode [ 386.742556][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 386.751723][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 386.762377][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 386.770556][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 386.788826][ T53] veth1_macvtap: left promiscuous mode [ 386.810634][ T53] veth0_macvtap: left promiscuous mode [ 387.020147][ T53] veth1_vlan: left promiscuous mode [ 387.049528][ T53] veth0_vlan: left promiscuous mode [ 387.065414][ T5100] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 387.072720][ T5100] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 387.080187][ T5100] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 387.087800][ T5100] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 387.095132][ T5100] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 387.102343][ T5100] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 387.176719][T13245] loop2: detected capacity change from 0 to 512 [ 387.215816][T13245] EXT4-fs: Ignoring removed mblk_io_submit option [ 387.293386][T13245] EXT4-fs (loop2): Test dummy encryption mode enabled [ 387.358834][T13245] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0102] [ 387.367954][T13245] System zones: 1-12 [ 387.377696][T13245] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.2205: casefold flag without casefold feature [ 387.392209][T13245] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.2205: couldn't read orphan inode 15 (err -117) [ 387.427441][T13245] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 387.652938][ T53] team0 (unregistering): Port device team_slave_1 removed [ 387.993306][ T5100] Bluetooth: hci3: command tx timeout [ 388.143770][ T53] team0 (unregistering): Port device team_slave_0 removed [ 388.144660][T13232] loop4: detected capacity change from 0 to 32768 [ 388.203559][T13232] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 388.290520][T12859] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 388.366424][T13232] XFS (loop4): Ending clean mount [ 388.435844][T13232] XFS (loop4): Quotacheck needed: Please wait. [ 388.479256][T13265] loop3: detected capacity change from 0 to 512 [ 388.488115][T13232] XFS (loop4): Quotacheck: Done. [ 388.528803][T13265] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #15: comm syz.3.2208: casefold flag without casefold feature [ 388.563075][T13265] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2208: couldn't read orphan inode 15 (err -117) [ 388.565158][T13232] Process accounting resumed [ 388.594185][T13265] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 388.670561][T13042] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 388.734295][T13265] loop3: detected capacity change from 512 to 0 [ 388.773594][T13265] bio_check_eod: 17 callbacks suppressed [ 388.773615][T13265] syz.3.2208: attempt to access beyond end of device [ 388.773615][T13265] loop3: rw=524288, sector=10, nr_sectors = 2 limit=0 [ 388.804169][T13271] syz.3.2208: attempt to access beyond end of device [ 388.804169][T13271] loop3: rw=12288, sector=72, nr_sectors = 2 limit=0 [ 388.827665][T13265] syz.3.2208: attempt to access beyond end of device [ 388.827665][T13265] loop3: rw=524288, sector=12, nr_sectors = 2 limit=0 [ 388.867182][T13241] chnl_net:caif_netlink_parms(): no params data found [ 388.874145][T13265] syz.3.2208: attempt to access beyond end of device [ 388.874145][T13265] loop3: rw=524288, sector=14, nr_sectors = 2 limit=0 [ 388.941686][T13265] syz.3.2208: attempt to access beyond end of device [ 388.941686][T13265] loop3: rw=524288, sector=16, nr_sectors = 2 limit=0 [ 388.957849][T13265] syz.3.2208: attempt to access beyond end of device [ 388.957849][T13265] loop3: rw=524288, sector=20, nr_sectors = 2 limit=0 [ 388.975714][T13265] syz.3.2208: attempt to access beyond end of device [ 388.975714][T13265] loop3: rw=524288, sector=22, nr_sectors = 2 limit=0 [ 388.995433][T13265] syz.3.2208: attempt to access beyond end of device [ 388.995433][T13265] loop3: rw=524288, sector=24, nr_sectors = 2 limit=0 [ 389.039604][T13265] syz.3.2208: attempt to access beyond end of device [ 389.039604][T13265] loop3: rw=524288, sector=26, nr_sectors = 2 limit=0 [ 389.057180][T13266] loop0: detected capacity change from 0 to 40427 [ 389.058177][T13262] loop2: detected capacity change from 0 to 40427 [ 389.065322][T13265] syz.3.2208: attempt to access beyond end of device [ 389.065322][T13265] loop3: rw=12288, sector=18, nr_sectors = 2 limit=0 [ 389.077429][T13266] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 389.092882][T13265] EXT4-fs error (device loop3): ext4_get_inode_loc:4574: inode #18: block 9: comm syz.3.2208: unable to read itable block [ 389.096120][T13266] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 389.106069][T13265] buffer_io_error: 14 callbacks suppressed [ 389.106083][T13265] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 389.115974][T13266] F2FS-fs (loop0): invalid crc value [ 389.120601][T13265] EXT4-fs (loop3): I/O error while writing superblock [ 389.134160][T13241] bridge0: port 1(bridge_slave_0) entered blocking state [ 389.140959][T13265] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5810: IO failure [ 389.152573][T13266] F2FS-fs (loop0): Found nat_bits in checkpoint [ 389.159100][ T5100] Bluetooth: hci1: command tx timeout [ 389.170874][T13262] F2FS-fs (loop2): Found nat_bits in checkpoint [ 389.190179][T13241] bridge0: port 1(bridge_slave_0) entered disabled state [ 389.198010][T13241] bridge_slave_0: entered allmulticast mode [ 389.205129][T13265] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 389.205149][T13241] bridge_slave_0: entered promiscuous mode [ 389.221707][T13241] bridge0: port 2(bridge_slave_1) entered blocking state [ 389.228961][T13241] bridge0: port 2(bridge_slave_1) entered disabled state [ 389.229057][T13265] EXT4-fs (loop3): I/O error while writing superblock [ 389.236341][T13241] bridge_slave_1: entered allmulticast mode [ 389.250735][T13241] bridge_slave_1: entered promiscuous mode [ 389.261164][T13265] EXT4-fs error (device loop3): ext4_dirty_inode:6014: inode #18: comm syz.3.2208: mark_inode_dirty error [ 389.272715][ T4516] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 389.280834][T13265] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 389.285462][T13262] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 389.292422][T13266] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 389.298602][T13265] EXT4-fs (loop3): I/O error while writing superblock [ 389.313721][T13266] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 389.341578][T11884] EXT4-fs error (device loop3): ext4_get_inode_loc:4574: inode #2: block 5: comm syz-executor: unable to read itable block [ 389.358876][T11884] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 389.367313][T11884] EXT4-fs (loop3): I/O error while writing superblock [ 389.374188][T11884] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5810: IO failure [ 389.382995][T11884] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 389.393427][T11884] EXT4-fs (loop3): I/O error while writing superblock [ 389.400214][T11884] EXT4-fs error (device loop3): ext4_dirty_inode:6014: inode #2: comm syz-executor: mark_inode_dirty error [ 389.412036][T11884] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 389.420366][T11884] EXT4-fs (loop3): I/O error while writing superblock [ 389.430879][T13241] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 389.453730][T12859] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 389.469254][T13241] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 389.493289][ T4516] usb 5-1: Using ep0 maxpacket: 16 [ 389.500064][ T4516] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 389.508273][ T4516] usb 5-1: config 0 has no interface number 0 [ 389.510570][ T53] EXT4-fs error (device loop3): __ext4_get_inode_loc_noinmem:4559: inode #18: block 9: comm kworker/u8:3: unable to read itable block [ 389.518732][ T4516] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 389.540716][ T4516] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 389.556907][ T4516] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 389.567284][ T53] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 389.575892][ T4516] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 389.601699][ T53] EXT4-fs (loop3): I/O error while writing superblock [ 389.608592][ T4516] usb 5-1: Product: syz [ 389.612790][ T4516] usb 5-1: SerialNumber: syz [ 389.618860][ T53] EXT4-fs error (device loop3): __ext4_get_inode_loc_noinmem:4559: inode #2: block 5: comm kworker/u8:3: unable to read itable block [ 389.736937][ T4516] usb 5-1: config 0 descriptor?? [ 389.805514][ T4516] cm109 5-1:0.8: invalid payload size 0, expected 4 [ 389.863261][ T53] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 389.873073][ T4516] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input23 [ 389.894094][T13241] team0: Port device team_slave_0 added [ 389.905932][ T53] EXT4-fs (loop3): I/O error while writing superblock [ 389.918259][T13241] team0: Port device team_slave_1 added [ 389.930887][ T62] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 389.942213][T12439] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 389.955054][ T62] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 389.965735][T12439] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 390.065274][T13241] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 390.072265][T13241] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 390.098195][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 390.116392][T13241] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 390.130557][T13241] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 390.140411][T13241] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 390.168414][T13241] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 390.239489][T13241] hsr_slave_0: entered promiscuous mode [ 390.255145][T13241] hsr_slave_1: entered promiscuous mode [ 390.283286][T13241] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 390.290911][T13241] Cannot create hsr debugfs directory [ 390.414060][T13289] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2212'. [ 390.454006][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 390.461204][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 390.468493][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 390.475655][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 390.482796][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 390.489948][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 390.497115][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 390.504256][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 390.511367][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 390.530337][ C1] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 390.563474][ T5149] usb 5-1: USB disconnect, device number 28 [ 390.570152][ T5149] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 390.672604][ C0] eth0: bad gso: type: 1, size: 1408 [ 390.803939][ T5102] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 390.813626][ T5102] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 390.823691][ T5102] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 390.832765][ T5102] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 390.858781][ T5102] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 390.869674][ T5102] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 390.965787][T13294] loop0: detected capacity change from 0 to 32768 [ 391.136908][T13241] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 391.150303][T13241] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 391.253309][ T5100] Bluetooth: hci1: command tx timeout [ 391.430456][T13312] loop4: detected capacity change from 0 to 128 [ 391.478598][T13299] chnl_net:caif_netlink_parms(): no params data found [ 391.551725][T13241] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 391.562049][T13312] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 391.563608][T13241] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 391.584805][T13312] ext4 filesystem being mounted at /3/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 391.626660][T13042] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 391.712982][T13299] bridge0: port 1(bridge_slave_0) entered blocking state [ 391.731205][T13299] bridge0: port 1(bridge_slave_0) entered disabled state [ 391.751482][T13299] bridge_slave_0: entered allmulticast mode [ 391.771605][T13299] bridge_slave_0: entered promiscuous mode [ 391.885940][T13299] bridge0: port 2(bridge_slave_1) entered blocking state [ 391.900148][T13299] bridge0: port 2(bridge_slave_1) entered disabled state [ 391.909114][T13299] bridge_slave_1: entered allmulticast mode [ 391.916385][T13299] bridge_slave_1: entered promiscuous mode [ 391.958913][T13299] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 391.985994][T13299] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 392.040790][T13299] team0: Port device team_slave_0 added [ 392.061055][T13299] team0: Port device team_slave_1 added [ 392.069166][T13324] loop0: detected capacity change from 0 to 1764 [ 392.076514][T13324] iso9660: Unknown parameter '0x0000000000000000000000000000000000002' [ 392.095132][T13319] loop4: detected capacity change from 0 to 40427 [ 392.114783][T13319] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 392.125867][T13319] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 392.135822][T13299] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 392.142775][T13299] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 392.167466][T13319] F2FS-fs (loop4): invalid crc value [ 392.173981][ T5149] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 392.192903][T13324] loop0: detected capacity change from 0 to 512 [ 392.202765][T13319] F2FS-fs (loop4): Found nat_bits in checkpoint [ 392.212201][T13299] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 392.242421][T13324] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.2221: bg 0: block 5: invalid block bitmap [ 392.250355][T13299] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 392.266410][T13299] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 392.293023][T13324] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 392.293724][T13299] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 392.316770][T13324] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.2221: invalid indirect mapped block 3 (level 2) [ 392.332723][T13324] EXT4-fs (loop0): 1 orphan inode deleted [ 392.333776][T13319] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 392.340200][T13324] EXT4-fs (loop0): 1 truncate cleaned up [ 392.355181][T13319] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 392.359226][T13324] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 392.383703][T13241] 8021q: adding VLAN 0 to HW filter on device bond0 [ 392.393334][ T5149] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 392.411100][ T5149] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 392.448603][T13299] hsr_slave_0: entered promiscuous mode [ 392.453553][T13324] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 392.456533][ T5149] usb 3-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 392.477278][T13299] hsr_slave_1: entered promiscuous mode [ 392.484329][T13299] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 392.491935][ T5149] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 392.501244][T13299] Cannot create hsr debugfs directory [ 392.554622][T13241] 8021q: adding VLAN 0 to HW filter on device team0 [ 392.602026][ T5149] usb 3-1: config 0 descriptor?? [ 392.638757][ T6013] bridge0: port 1(bridge_slave_0) entered blocking state [ 392.645940][ T6013] bridge0: port 1(bridge_slave_0) entered forwarding state [ 392.687395][T13241] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 393.098535][ T5100] Bluetooth: hci2: command tx timeout [ 393.109749][ T5149] arvo 0003:1E7D:30D4.0013: unknown main item tag 0x0 [ 393.119042][ T5149] arvo 0003:1E7D:30D4.0013: unknown main item tag 0x0 [ 393.127482][ T62] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 393.137998][ T62] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 393.147427][T13241] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 393.148728][ T5149] arvo 0003:1E7D:30D4.0013: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.2-1/input0 [ 393.183024][ T6013] bridge0: port 2(bridge_slave_1) entered blocking state [ 393.190203][ T6013] bridge0: port 2(bridge_slave_1) entered forwarding state [ 393.207681][T12900] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 393.305688][ T5100] Bluetooth: hci1: command tx timeout [ 393.311987][ T5149] arvo 0003:1E7D:30D4.0013: couldn't init struct arvo_device [ 393.326793][ T5149] arvo 0003:1E7D:30D4.0013: couldn't install keyboard [ 393.335167][ T5149] arvo 0003:1E7D:30D4.0013: probe with driver arvo failed with error -5 [ 393.365763][T13338] loop0: detected capacity change from 0 to 256 [ 393.435232][T13299] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 393.515441][ T5149] usb 3-1: USB disconnect, device number 21 [ 393.558019][T13299] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 394.046634][T13241] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 394.126913][T13299] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 394.318450][T13241] veth0_vlan: entered promiscuous mode [ 394.329237][T13241] veth1_vlan: entered promiscuous mode [ 394.342852][T13299] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 394.892951][T13241] veth0_macvtap: entered promiscuous mode [ 394.902469][T13241] veth1_macvtap: entered promiscuous mode [ 394.937224][T13241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 394.950886][T13241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.961201][T13241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 394.974163][T13241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.986386][T13241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 394.997911][T13241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.008757][T13241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 395.021282][T13241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.034428][T13241] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 395.057304][T13241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 395.078416][T13241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.099904][T13241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 395.125754][T13241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.143416][ T5100] Bluetooth: hci2: command tx timeout [ 395.144781][T13241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 395.159428][ T6013] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 395.188053][T13241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.203229][T13241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 395.213892][T13241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.226614][T13241] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 395.251885][T13241] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.271190][T13241] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.290113][T13241] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.309042][T13241] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.329734][T13299] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 395.355539][T13299] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 395.364283][ T6013] usb 1-1: Using ep0 maxpacket: 32 [ 395.383558][ T5100] Bluetooth: hci1: command tx timeout [ 395.384014][ T6013] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 395.408389][T13299] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 395.431921][ T6013] usb 1-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 395.461551][T13299] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 395.468660][ T6013] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 395.471622][T13354] loop4: detected capacity change from 0 to 32768 [ 395.483406][ T6013] usb 1-1: Product: syz [ 395.483428][ T6013] usb 1-1: Manufacturer: syz [ 395.483442][ T6013] usb 1-1: SerialNumber: syz [ 395.488903][T13354] XFS: noikeep mount option is deprecated. [ 395.511968][ T6013] usb 1-1: config 0 descriptor?? [ 395.534413][T13350] loop2: detected capacity change from 0 to 32768 [ 395.538368][ T6013] usb 1-1: bad CDC descriptors [ 395.541018][T13354] XFS (loop4): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 395.557291][T13350] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.2229 (13350) [ 395.560364][ T6013] usb 1-1: unsupported MDLM descriptors [ 395.592275][T13350] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 395.595990][T13354] XFS (loop4): Ending clean mount [ 395.603459][T13350] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 395.616554][ T7116] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 395.617843][T13350] BTRFS info (device loop2): using free-space-tree [ 395.632288][ T7116] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 395.642330][T13354] XFS (loop4): Quotacheck needed: Please wait. [ 395.669289][ T7116] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 395.680551][T13354] XFS (loop4): Quotacheck: Done. [ 395.683567][ T7116] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 395.720594][T13350] BTRFS info (device loop2): checking UUID tree [ 395.740544][T13042] XFS (loop4): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 395.756394][ T6013] usb 1-1: USB disconnect, device number 24 [ 395.761999][T13299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 395.821565][T13299] 8021q: adding VLAN 0 to HW filter on device team0 [ 395.837307][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 395.844493][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 395.876447][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 395.883630][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 395.926142][T12859] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 395.969601][T13380] loop4: detected capacity change from 0 to 128 [ 395.989312][T13380] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 396.012213][T13380] ext4 filesystem being mounted at /8/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 396.098050][T13042] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 396.127120][T13388] loop2: detected capacity change from 0 to 1024 [ 396.142709][T13388] EXT4-fs: Ignoring removed nobh option [ 396.150560][T13388] EXT4-fs: Ignoring removed orlov option [ 396.158664][T13299] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 396.161689][T13390] ERROR: device name not specified. [ 396.198270][T13388] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 396.203885][T13299] veth0_vlan: entered promiscuous mode [ 396.223899][T13299] veth1_vlan: entered promiscuous mode [ 396.256118][T13299] veth0_macvtap: entered promiscuous mode [ 396.280187][T13299] veth1_macvtap: entered promiscuous mode [ 396.326550][T13299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 396.353720][T13299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 396.399857][T13299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 396.428819][T13299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 396.441303][T13299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 396.463407][T13299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 396.483455][T13299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 396.496919][T13396] loop0: detected capacity change from 0 to 2048 [ 396.504162][T13299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 396.514240][T13299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 396.526069][T13299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 396.541294][T13396] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 396.551687][T13299] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 396.588862][T13394] loop4: detected capacity change from 0 to 40427 [ 396.597829][T13394] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 396.609256][T13394] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 396.623575][T13394] F2FS-fs (loop4): invalid crc value [ 396.630024][T13299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 396.641057][T13299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 396.651296][T13299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 396.664165][T13299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 396.674603][T13299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 396.685842][T13394] F2FS-fs (loop4): Found nat_bits in checkpoint [ 396.703150][T13299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 396.712995][T13299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 396.743347][T13299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 396.754757][T13299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 396.771966][T13299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 396.785893][T13299] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 396.800155][T13299] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.805689][T13394] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 396.809705][T13299] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.816385][T13394] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 396.828849][T13299] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.845330][T13299] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.846888][T12859] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 396.988148][ T62] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.188982][ T62] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.223322][ T5100] Bluetooth: hci2: command tx timeout [ 397.446699][T13404] bio_check_eod: 42 callbacks suppressed [ 397.446733][T13404] syz.4.2235: attempt to access beyond end of device [ 397.446733][T13404] loop4: rw=2049, sector=77824, nr_sectors = 536 limit=40427 [ 397.743540][ T62] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.762449][ T53] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 397.794193][ T7116] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 397.802045][ T7116] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 397.828080][ T53] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 397.858786][ T62] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.944825][ T7116] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 397.975584][ T7116] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 397.993783][ T5102] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 398.002071][ T5102] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 398.013760][ T5102] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 398.032775][ T5102] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 398.040676][ T5102] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 398.048274][ T5102] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 398.118806][ T62] bridge_slave_1: left allmulticast mode [ 398.133205][ T62] bridge_slave_1: left promiscuous mode [ 398.147543][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 398.181740][ T62] bridge_slave_0: left allmulticast mode [ 398.199368][T13417] loop3: detected capacity change from 0 to 2048 [ 398.207910][ T62] bridge_slave_0: left promiscuous mode [ 398.214547][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 398.230178][T13417] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 398.428393][T13419] loop3: detected capacity change from 0 to 512 [ 398.457772][T13419] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.2243: corrupted in-inode xattr: invalid ea_ino [ 398.502301][T13419] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2243: couldn't read orphan inode 15 (err -117) [ 398.518448][T13419] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 398.534834][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 398.572743][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 398.589637][ T62] bond0 (unregistering): Released all slaves [ 398.639303][T13419] fscrypt (loop3, inode 18): Direct key flag not allowed with different contents and filenames modes [ 398.699508][T13430] loop4: detected capacity change from 0 to 1764 [ 398.708606][T13430] iso9660: Unknown parameter '0x0000000000000000000000000000000000002' [ 398.730372][T13299] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 398.822123][T13430] loop4: detected capacity change from 0 to 512 [ 398.875334][T13430] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.2245: bg 0: block 5: invalid block bitmap [ 398.888344][T13430] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 398.901571][T13430] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.2245: invalid indirect mapped block 3 (level 2) [ 398.917650][T13430] EXT4-fs (loop4): 1 orphan inode deleted [ 398.930858][T13430] EXT4-fs (loop4): 1 truncate cleaned up [ 398.942512][T13430] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 398.948964][ T62] hsr_slave_0: left promiscuous mode [ 398.979008][ T62] hsr_slave_1: left promiscuous mode [ 398.996472][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 399.008402][T13430] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 399.008462][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 399.038932][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 399.046603][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 399.060920][T13440] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2248'. [ 399.070926][ T62] veth1_macvtap: left promiscuous mode [ 399.080331][ T62] veth0_macvtap: left promiscuous mode [ 399.088790][ T62] veth1_vlan: left promiscuous mode [ 399.095448][ T62] veth0_vlan: left promiscuous mode [ 399.166796][T13442] loop0: detected capacity change from 0 to 2048 [ 399.195524][T13442] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 399.303187][ T5100] Bluetooth: hci2: command tx timeout [ 399.435734][T13042] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 399.473939][ T62] team0 (unregistering): Port device team_slave_1 removed [ 399.535915][ T62] team0 (unregistering): Port device team_slave_0 removed [ 399.765962][T13412] chnl_net:caif_netlink_parms(): no params data found [ 399.836698][T13412] bridge0: port 1(bridge_slave_0) entered blocking state [ 399.843879][T13412] bridge0: port 1(bridge_slave_0) entered disabled state [ 399.851136][T13412] bridge_slave_0: entered allmulticast mode [ 399.858741][T13412] bridge_slave_0: entered promiscuous mode [ 399.868812][T13412] bridge0: port 2(bridge_slave_1) entered blocking state [ 399.876078][T13412] bridge0: port 2(bridge_slave_1) entered disabled state [ 399.883405][T13412] bridge_slave_1: entered allmulticast mode [ 399.890473][T13412] bridge_slave_1: entered promiscuous mode [ 399.911389][T13412] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 399.923056][T13412] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 399.949050][T13412] team0: Port device team_slave_0 added [ 399.956673][T13412] team0: Port device team_slave_1 added [ 399.991198][T13412] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 399.998270][T13412] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 400.026160][T13412] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 400.042897][T13412] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 400.051086][T13412] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 400.077592][T13412] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 400.103341][ T5100] Bluetooth: hci1: command tx timeout [ 400.127149][T13412] hsr_slave_0: entered promiscuous mode [ 400.134049][T13412] hsr_slave_1: entered promiscuous mode [ 400.141295][T13412] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 400.151006][T13412] Cannot create hsr debugfs directory [ 400.227052][ T62] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 400.376745][ T62] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 400.458808][ T62] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 400.516798][T13412] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 400.530849][ T62] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 400.543312][T13412] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 400.553761][T13412] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 400.562534][T13412] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 400.580748][T13412] bridge0: port 2(bridge_slave_1) entered blocking state [ 400.587934][T13412] bridge0: port 2(bridge_slave_1) entered forwarding state [ 400.595411][T13412] bridge0: port 1(bridge_slave_0) entered blocking state [ 400.602473][T13412] bridge0: port 1(bridge_slave_0) entered forwarding state [ 400.671678][T13452] loop4: detected capacity change from 0 to 1024 [ 400.696588][ T62] bridge_slave_1: left allmulticast mode [ 400.702349][ T62] bridge_slave_1: left promiscuous mode [ 400.721436][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 400.754468][ T62] bridge_slave_0: left allmulticast mode [ 400.760152][ T62] bridge_slave_0: left promiscuous mode [ 400.773406][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 400.912333][ T5102] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 400.925269][ T5102] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 400.938899][ T5102] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 400.948916][ T5102] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 400.956745][ T5102] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 400.970254][ T5102] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 401.048507][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 401.067465][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 401.077796][ T62] bond0 (unregistering): Released all slaves [ 401.117453][T13450] loop0: detected capacity change from 0 to 40427 [ 401.125873][ T47] bridge0: port 1(bridge_slave_0) entered disabled state [ 401.127482][T13450] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 401.140951][ T47] bridge0: port 2(bridge_slave_1) entered disabled state [ 401.141123][T13450] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 401.161676][T13450] F2FS-fs (loop0): invalid crc value [ 401.187801][T13450] F2FS-fs (loop0): Found nat_bits in checkpoint [ 401.242603][T13412] 8021q: adding VLAN 0 to HW filter on device bond0 [ 401.243729][T13450] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 401.258232][T13450] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 401.291160][T13470] loop4: detected capacity change from 0 to 512 [ 401.301743][T13412] 8021q: adding VLAN 0 to HW filter on device team0 [ 401.326584][T13470] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.2256: corrupted in-inode xattr: invalid ea_ino [ 401.340459][T13470] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.2256: couldn't read orphan inode 15 (err -117) [ 401.354523][T13470] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 401.399564][T13470] fscrypt (loop4, inode 18): Direct key flag not allowed with different contents and filenames modes [ 401.439696][ T6013] bridge0: port 1(bridge_slave_0) entered blocking state [ 401.446890][ T6013] bridge0: port 1(bridge_slave_0) entered forwarding state [ 401.472709][T13042] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 401.488244][ T62] hsr_slave_0: left promiscuous mode [ 401.494635][ T62] hsr_slave_1: left promiscuous mode [ 401.500655][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 401.511761][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 401.519828][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 401.529375][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 401.551209][ T62] veth1_macvtap: left promiscuous mode [ 401.557189][ T62] veth0_macvtap: left promiscuous mode [ 401.563082][ T62] veth1_vlan: left promiscuous mode [ 401.670376][T13477] syz.0.2250: attempt to access beyond end of device [ 401.670376][T13477] loop0: rw=2049, sector=77824, nr_sectors = 536 limit=40427 [ 401.810717][ T62] veth0_vlan: left promiscuous mode [ 402.016836][ T2461] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 402.029364][ T2461] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 402.061111][T13480] loop4: detected capacity change from 0 to 2048 [ 402.078746][T13480] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 402.184262][ T5100] Bluetooth: hci1: command tx timeout [ 402.192755][ T62] team0 (unregistering): Port device team_slave_1 removed [ 402.231782][ T62] team0 (unregistering): Port device team_slave_0 removed [ 402.532421][ T47] bridge0: port 2(bridge_slave_1) entered blocking state [ 402.539622][ T47] bridge0: port 2(bridge_slave_1) entered forwarding state [ 402.561558][T13484] loop0: detected capacity change from 0 to 2048 [ 402.580280][T13484] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=18576, location=18576 [ 402.603930][T13484] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 402.718517][T13457] chnl_net:caif_netlink_parms(): no params data found [ 402.872836][T13457] bridge0: port 1(bridge_slave_0) entered blocking state [ 402.929517][T13457] bridge0: port 1(bridge_slave_0) entered disabled state [ 402.940056][T13457] bridge_slave_0: entered allmulticast mode [ 402.944129][T13497] loop0: detected capacity change from 0 to 1764 [ 402.955809][T13497] iso9660: Unknown parameter '0x0000000000000000000000000000000000002' [ 402.956937][T13457] bridge_slave_0: entered promiscuous mode [ 402.972844][T13457] bridge0: port 2(bridge_slave_1) entered blocking state [ 402.980079][T13457] bridge0: port 2(bridge_slave_1) entered disabled state [ 402.991776][T13457] bridge_slave_1: entered allmulticast mode [ 403.001752][T13457] bridge_slave_1: entered promiscuous mode [ 403.036012][T13501] loop4: detected capacity change from 0 to 1024 [ 403.062914][T13497] loop0: detected capacity change from 0 to 512 [ 403.069950][ T5100] Bluetooth: hci4: command tx timeout [ 403.081994][T13457] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 403.099477][T13457] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 403.102739][T13497] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.2262: bg 0: block 5: invalid block bitmap [ 403.125099][T13497] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 403.146937][T13497] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.2262: invalid indirect mapped block 3 (level 2) [ 403.167554][T13412] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 403.179782][T13457] team0: Port device team_slave_0 added [ 403.187776][T13457] team0: Port device team_slave_1 added [ 403.199980][T13497] EXT4-fs (loop0): 1 orphan inode deleted [ 403.218019][T13497] EXT4-fs (loop0): 1 truncate cleaned up [ 403.226720][T13497] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 403.249617][T13457] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 403.258169][T13457] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 403.295400][T13457] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 403.306451][T13497] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 403.332383][T13457] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 403.339593][T13457] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 403.365650][T13457] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 403.407058][T13412] veth0_vlan: entered promiscuous mode [ 403.442779][T13412] veth1_vlan: entered promiscuous mode [ 403.486635][T13457] hsr_slave_0: entered promiscuous mode [ 403.498253][T13457] hsr_slave_1: entered promiscuous mode [ 403.505468][T13457] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 403.514493][T13457] Cannot create hsr debugfs directory [ 403.603814][T12900] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 403.684753][T13412] veth0_macvtap: entered promiscuous mode [ 403.717665][T13412] veth1_macvtap: entered promiscuous mode [ 403.756409][T13412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 403.769209][T13412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.779182][T13412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 403.790412][T13412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.800281][T13412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 403.810909][T13412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.820809][T13412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 403.831946][T13412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.845895][T13412] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 403.859315][T13508] netlink: 'syz.0.2265': attribute type 10 has an invalid length. [ 403.884329][T13508] batman_adv: batadv0: Adding interface: team0 [ 403.890643][T13508] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 403.916067][T13508] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 403.937567][T13412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 403.949491][T13412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.960311][T13412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 403.971243][T13412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.983120][T13412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 403.993946][T13412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 404.010672][T13412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 404.024689][T13412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 404.041796][T13412] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 404.056066][T13412] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 404.065503][T13412] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 404.074769][T13412] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 404.083560][T13412] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 404.149873][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 404.166889][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 404.192103][ T7665] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 404.207058][ T7665] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 404.264669][ T5100] Bluetooth: hci1: command tx timeout [ 404.514166][ T5146] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 404.711376][T13457] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 404.722355][T13457] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 404.732639][T13457] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 404.744081][T13457] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 404.783493][ T5146] usb 3-1: Using ep0 maxpacket: 8 [ 404.792470][ T5146] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 404.809517][ T5146] usb 3-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 404.826572][ T5146] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 404.828139][T13457] 8021q: adding VLAN 0 to HW filter on device bond0 [ 404.841142][ T5146] usb 3-1: SerialNumber: syz [ 404.855651][ T5146] usb 3-1: config 0 descriptor?? [ 404.860639][T13457] 8021q: adding VLAN 0 to HW filter on device team0 [ 404.864854][ T6009] bridge0: port 1(bridge_slave_0) entered blocking state [ 404.874410][ T6009] bridge0: port 1(bridge_slave_0) entered forwarding state [ 404.889530][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 404.896700][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 405.092861][ T5146] usb 3-1: Found UVC 0.00 device (05ac:8501) [ 405.123241][ T5146] usb 3-1: No valid video chain found. [ 405.143648][ T5100] Bluetooth: hci4: command tx timeout [ 405.270385][T13520] loop0: detected capacity change from 0 to 40427 [ 405.281732][T13520] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 405.290221][T13457] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 405.297924][ T4516] usb 3-1: USB disconnect, device number 22 [ 405.304374][T13520] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 405.334940][T13520] F2FS-fs (loop0): invalid crc value [ 405.358688][T13520] F2FS-fs (loop0): Found nat_bits in checkpoint [ 405.388298][T13457] veth0_vlan: entered promiscuous mode [ 405.404937][T13457] veth1_vlan: entered promiscuous mode [ 405.444494][T13457] veth0_macvtap: entered promiscuous mode [ 405.456751][T13520] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 405.458406][T13457] veth1_macvtap: entered promiscuous mode [ 405.473583][T13520] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 405.501578][T13457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 405.521552][T13457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.534900][T13457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 405.545814][T13457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.555689][T13457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 405.583164][T13457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.595937][T13457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 405.606524][T13457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.618655][T13457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 405.629746][T13457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.644711][T13457] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 405.686897][T13457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 405.706037][T13457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.726915][T13457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 405.769608][T13457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.791447][T13457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 405.933626][T13535] syz.0.2268: attempt to access beyond end of device [ 405.933626][T13535] loop0: rw=2049, sector=77824, nr_sectors = 536 limit=40427 [ 406.038543][T13457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 406.048746][T13457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 406.093607][T13457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 406.175186][T13528] loop4: detected capacity change from 0 to 32768 [ 406.210440][T13528] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.2270 (13528) [ 406.231010][T13457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 406.254572][T13457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 406.281603][T13528] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 406.284028][ T7665] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 406.303247][T13528] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 406.305145][T13457] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 406.311959][T13528] BTRFS info (device loop4): using free-space-tree [ 406.327543][ T7665] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 406.339861][T13537] loop2: detected capacity change from 0 to 512 [ 406.341127][T13457] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.354118][ T5100] Bluetooth: hci1: command tx timeout [ 406.372331][T13457] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.381818][T13537] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found [ 406.390890][T13537] UDF-fs: Scanning with blocksize 512 failed [ 406.393136][T13457] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.413218][T13537] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found [ 406.428460][T13537] UDF-fs: Scanning with blocksize 1024 failed [ 406.438726][T13457] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.463815][T13537] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found [ 406.471310][T13537] UDF-fs: Scanning with blocksize 2048 failed [ 406.481828][T13537] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 406.511020][T13537] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 406.658282][ T7665] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 406.678188][ T7665] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 406.717684][ T7665] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 406.840611][ T7665] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 407.122057][T13042] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 407.362247][T13558] loop0: detected capacity change from 0 to 2048 [ 407.393050][T13558] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 407.451056][T13561] /dev/nbd2: Can't open blockdev [ 407.475555][T13563] loop4: detected capacity change from 0 to 1024 [ 407.677827][T13572] loop2: detected capacity change from 0 to 8 [ 407.693883][T13572] Can't find a SQUASHFS superblock on loop2 [ 407.988329][T13576] can: request_module (can-proto-0) failed. [ 408.012973][T13574] ALSA: seq fatal error: cannot create timer (-22) [ 408.040451][T13574] loop2: detected capacity change from 0 to 128 [ 408.051326][T13574] FAT-fs (loop2): bogus logical sector size 0 [ 408.058825][T13574] FAT-fs (loop2): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 408.068992][T13574] FAT-fs (loop2): Can't find a valid FAT filesystem [ 408.168620][T13567] loop4: detected capacity change from 0 to 40427 [ 408.186601][T13567] F2FS-fs (loop4): invalid crc value [ 408.205709][T13567] F2FS-fs (loop4): Found nat_bits in checkpoint [ 408.311304][T13567] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 408.474769][T13042] syz-executor: attempt to access beyond end of device [ 408.474769][T13042] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 408.494439][T13042] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 408.828077][T13591] loop4: detected capacity change from 0 to 1024 [ 408.852626][T13591] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 408.891802][T13042] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 408.904006][ T5147] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 408.928036][T13596] loop4: detected capacity change from 0 to 512 [ 408.932984][T13589] loop0: detected capacity change from 0 to 32768 [ 408.937652][T13596] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 408.947717][T13589] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.2283 (13589) [ 408.950311][T13596] UDF-fs: Scanning with blocksize 512 failed [ 408.968360][T13596] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 408.976255][T13596] UDF-fs: Scanning with blocksize 1024 failed [ 408.977931][T13589] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 408.993027][T13596] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 408.993051][T13596] UDF-fs: Scanning with blocksize 2048 failed [ 408.994035][T13596] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 408.995145][T13596] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 409.004358][T13589] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 409.035750][T13589] BTRFS info (device loop0): using free-space-tree [ 409.127351][T12900] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 409.183277][ T5147] usb 3-1: Using ep0 maxpacket: 8 [ 409.191920][ T5147] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 409.206945][ T5147] usb 3-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 409.216154][ T5147] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 409.517829][T13615] loop0: detected capacity change from 0 to 64 [ 409.629447][ T5147] usb 3-1: SerialNumber: syz [ 409.646562][ T5147] usb 3-1: config 0 descriptor?? [ 409.747951][T13621] tipc: Started in network mode [ 409.752841][T13621] tipc: Node identity aaaaaaaaaa2b, cluster identity 4711 [ 409.760558][T13621] tipc: Enabled bearer , priority 0 [ 409.872901][T13625] loop0: detected capacity change from 0 to 2048 [ 409.886770][ T5147] usb 3-1: Found UVC 0.00 device (05ac:8501) [ 409.893860][ T5147] usb 3-1: No valid video chain found. [ 409.896877][T13625] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 409.924057][ T29] audit: type=1804 audit(1720756894.980:395): pid=13625 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2290" name="/newroot/41/file0/bus" dev="loop0" ino=16 res=1 errno=0 [ 409.925382][T13625] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.2290: bg 0: block 234: padding at end of block bitmap is not set [ 409.960673][T13625] EXT4-fs (loop0): Remounting filesystem read-only [ 409.981652][T12900] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 410.121643][ T6009] usb 3-1: USB disconnect, device number 23 [ 410.175707][ T6013] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 410.933541][ T5149] tipc: Node number set to 8497834 [ 411.114867][ T6013] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 411.143174][ T6013] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 411.164898][ T6013] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 411.169264][T13638] loop0: detected capacity change from 0 to 1024 [ 411.193320][ T6013] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 411.238616][ T6013] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 411.273132][ T6013] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 411.297665][ T6013] usb 5-1: config 0 descriptor?? [ 411.319516][ T5102] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 411.335167][ T5102] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 411.342471][ T5102] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 411.350467][ T5102] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 411.353013][T13647] loop2: detected capacity change from 0 to 64 [ 411.371776][ T5102] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 411.386231][ T5102] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 411.398670][ T2461] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.468429][T13649] loop0: detected capacity change from 0 to 8192 [ 411.476713][T13649] REISERFS warning (device loop0): super-6509 reiserfs_parse_options: nolargeio option is no longer supported [ 411.660879][T13644] chnl_net:caif_netlink_parms(): no params data found [ 411.718331][T13644] bridge0: port 1(bridge_slave_0) entered blocking state [ 411.725853][T13644] bridge0: port 1(bridge_slave_0) entered disabled state [ 411.733052][T13644] bridge_slave_0: entered allmulticast mode [ 411.740369][T13644] bridge_slave_0: entered promiscuous mode [ 411.741875][ T6013] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 411.750546][T13644] bridge0: port 2(bridge_slave_1) entered blocking state [ 411.761187][T13644] bridge0: port 2(bridge_slave_1) entered disabled state [ 411.761594][ T6013] plantronics 0003:047F:FFFF.0014: No inputs registered, leaving [ 411.770727][T13644] bridge_slave_1: entered allmulticast mode [ 411.779299][ T6013] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 411.786339][T13644] bridge_slave_1: entered promiscuous mode [ 411.821776][T13644] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 411.833871][T13644] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 411.858307][T13644] team0: Port device team_slave_0 added [ 411.866767][T13644] team0: Port device team_slave_1 added [ 411.886212][T13644] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 411.893344][T13644] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 411.920615][T13644] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 411.932794][T13644] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 411.939837][T13644] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 411.965774][T13644] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 411.996849][T13644] hsr_slave_0: entered promiscuous mode [ 412.002982][T13644] hsr_slave_1: entered promiscuous mode [ 412.009144][T13644] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 412.018776][T13644] Cannot create hsr debugfs directory [ 412.090190][ T9] usb 5-1: USB disconnect, device number 29 [ 412.125118][T13644] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.168676][T13644] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.217974][T13644] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.258040][T13644] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.337385][T13644] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 412.349389][T13644] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 412.358348][T13644] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 412.369428][T13644] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 412.391074][T13644] bridge0: port 2(bridge_slave_1) entered blocking state [ 412.398194][T13644] bridge0: port 2(bridge_slave_1) entered forwarding state [ 412.405545][T13644] bridge0: port 1(bridge_slave_0) entered blocking state [ 412.412609][T13644] bridge0: port 1(bridge_slave_0) entered forwarding state [ 412.429296][ T4516] bridge0: port 1(bridge_slave_0) entered disabled state [ 412.437360][ T4516] bridge0: port 2(bridge_slave_1) entered disabled state [ 412.480748][T13644] 8021q: adding VLAN 0 to HW filter on device bond0 [ 412.496247][T13644] 8021q: adding VLAN 0 to HW filter on device team0 [ 412.508101][ T5151] bridge0: port 1(bridge_slave_0) entered blocking state [ 412.515267][ T5151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 412.534952][ T5151] bridge0: port 2(bridge_slave_1) entered blocking state [ 412.542106][ T5151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 412.572596][T13644] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 412.586829][T13644] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 412.619222][ T2461] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.684518][ T2461] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.714001][T13644] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 412.746103][ T2461] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.762490][T13644] veth0_vlan: entered promiscuous mode [ 412.776998][T13644] veth1_vlan: entered promiscuous mode [ 412.800368][T13644] veth0_macvtap: entered promiscuous mode [ 412.811507][T13644] veth1_macvtap: entered promiscuous mode [ 412.857656][T13644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 412.893773][T13644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 412.980544][T13666] loop2: detected capacity change from 0 to 2048 [ 413.003903][T13666] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 413.027571][T13666] UDF-fs: Scanning with blocksize 512 failed [ 413.034062][T13644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 413.053986][ T5102] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 413.055323][T13666] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 413.061107][T13644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 413.080077][T13644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 413.080576][ T5102] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 413.090525][T13644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 413.090550][T13644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 413.090565][T13644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 413.090580][T13644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 413.090591][T13644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 413.090606][T13644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 413.090617][T13644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 413.091972][T13644] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 413.191129][ T5102] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 413.206779][ T5102] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 413.207929][T13666] syz.2.2300: attempt to access beyond end of device [ 413.207929][T13666] loop2: rw=2049, sector=2048, nr_sectors = 2 limit=2048 [ 413.216116][ T5102] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 413.235355][ T5102] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 413.244699][T13666] Buffer I/O error on dev loop2, logical block 1024, lost async page write [ 413.254895][ T2461] bridge_slave_1: left allmulticast mode [ 413.260669][T13666] syz.2.2300: attempt to access beyond end of device [ 413.260669][T13666] loop2: rw=2049, sector=2048, nr_sectors = 2 limit=2048 [ 413.262202][ T2461] bridge_slave_1: left promiscuous mode [ 413.284579][T13666] Buffer I/O error on dev loop2, logical block 1024, lost async page write [ 413.287486][ T2461] bridge0: port 2(bridge_slave_1) entered disabled state [ 413.302107][T13666] syz.2.2300: attempt to access beyond end of device [ 413.302107][T13666] loop2: rw=2049, sector=2048, nr_sectors = 2 limit=2048 [ 413.318352][ T2461] bridge_slave_0: left allmulticast mode [ 413.321523][T13666] Buffer I/O error on dev loop2, logical block 1024, lost async page write [ 413.333753][ T2461] bridge_slave_0: left promiscuous mode [ 413.335825][T13666] syz.2.2300: attempt to access beyond end of device [ 413.335825][T13666] loop2: rw=2049, sector=2048, nr_sectors = 2 limit=2048 [ 413.345735][ T2461] bridge0: port 1(bridge_slave_0) entered disabled state [ 413.359350][T13666] Buffer I/O error on dev loop2, logical block 1024, lost async page write [ 413.369543][T13666] syz.2.2300: attempt to access beyond end of device [ 413.369543][T13666] loop2: rw=2049, sector=2050, nr_sectors = 2 limit=2048 [ 413.386328][T13666] Buffer I/O error on dev loop2, logical block 1025, lost async page write [ 413.395174][T13666] syz.2.2300: attempt to access beyond end of device [ 413.395174][T13666] loop2: rw=2049, sector=2050, nr_sectors = 2 limit=2048 [ 413.411284][T13666] Buffer I/O error on dev loop2, logical block 1025, lost async page write [ 413.420044][T13666] syz.2.2300: attempt to access beyond end of device [ 413.420044][T13666] loop2: rw=2049, sector=2050, nr_sectors = 2 limit=2048 [ 413.437621][T13666] Buffer I/O error on dev loop2, logical block 1025, lost async page write [ 413.446543][T13666] syz.2.2300: attempt to access beyond end of device [ 413.446543][T13666] loop2: rw=2049, sector=2050, nr_sectors = 2 limit=2048 [ 413.467783][ T5102] Bluetooth: hci4: command tx timeout [ 413.469217][T13666] Buffer I/O error on dev loop2, logical block 1025, lost async page write [ 413.504961][T13664] UDF-fs: warning (device loop2): udf_truncate_tail_extent: Too long extent after EOF in inode 818: i_size: 134220898 lbcount: 134224896 extent 0+133343232 [ 413.536416][ T53] kworker/u8:3: attempt to access beyond end of device [ 413.536416][ T53] loop2: rw=1, sector=2052, nr_sectors = 2 limit=2048 [ 413.669994][ T2461] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 413.681229][ T2461] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 413.685559][T13675] loop0: detected capacity change from 0 to 32768 [ 413.698222][T13675] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.2302 (13675) [ 413.699508][ T2461] bond0 (unregistering): Released all slaves [ 413.736110][T13675] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 413.741170][T13644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 413.770383][T13644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 413.785068][T13644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 413.799867][T13644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 413.810703][T13644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 413.820432][T13675] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 413.830568][T13675] BTRFS info (device loop0): using free-space-tree [ 413.834089][T13644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 413.847187][T13644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 413.857801][T13644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 413.869096][T13644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 413.880165][T13644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 413.890467][T13644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 413.901117][T13644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 413.915213][T13644] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 413.943324][ T5147] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 413.957374][T13644] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 413.971513][T13644] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 413.980624][T13644] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 413.991054][T13644] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.012015][T12900] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 414.106261][ T8] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 414.143257][ T5147] usb 3-1: Using ep0 maxpacket: 32 [ 414.150058][T13699] netlink: 'syz.0.2306': attribute type 21 has an invalid length. [ 414.158535][T13699] netlink: 'syz.0.2306': attribute type 1 has an invalid length. [ 414.159523][ T5147] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 414.172322][T13699] netlink: 144 bytes leftover after parsing attributes in process `syz.0.2306'. [ 414.177726][ T5147] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 414.206232][ T5147] usb 3-1: New USB device found, idVendor=413c, idProduct=819b, bcdDevice=a7.c0 [ 414.223887][ T5147] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 414.231911][ T5147] usb 3-1: Product: syz [ 414.236781][ T5147] usb 3-1: Manufacturer: syz [ 414.241478][ T5147] usb 3-1: SerialNumber: syz [ 414.246758][ T2461] hsr_slave_0: left promiscuous mode [ 414.252868][ T2461] hsr_slave_1: left promiscuous mode [ 414.253806][ T5147] usb 3-1: config 0 descriptor?? [ 414.268027][ T2461] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 414.278973][ T2461] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 414.279340][ T5147] qmi_wwan 3-1:0.0: probe with driver qmi_wwan failed with error -22 [ 414.297470][ T2461] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 414.305022][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 414.310364][ T2461] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 414.336072][ T8] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 414.336830][ T2461] veth1_macvtap: left promiscuous mode [ 414.350432][ T8] usb 5-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 414.351966][ T2461] veth0_macvtap: left promiscuous mode [ 414.361184][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 414.370919][ T2461] veth1_vlan: left promiscuous mode [ 414.378277][ T8] usb 5-1: SerialNumber: syz [ 414.399201][ T2461] veth0_vlan: left promiscuous mode [ 414.400044][ T8] usb 5-1: config 0 descriptor?? [ 414.449565][T13705] loop0: detected capacity change from 0 to 1764 [ 414.459093][T13705] iso9660: Unknown parameter '0x0000000000000000000000000000000000002' [ 414.487462][ T5147] usb 3-1: USB disconnect, device number 24 [ 414.562476][T13705] loop0: detected capacity change from 0 to 512 [ 414.581573][T13705] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.2308: bg 0: block 5: invalid block bitmap [ 414.601218][T13705] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 414.629992][T13705] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.2308: invalid indirect mapped block 3 (level 2) [ 414.630580][ T8] usb 5-1: Found UVC 0.00 device (05ac:8501) [ 414.657645][T13705] EXT4-fs (loop0): 1 orphan inode deleted [ 414.657774][ T8] usb 5-1: No valid video chain found. [ 414.671640][T13705] EXT4-fs (loop0): 1 truncate cleaned up [ 414.686656][T13705] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 414.735576][T13705] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 414.763669][ T2461] team0 (unregistering): Port device team_slave_1 removed [ 414.777921][ T2461] team0 (unregistering): Port device team_slave_0 removed [ 414.868988][ T5147] usb 5-1: USB disconnect, device number 30 [ 414.928291][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 414.947700][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 415.013739][T13669] chnl_net:caif_netlink_parms(): no params data found [ 415.031695][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 415.047150][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 415.201890][T13669] bridge0: port 1(bridge_slave_0) entered blocking state [ 415.211898][T13669] bridge0: port 1(bridge_slave_0) entered disabled state [ 415.219435][T13669] bridge_slave_0: entered allmulticast mode [ 415.229839][T13669] bridge_slave_0: entered promiscuous mode [ 415.258038][T13669] bridge0: port 2(bridge_slave_1) entered blocking state [ 415.259301][T12900] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 415.272035][T13669] bridge0: port 2(bridge_slave_1) entered disabled state [ 415.290183][T13669] bridge_slave_1: entered allmulticast mode [ 415.302530][T13710] loop2: detected capacity change from 0 to 8192 [ 415.308621][T13669] bridge_slave_1: entered promiscuous mode [ 415.315460][ T5102] Bluetooth: hci2: command tx timeout [ 415.323826][T13710] REISERFS warning (device loop2): super-6509 reiserfs_parse_options: nolargeio option is no longer supported [ 415.365968][T13669] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 415.376862][T13719] loop0: detected capacity change from 0 to 512 [ 415.401229][T13669] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 415.412095][T13719] EXT4-fs (loop0): orphan cleanup on readonly fs [ 415.445174][T13719] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 415.455321][T13719] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.2310: invalid indirect mapped block 2683928664 (level 1) [ 415.471432][T13719] EXT4-fs (loop0): Remounting filesystem read-only [ 415.480533][T13719] EXT4-fs (loop0): 1 truncate cleaned up [ 415.487224][T13719] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 415.488135][T13669] team0: Port device team_slave_0 added [ 415.507454][T13719] overlayfs: failed to get redirect (-5) [ 415.524859][T13719] overlayfs: failed to get redirect (-5) [ 415.539435][T13724] loop2: detected capacity change from 0 to 2048 [ 415.549333][T13724] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 415.550329][T13669] team0: Port device team_slave_1 added [ 415.565521][ T5102] Bluetooth: hci4: command tx timeout [ 415.567186][T13719] overlayfs: failed to get redirect (-5) [ 415.584909][T13724] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 415.598908][ T2461] bridge_slave_1: left allmulticast mode [ 415.605861][ T2461] bridge_slave_1: left promiscuous mode [ 415.614126][T13719] overlayfs: failed to get redirect (-5) [ 415.619183][ T2461] bridge0: port 2(bridge_slave_1) entered disabled state [ 415.631501][T13719] overlayfs: failed to get redirect (-5) [ 415.641843][T13719] overlayfs: failed to get redirect (-5) [ 415.664133][T13719] overlayfs: failed to get redirect (-5) [ 415.682053][T13719] overlayfs: failed to get redirect (-5) [ 415.689601][ T2461] bridge_slave_0: left allmulticast mode [ 415.709432][ T2461] bridge_slave_0: left promiscuous mode [ 415.715761][T13719] overlayfs: failed to get redirect (-5) [ 415.738630][ T2461] bridge0: port 1(bridge_slave_0) entered disabled state [ 415.751149][T13719] overlayfs: failed to get redirect (-5) [ 415.825647][T12900] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 416.237916][T13735] netlink: 'syz.2.2316': attribute type 3 has an invalid length. [ 416.344325][T13739] loop2: detected capacity change from 0 to 1024 [ 416.351951][T13739] EXT4-fs (loop2): Test dummy encryption mode enabled [ 416.359638][T13739] EXT4-fs (loop2): can't mount with data=, fs mounted w/o journal [ 416.376717][ T2461] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 416.400252][ T2461] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 416.415617][ T2461] bond0 (unregistering): Released all slaves [ 416.487264][T13737] netlink: 'syz.0.2317': attribute type 21 has an invalid length. [ 416.533520][T13737] netlink: 'syz.0.2317': attribute type 1 has an invalid length. [ 416.541290][T13737] netlink: 144 bytes leftover after parsing attributes in process `syz.0.2317'. [ 416.597459][T13669] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 416.613252][T13669] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 416.639167][ C1] vkms_vblank_simulate: vblank timer overrun [ 416.671717][T13730] loop4: detected capacity change from 0 to 40427 [ 416.678436][T13669] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 416.693175][T13730] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 416.712917][T13730] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 416.733667][T13730] F2FS-fs (loop4): Found nat_bits in checkpoint [ 416.766929][T13669] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 416.775744][T13669] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 416.805697][T13669] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 416.818185][T13730] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 416.836000][T13730] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 416.873190][ T5151] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 416.899340][T13730] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 416.909600][T13730] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 416.927817][T13730] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 416.937837][T13730] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 416.946878][T13730] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 416.955013][T13730] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 416.959646][T13761] loop0: detected capacity change from 0 to 2048 [ 416.976680][T13669] hsr_slave_0: entered promiscuous mode [ 416.983599][T13669] hsr_slave_1: entered promiscuous mode [ 416.990949][T13730] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 416.993956][T13761] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 417.007337][T13669] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 417.015396][T13669] Cannot create hsr debugfs directory [ 417.029293][T13761] UDF-fs: Scanning with blocksize 512 failed [ 417.061926][T13761] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 417.071104][ T2461] hsr_slave_0: left promiscuous mode [ 417.085498][ T5151] usb 3-1: config 0 descriptor has 1 excess byte, ignoring [ 417.097044][ T2461] hsr_slave_1: left promiscuous mode [ 417.108289][ T5151] usb 3-1: New USB device found, idVendor=12d1, idProduct=1442, bcdDevice=b1.19 [ 417.117746][ T2461] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 417.124357][ T5151] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 417.136493][ T5151] usb 3-1: Product: syz [ 417.140587][ T2461] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 417.144556][ T5151] usb 3-1: Manufacturer: syz [ 417.157746][ T5151] usb 3-1: SerialNumber: syz [ 417.165095][ T5151] usb 3-1: config 0 descriptor?? [ 417.166073][ T2461] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 417.172552][ T5151] usb 3-1: bad CDC descriptors [ 417.183642][ T5151] option 3-1:0.0: GSM modem (1-port) converter detected [ 417.189989][ T2461] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 417.210630][ T2461] veth1_macvtap: left promiscuous mode [ 417.220808][ T2461] veth0_macvtap: left promiscuous mode [ 417.230107][ T2461] veth1_vlan: left promiscuous mode [ 417.238538][ T2461] veth0_vlan: left promiscuous mode [ 417.280096][T13761] syz.0.2325: attempt to access beyond end of device [ 417.280096][T13761] loop0: rw=2049, sector=2048, nr_sectors = 2 limit=2048 [ 417.326063][T13761] Buffer I/O error on dev loop0, logical block 1024, lost async page write [ 417.347675][T13761] Buffer I/O error on dev loop0, logical block 1024, lost async page write [ 417.383493][ T5102] Bluetooth: hci2: command tx timeout [ 417.418852][T13760] UDF-fs: warning (device loop0): udf_truncate_tail_extent: Too long extent after EOF in inode 818: i_size: 134220898 lbcount: 134224896 extent 0+133343232 [ 417.623427][ T5102] Bluetooth: hci4: command tx timeout [ 417.716946][T13773] netlink: 'syz.0.2328': attribute type 3 has an invalid length. [ 417.741995][ T2461] team0 (unregistering): Port device team_slave_1 removed [ 417.758859][ T2461] team0 (unregistering): Port device team_slave_0 removed [ 418.655580][T13784] netlink: 'syz.4.2332': attribute type 21 has an invalid length. [ 418.664524][ T8] usb 3-1: USB disconnect, device number 25 [ 418.666995][T13784] netlink: 'syz.4.2332': attribute type 1 has an invalid length. [ 418.676723][ T8] option 3-1:0.0: device disconnected [ 418.687620][T13784] netlink: 144 bytes leftover after parsing attributes in process `syz.4.2332'. [ 418.865832][T13788] loop4: detected capacity change from 0 to 512 [ 418.895759][T13788] EXT4-fs (loop4): filesystem is read-only [ 418.915047][T13788] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 418.987470][T13788] EXT4-fs (loop4): filesystem is read-only [ 419.033300][T13788] EXT4-fs (loop4): orphan cleanup on readonly fs [ 419.045306][T13788] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2333: bg 0: block 64: padding at end of block bitmap is not set [ 419.091781][T13788] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 419.131803][T13788] EXT4-fs (loop4): 1 orphan inode deleted [ 419.176975][T13788] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 419.216910][T13669] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 419.243855][T13669] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 419.276886][T13669] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 419.306154][T13669] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 419.463219][ T5102] Bluetooth: hci2: command tx timeout [ 419.478146][T13669] 8021q: adding VLAN 0 to HW filter on device bond0 [ 419.511796][T13795] loop2: detected capacity change from 0 to 128 [ 419.559959][T13669] 8021q: adding VLAN 0 to HW filter on device team0 [ 419.571507][T13795] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 419.608685][ T5147] bridge0: port 1(bridge_slave_0) entered blocking state [ 419.615890][ T5147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 419.634986][T13795] ext4 filesystem being mounted at /20/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 419.666816][ C1] vkms_vblank_simulate: vblank timer overrun [ 419.676641][T13790] loop0: detected capacity change from 0 to 32768 [ 419.688173][T13790] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.2334 (13790) [ 419.706245][ T5102] Bluetooth: hci4: command tx timeout [ 419.713910][T13752] veth0_vlan: left promiscuous mode [ 419.759668][T13790] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 419.761352][ T5147] bridge0: port 2(bridge_slave_1) entered blocking state [ 419.776974][ T5147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 419.800923][T13795] fscrypt: AES-128-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 419.808041][T13790] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 419.819563][T13790] BTRFS info (device loop0): using free-space-tree [ 420.001356][T13822] loop3: detected capacity change from 0 to 1024 [ 420.031914][T13822] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 420.055266][T13822] EXT4-fs (loop3): group descriptors corrupted! [ 420.089791][T13795] fscrypt: AES-128-CBC-ESSIV using implementation "essiv(cbc-aes-aesni,sha256-avx2)" [ 420.119438][T13669] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 420.148984][T13412] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 420.162595][T12900] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 420.215748][T13669] veth0_vlan: entered promiscuous mode [ 420.277285][T13669] veth1_vlan: entered promiscuous mode [ 420.342669][T13669] veth0_macvtap: entered promiscuous mode [ 420.384503][T13669] veth1_macvtap: entered promiscuous mode [ 420.424594][T13669] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 420.447156][T13669] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.470318][T13669] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 420.485886][T13669] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.500735][T13669] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 420.512416][T13669] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.530775][T13669] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 420.541758][T13669] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.557056][T13669] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 420.570529][T13669] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.618026][T13669] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 420.651583][T13669] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 420.667044][T13669] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.679642][T13669] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 420.693966][T13669] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.704926][T13669] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 420.716144][T13669] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.737407][T13669] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 420.754919][T13669] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.767067][T13669] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 420.780679][T13669] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.801989][T13669] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 420.856431][T13669] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.861561][T13846] loop0: detected capacity change from 0 to 512 [ 420.872879][T13669] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.885051][T13669] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.896047][T13669] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.942084][T13846] EXT4-fs (loop0): orphan cleanup on readonly fs [ 420.952883][T13846] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 420.973684][T13846] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.2345: invalid indirect mapped block 2683928664 (level 1) [ 420.993965][T13846] EXT4-fs (loop0): Remounting filesystem read-only [ 421.001289][T13846] EXT4-fs (loop0): 1 truncate cleaned up [ 421.019523][T13846] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 421.043796][ T2474] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 421.075349][ T2474] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 421.100733][ T2461] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 421.126995][ T2461] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 421.141885][T13846] ovl_get_redirect_xattr: 1 callbacks suppressed [ 421.141906][T13846] overlayfs: failed to get redirect (-5) [ 421.176748][T13846] overlayfs: failed to get redirect (-5) [ 421.219299][T13846] overlayfs: failed to get redirect (-5) [ 421.230831][T13846] overlayfs: failed to get redirect (-5) [ 421.244448][T13846] overlayfs: failed to get redirect (-5) [ 421.250863][T13846] overlayfs: failed to get redirect (-5) [ 421.259914][T13846] overlayfs: failed to get redirect (-5) [ 421.268061][T13851] loop2: detected capacity change from 0 to 4096 [ 421.268601][T13846] overlayfs: failed to get redirect (-5) [ 421.282826][T13851] journal_path: not usable as path [ 421.289038][T13846] overlayfs: failed to get redirect (-5) [ 421.296155][T13851] EXT4-fs: error: could not find journal device path [ 421.299798][T13846] overlayfs: failed to get redirect (-5) [ 421.345774][T12900] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 421.453934][T13858] loop0: detected capacity change from 0 to 128 [ 421.454966][T13859] loop2: detected capacity change from 0 to 2048 [ 421.474335][T13859] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 421.482196][T13859] UDF-fs: Scanning with blocksize 512 failed [ 421.484229][T13858] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 421.503570][T13858] ext4 filesystem being mounted at /65/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 421.535379][ C1] vkms_vblank_simulate: vblank timer overrun [ 421.551028][T13859] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 421.629670][T12900] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 421.694116][T13859] bio_check_eod: 8 callbacks suppressed [ 421.694135][T13859] syz.2.2350: attempt to access beyond end of device [ 421.694135][T13859] loop2: rw=2049, sector=2048, nr_sectors = 2 limit=2048 [ 421.706875][T13870] loop3: detected capacity change from 0 to 256 [ 421.720524][T13869] loop0: detected capacity change from 0 to 128 [ 421.729767][T13859] buffer_io_error: 6 callbacks suppressed [ 421.729785][T13859] Buffer I/O error on dev loop2, logical block 1024, lost async page write [ 421.747861][T13859] syz.2.2350: attempt to access beyond end of device [ 421.747861][T13859] loop2: rw=2049, sector=2048, nr_sectors = 2 limit=2048 [ 421.761923][T13869] VFS: Found a Xenix FS (block size = 512) on device loop0 [ 421.762026][T13870] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 421.770001][T13859] Buffer I/O error on dev loop2, logical block 1024, lost async page write [ 421.814487][T13859] syz.2.2350: attempt to access beyond end of device [ 421.814487][T13859] loop2: rw=2049, sector=2048, nr_sectors = 2 limit=2048 [ 421.842687][T12900] sysv_free_block: trying to free block not in datazone [ 421.862545][T12900] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 421.869995][T13859] Buffer I/O error on dev loop2, logical block 1024, lost async page write [ 421.897317][T13859] syz.2.2350: attempt to access beyond end of device [ 421.897317][T13859] loop2: rw=2049, sector=2048, nr_sectors = 2 limit=2048 [ 421.935881][T13859] Buffer I/O error on dev loop2, logical block 1024, lost async page write [ 421.959645][T13859] syz.2.2350: attempt to access beyond end of device [ 421.959645][T13859] loop2: rw=2049, sector=2050, nr_sectors = 2 limit=2048 [ 421.983573][T13859] Buffer I/O error on dev loop2, logical block 1025, lost async page write [ 421.992267][T13859] syz.2.2350: attempt to access beyond end of device [ 421.992267][T13859] loop2: rw=2049, sector=2050, nr_sectors = 2 limit=2048 [ 422.018504][T13859] Buffer I/O error on dev loop2, logical block 1025, lost async page write [ 422.032038][T13859] syz.2.2350: attempt to access beyond end of device [ 422.032038][T13859] loop2: rw=2049, sector=2050, nr_sectors = 2 limit=2048 [ 422.051031][T13859] Buffer I/O error on dev loop2, logical block 1025, lost async page write [ 422.062159][T13859] syz.2.2350: attempt to access beyond end of device [ 422.062159][T13859] loop2: rw=2049, sector=2050, nr_sectors = 2 limit=2048 [ 422.079709][T13859] Buffer I/O error on dev loop2, logical block 1025, lost async page write [ 422.103818][T13880] loop3: detected capacity change from 0 to 512 [ 422.126871][T13880] EXT4-fs (loop3): orphan cleanup on readonly fs [ 422.130987][T13857] UDF-fs: warning (device loop2): udf_truncate_tail_extent: Too long extent after EOF in inode 818: i_size: 134220898 lbcount: 134224896 extent 0+133343232 [ 422.152424][T13880] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 422.162844][T13880] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.2359: invalid indirect mapped block 2683928664 (level 1) [ 422.191106][ T2461] kworker/u8:7: attempt to access beyond end of device [ 422.191106][ T2461] loop2: rw=1, sector=2052, nr_sectors = 2 limit=2048 [ 422.207958][T13880] EXT4-fs (loop3): Remounting filesystem read-only [ 422.228719][T13880] EXT4-fs (loop3): 1 truncate cleaned up [ 422.242037][T13880] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 422.370063][T13644] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 422.401073][T13887] loop2: detected capacity change from 0 to 4096 [ 422.416242][T13887] journal_path: not usable as path [ 422.421468][T13887] EXT4-fs: error: could not find journal device path [ 422.533455][T13897] loop2: detected capacity change from 0 to 128 [ 422.548195][T13897] VFS: Found a Xenix FS (block size = 512) on device loop2 [ 422.580383][T13900] loop3: detected capacity change from 0 to 256 [ 422.612388][T13902] loop0: detected capacity change from 0 to 512 [ 422.625935][T13900] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 422.628761][T13902] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 422.646447][T13412] sysv_free_block: trying to free block not in datazone [ 422.655802][T13412] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 422.669365][T13902] EXT4-fs (loop0): 1 truncate cleaned up [ 422.706160][T13902] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 422.725246][T13902] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 422.781429][T13902] EXT4-fs (loop0): Remounting filesystem read-only [ 422.822097][T12900] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 422.914500][T13910] loop2: detected capacity change from 0 to 1764 [ 422.928875][T13910] iso9660: Unknown parameter '0x0000000000000000000000000000000000002' [ 422.984733][T13916] loop0: detected capacity change from 0 to 2048 [ 423.013602][T13910] loop2: detected capacity change from 0 to 512 [ 423.023070][T13916] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 423.043695][T13910] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.2368: bg 0: block 5: invalid block bitmap [ 423.079876][T13910] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 423.089250][T13910] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.2368: invalid indirect mapped block 3 (level 2) [ 423.106886][T13910] EXT4-fs (loop2): 1 orphan inode deleted [ 423.112623][T13910] EXT4-fs (loop2): 1 truncate cleaned up [ 423.158454][T13910] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 423.266123][T13910] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 423.644111][T13412] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 423.679273][ T2461] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.758343][T13921] loop3: detected capacity change from 0 to 32768 [ 423.781286][T13921] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2374 (13921) [ 423.821965][T13921] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 423.843580][T13921] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 423.863832][T13921] BTRFS info (device loop3): using free-space-tree [ 423.906489][T13925] loop0: detected capacity change from 0 to 32768 [ 423.926980][T13925] jfs_mount: Mount Failure: File System Dirty. [ 423.948063][T13925] Mount JFS Failure: -22 [ 424.086425][T13644] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 424.150619][T13927] loop2: detected capacity change from 0 to 32768 [ 424.163388][T13927] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.2377 (13927) [ 424.196901][T13927] BTRFS info (device loop2): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 424.223387][T13927] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 424.232123][T13927] BTRFS info (device loop2): using free-space-tree [ 424.345419][ T29] audit: type=1804 audit(1720756909.400:396): pid=13927 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2377" name="/newroot/29/file0/file1" dev="loop2" ino=260 res=1 errno=0 [ 424.376197][T13412] BTRFS info (device loop2): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 425.277939][T13963] loop2: detected capacity change from 0 to 512 [ 425.314078][T13963] EXT4-fs (loop2): orphan cleanup on readonly fs [ 425.331489][T13963] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 425.391181][T13963] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.2379: invalid indirect mapped block 2683928664 (level 1) [ 425.422633][T13969] loop0: detected capacity change from 0 to 1024 [ 425.429145][T13963] EXT4-fs (loop2): Remounting filesystem read-only [ 425.441360][T13963] EXT4-fs (loop2): 1 truncate cleaned up [ 425.449364][T13969] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 425.454338][T13963] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 425.473244][ T5100] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 425.476766][T13969] EXT4-fs (loop0): group descriptors corrupted! [ 425.486904][ T5100] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 425.494260][ T5100] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 425.502051][ T5100] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 425.515265][ T5100] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 425.522602][ T5100] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 425.635040][T13412] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 425.717529][ T2461] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.728596][T13980] loop2: detected capacity change from 0 to 512 [ 425.740702][T13980] EXT4-fs: Ignoring removed nobh option [ 425.754403][T13980] fscrypt (loop2, inode 2): Error -61 getting encryption context [ 425.762281][T13980] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -61 [ 425.816664][T13980] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #13: comm syz.2.2385: casefold flag without casefold feature [ 425.969144][ T2461] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 426.034603][T13980] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.2385: couldn't read orphan inode 13 (err -117) [ 426.199434][ T2461] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 426.200403][T13980] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 426.239536][T13987] loop3: detected capacity change from 0 to 256 [ 426.337060][T13412] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 426.580332][T13970] chnl_net:caif_netlink_parms(): no params data found [ 426.604680][ T2461] bridge_slave_1: left allmulticast mode [ 426.610559][ T2461] bridge_slave_1: left promiscuous mode [ 426.656901][ T2461] bridge0: port 2(bridge_slave_1) entered disabled state [ 426.826001][ T2461] bridge_slave_0: left allmulticast mode [ 426.908502][ T2461] bridge_slave_0: left promiscuous mode [ 427.005752][ T2461] bridge0: port 1(bridge_slave_0) entered disabled state [ 427.290799][T13997] loop0: detected capacity change from 0 to 32768 [ 427.305624][T13997] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.2390 (13997) [ 427.329316][ T2461] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 427.365341][T13997] BTRFS info (device loop0): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 427.387419][T13997] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 427.387817][ T2461] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 427.406477][T13997] BTRFS info (device loop0): using free-space-tree [ 427.435179][ T2461] bond0 (unregistering): Released all slaves [ 427.512130][T13994] loop2: detected capacity change from 0 to 32768 [ 427.534189][T13994] jfs_mount: Mount Failure: File System Dirty. [ 427.540416][T13994] Mount JFS Failure: -22 [ 427.548444][ T5102] Bluetooth: hci2: command tx timeout [ 427.646770][ T29] audit: type=1804 audit(1720756912.700:397): pid=13997 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2390" name="/newroot/79/file0/file1" dev="loop0" ino=260 res=1 errno=0 [ 427.766406][T12900] BTRFS info (device loop0): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 427.804810][T13970] bridge0: port 1(bridge_slave_0) entered blocking state [ 427.814354][T13970] bridge0: port 1(bridge_slave_0) entered disabled state [ 427.831857][T13970] bridge_slave_0: entered allmulticast mode [ 427.864306][T13970] bridge_slave_0: entered promiscuous mode [ 427.943980][T13970] bridge0: port 2(bridge_slave_1) entered blocking state [ 427.963429][T13970] bridge0: port 2(bridge_slave_1) entered disabled state [ 427.970668][T13970] bridge_slave_1: entered allmulticast mode [ 427.989083][T13970] bridge_slave_1: entered promiscuous mode [ 428.021667][ T2461] hsr_slave_0: left promiscuous mode [ 428.055588][ T2461] hsr_slave_1: left promiscuous mode [ 428.069846][ T2461] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 428.097027][T14028] loop0: detected capacity change from 0 to 2048 [ 428.108291][ T2461] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 428.119621][T14028] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 428.132713][ T2461] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 428.140418][ T2461] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 428.159048][ T2461] veth1_macvtap: left promiscuous mode [ 428.161825][T14030] netlink: 4076 bytes leftover after parsing attributes in process `syz.3.2396'. [ 428.172651][ T2461] veth0_macvtap: left promiscuous mode [ 428.189620][ T2461] veth1_vlan: left promiscuous mode [ 428.200057][ T2461] veth0_vlan: left promiscuous mode [ 428.647184][T14038] loop0: detected capacity change from 0 to 512 [ 428.677589][T14038] EXT4-fs: Ignoring removed nobh option [ 428.716695][T14038] fscrypt (loop0, inode 2): Error -61 getting encryption context [ 428.754334][T14038] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -61 [ 428.787485][T14038] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #13: comm syz.0.2398: casefold flag without casefold feature [ 428.815614][ T2461] team0 (unregistering): Port device team_slave_1 removed [ 428.853813][T14038] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.2398: couldn't read orphan inode 13 (err -117) [ 428.875825][ T2461] team0 (unregistering): Port device team_slave_0 removed [ 428.896825][T14038] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 429.048305][T12900] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 429.457211][T14026] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2395'. [ 429.539145][T14026] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2395'. [ 429.624353][ T5102] Bluetooth: hci2: command tx timeout [ 429.645848][T14026] ip6gretap1: entered promiscuous mode [ 429.769507][T13970] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 429.836463][T13970] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 430.303469][T13970] team0: Port device team_slave_0 added [ 430.330740][T13970] team0: Port device team_slave_1 added [ 430.359688][ T5100] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 430.368754][ T5100] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 430.387255][ T5100] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 430.396862][ T5100] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 430.407848][ T5100] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 430.415504][ T5100] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 430.474065][T13970] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 430.487161][T13970] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 430.514389][T13970] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 430.526640][T13970] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 430.534452][T13970] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 430.564608][T13970] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 430.693292][T14059] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2405'. [ 430.789835][T14062] loop0: detected capacity change from 0 to 1024 [ 430.808016][T13970] hsr_slave_0: entered promiscuous mode [ 430.846952][T14062] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 430.873684][T13970] hsr_slave_1: entered promiscuous mode [ 430.902927][T14068] loop3: detected capacity change from 0 to 512 [ 430.910237][T14068] EXT4-fs: Ignoring removed nobh option [ 430.938869][ T29] audit: type=1800 audit(1720756915.990:398): pid=14062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2407" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 430.965756][T13970] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 430.995190][T13970] Cannot create hsr debugfs directory [ 431.008063][ T29] audit: type=1800 audit(1720756915.990:399): pid=14062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2407" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 431.035487][T14068] fscrypt (loop3, inode 2): Error -61 getting encryption context [ 431.081055][T14068] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -61 [ 431.160406][T14068] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #13: comm syz.3.2409: casefold flag without casefold feature [ 431.174366][T14071] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2410'. [ 431.202238][T14068] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2409: couldn't read orphan inode 13 (err -117) [ 431.236589][T14068] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 431.280753][T14071] team0: entered promiscuous mode [ 431.286472][T14071] team_slave_0: entered promiscuous mode [ 431.292273][T14071] team_slave_1: entered promiscuous mode [ 431.320320][T12900] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 431.344679][T14071] team_slave_0: entered allmulticast mode [ 431.400464][T14071] team0: Port device team_slave_0 removed [ 431.415444][T13644] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 431.485261][T14070] team0: left promiscuous mode [ 431.504845][T14070] team_slave_1: left promiscuous mode [ 431.703274][ T5102] Bluetooth: hci2: command tx timeout [ 431.823464][ T6013] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 431.974462][T14084] loop2: detected capacity change from 0 to 64 [ 432.006583][T14084] MINIX-fs: bad superblock or unable to read bitmaps [ 432.106056][ T6013] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 432.127179][ T6013] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 432.136275][T14049] chnl_net:caif_netlink_parms(): no params data found [ 432.157655][ T6013] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 432.192042][ T6013] usb 1-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 432.202708][ T6013] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 432.223386][ T6013] usb 1-1: Product: syz [ 432.227594][ T6013] usb 1-1: Manufacturer: syz [ 432.243205][ T6013] usb 1-1: SerialNumber: syz [ 432.260486][ T6013] usb 1-1: config 0 descriptor?? [ 432.280745][T14078] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 432.290411][ T6013] dm9601 1-1:0.0: probe with driver dm9601 failed with error -22 [ 432.517691][ T5102] Bluetooth: hci5: command tx timeout [ 432.662663][T14049] bridge0: port 1(bridge_slave_0) entered blocking state [ 432.854981][T14049] bridge0: port 1(bridge_slave_0) entered disabled state [ 433.015644][T14049] bridge_slave_0: entered allmulticast mode [ 433.061184][T14049] bridge_slave_0: entered promiscuous mode [ 433.069614][T14049] bridge0: port 2(bridge_slave_1) entered blocking state [ 433.077941][T14049] bridge0: port 2(bridge_slave_1) entered disabled state [ 433.090255][T14049] bridge_slave_1: entered allmulticast mode [ 433.104667][T14049] bridge_slave_1: entered promiscuous mode [ 433.219396][T14049] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 433.256234][T14049] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 433.433326][ T8] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 433.454930][T13970] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 433.485207][T14049] team0: Port device team_slave_0 added [ 433.524718][T14049] team0: Port device team_slave_1 added [ 433.530759][T13970] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 433.620962][T13970] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 433.653297][ T8] usb 3-1: Using ep0 maxpacket: 8 [ 433.662718][T13970] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 433.683707][ T8] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 433.700475][ T8] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 433.727876][ T8] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024 [ 433.761367][T14049] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 433.770626][ T8] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 433.787824][T14049] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 433.814083][ T5102] Bluetooth: hci2: command tx timeout [ 433.829968][ T8] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 433.854468][ T9] usb 1-1: USB disconnect, device number 25 [ 433.883550][T14049] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 433.884357][ T8] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 433.902274][ T86] ================================================================== [ 433.911484][ T86] BUG: KASAN: null-ptr-deref in drop_buffers+0x6f/0x710 [ 433.918458][ T86] Read of size 4 at addr 0000000000000060 by task kswapd0/86 [ 433.925924][ T86] [ 433.928264][ T86] CPU: 1 UID: 0 PID: 86 Comm: kswapd0 Not tainted 6.10.0-rc7-next-20240710-syzkaller #0 [ 433.928563][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 433.937967][ T86] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 433.937981][ T86] Call Trace: [ 433.937989][ T86] [ 433.937998][ T86] dump_stack_lvl+0x241/0x360 [ 433.938025][ T86] ? __pfx_dump_stack_lvl+0x10/0x10 [ 433.938046][ T86] ? __pfx__printk+0x10/0x10 [ 433.938066][ T86] ? _printk+0xd5/0x120 [ 433.938088][ T86] print_report+0xe8/0x550 [ 433.938110][ T86] ? __virt_addr_valid+0x58/0x530 [ 433.938130][ T86] ? drop_buffers+0x6f/0x710 [ 433.938147][ T86] kasan_report+0x143/0x180 [ 433.938164][ T86] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 433.938190][ T86] ? drop_buffers+0x6f/0x710 [ 433.938213][ T86] kasan_check_range+0x282/0x290 [ 433.938234][ T86] drop_buffers+0x6f/0x710 [ 433.938257][ T86] try_to_free_buffers+0x295/0x5f0 [ 433.938277][ T86] ? __pfx___might_resched+0x10/0x10 [ 433.938302][ T86] ? __pfx_try_to_free_buffers+0x10/0x10 [ 433.938322][ T86] ? filemap_release_folio+0x2ba/0x4b0 [ 433.938346][ T86] shrink_folio_list+0x26c2/0x8c90 [ 433.938388][ T86] ? __pfx_shrink_folio_list+0x10/0x10 [ 433.938408][ T86] ? memcg_rstat_updated+0x7b/0x2f0 [ 433.938435][ T86] ? __mod_memcg_lruvec_state+0x2af/0x3b0 [ 433.938459][ T86] ? cgroup_rstat_updated+0x13b/0xc60 [ 433.938485][ T86] ? __pfx_cgroup_rstat_updated+0x10/0x10 [ 433.938513][ T86] ? memcg_rstat_updated+0x7b/0x2f0 [ 433.938539][ T86] ? __count_memcg_events+0x190/0x2a0 [ 433.938565][ T86] ? rcu_is_watching+0x15/0xb0 [ 433.938582][ T86] ? trace_mm_vmscan_lru_isolate+0xa2/0x250 [ 433.938610][ T86] ? isolate_folios+0x58f7/0x68c0 [ 433.938633][ T86] ? isolate_folios+0x5a11/0x68c0 [ 433.938681][ T86] ? rcu_is_watching+0x15/0xb0 [ 433.938700][ T86] evict_folios+0xb2b/0x2700 [ 434.114617][ T86] ? __pfx_evict_folios+0x10/0x10 [ 434.119642][ T86] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 434.125966][ T86] ? mem_cgroup_get_nr_swap_pages+0x28/0x110 [ 434.131942][ T86] ? get_swappiness+0x380/0x3e0 [ 434.136797][ T86] try_to_shrink_lruvec+0x9ab/0xbb0 [ 434.142002][ T86] ? __pfx_try_to_shrink_lruvec+0x10/0x10 [ 434.147721][ T86] ? page_counter_calculate_protection+0x18e/0x3e0 [ 434.154218][ T86] ? __pfx_lock_release+0x10/0x10 [ 434.159239][ T86] shrink_one+0x3cc/0x880 [ 434.163564][ T86] ? shrink_node+0x3723/0x4160 [ 434.168321][ T86] shrink_node+0x3975/0x4160 [ 434.172903][ T86] ? shrink_node+0x3723/0x4160 [ 434.177660][ T86] ? rcu_is_watching+0x15/0xb0 [ 434.182417][ T86] ? rcu_is_watching+0x15/0xb0 [ 434.187250][ T86] ? lock_acquire+0xe3/0x550 [ 434.191916][ T86] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 434.198323][ T86] ? __pfx_lock_acquire+0x10/0x10 [ 434.203338][ T86] ? rcu_is_watching+0x15/0xb0 [ 434.208085][ T86] ? __pfx_shrink_node+0x10/0x10 [ 434.213013][ T86] ? psi_memstall_enter+0x280/0x320 [ 434.218201][ T86] ? __pfx_psi_memstall_enter+0x10/0x10 [ 434.223736][ T86] kswapd+0x1799/0x35e0 [ 434.227988][ T86] ? kswapd+0xbae/0x35e0 [ 434.232224][ T86] ? __pfx_kswapd+0x10/0x10 [ 434.236718][ T86] ? lock_release+0xbf/0x9f0 [ 434.241308][ T86] ? do_raw_spin_lock+0x14f/0x370 [ 434.246342][ T86] ? __pfx_lock_release+0x10/0x10 [ 434.251385][ T86] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 434.257730][ T86] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 434.264061][ T86] ? rcu_is_watching+0x15/0xb0 [ 434.268814][ T86] ? __pfx_autoremove_wake_function+0x10/0x10 [ 434.274873][ T86] ? __kthread_parkme+0x169/0x1d0 [ 434.279904][ T86] ? __pfx_kswapd+0x10/0x10 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 434.284427][ T86] kthread+0x2f0/0x390 [ 434.288502][ T86] ? __pfx_kswapd+0x10/0x10 [ 434.292993][ T86] ? __pfx_kthread+0x10/0x10 [ 434.297578][ T86] ret_from_fork+0x4b/0x80 [ 434.301984][ T86] ? __pfx_kthread+0x10/0x10 [ 434.306564][ T86] ret_from_fork_asm+0x1a/0x30 [ 434.311351][ T86] [ 434.314363][ T86] ================================================================== [ 434.386101][T14049] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 434.393061][T14049] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 434.431719][ T86] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 434.438959][ T86] CPU: 0 UID: 0 PID: 86 Comm: kswapd0 Not tainted 6.10.0-rc7-next-20240710-syzkaller #0 [ 434.448693][ T86] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 434.458766][ T86] Call Trace: [ 434.462050][ T86] [ 434.464987][ T86] dump_stack_lvl+0x241/0x360 [ 434.469683][ T86] ? __pfx_dump_stack_lvl+0x10/0x10 [ 434.474899][ T86] ? __pfx__printk+0x10/0x10 [ 434.479500][ T86] ? rcu_is_watching+0x15/0xb0 [ 434.484277][ T86] ? vscnprintf+0x5d/0x90 [ 434.488710][ T86] panic+0x349/0x870 [ 434.492612][ T86] ? check_panic_on_warn+0x21/0xb0 [ 434.497725][ T86] ? __pfx_panic+0x10/0x10 [ 434.502133][ T86] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 434.508100][ T86] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 434.514420][ T86] ? print_report+0xe8/0x550 [ 434.518996][ T86] check_panic_on_warn+0x86/0xb0 [ 434.523922][ T86] ? drop_buffers+0x6f/0x710 [ 434.528497][ T86] end_report+0x77/0x160 [ 434.532724][ T86] kasan_report+0x154/0x180 [ 434.537211][ T86] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 434.543563][ T86] ? drop_buffers+0x6f/0x710 [ 434.548160][ T86] kasan_check_range+0x282/0x290 [ 434.553099][ T86] drop_buffers+0x6f/0x710 [ 434.557511][ T86] try_to_free_buffers+0x295/0x5f0 [ 434.562606][ T86] ? __pfx___might_resched+0x10/0x10 [ 434.567883][ T86] ? __pfx_try_to_free_buffers+0x10/0x10 [ 434.573502][ T86] ? filemap_release_folio+0x2ba/0x4b0 [ 434.578950][ T86] shrink_folio_list+0x26c2/0x8c90 [ 434.584069][ T86] ? __pfx_shrink_folio_list+0x10/0x10 [ 434.589521][ T86] ? memcg_rstat_updated+0x7b/0x2f0 [ 434.594717][ T86] ? __mod_memcg_lruvec_state+0x2af/0x3b0 [ 434.600430][ T86] ? cgroup_rstat_updated+0x13b/0xc60 [ 434.605792][ T86] ? __pfx_cgroup_rstat_updated+0x10/0x10 [ 434.611511][ T86] ? memcg_rstat_updated+0x7b/0x2f0 [ 434.616704][ T86] ? __count_memcg_events+0x190/0x2a0 [ 434.622066][ T86] ? rcu_is_watching+0x15/0xb0 [ 434.626812][ T86] ? trace_mm_vmscan_lru_isolate+0xa2/0x250 [ 434.632741][ T86] ? isolate_folios+0x58f7/0x68c0 [ 434.637774][ T86] ? isolate_folios+0x5a11/0x68c0 [ 434.642818][ T86] ? rcu_is_watching+0x15/0xb0 [ 434.647576][ T86] evict_folios+0xb2b/0x2700 [ 434.652181][ T86] ? __pfx_evict_folios+0x10/0x10 [ 434.657212][ T86] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 434.663537][ T86] ? mem_cgroup_get_nr_swap_pages+0x28/0x110 [ 434.669506][ T86] ? get_swappiness+0x380/0x3e0 [ 434.674354][ T86] try_to_shrink_lruvec+0x9ab/0xbb0 [ 434.679551][ T86] ? __pfx_try_to_shrink_lruvec+0x10/0x10 [ 434.685260][ T86] ? page_counter_calculate_protection+0x18e/0x3e0 [ 434.691750][ T86] ? __pfx_lock_release+0x10/0x10 [ 434.696764][ T86] shrink_one+0x3cc/0x880 [ 434.701085][ T86] ? shrink_node+0x3723/0x4160 [ 434.705838][ T86] shrink_node+0x3975/0x4160 [ 434.710416][ T86] ? shrink_node+0x3723/0x4160 [ 434.715171][ T86] ? rcu_is_watching+0x15/0xb0 [ 434.719925][ T86] ? rcu_is_watching+0x15/0xb0 [ 434.724677][ T86] ? lock_acquire+0xe3/0x550 [ 434.729257][ T86] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 434.735576][ T86] ? __pfx_lock_acquire+0x10/0x10 [ 434.740587][ T86] ? rcu_is_watching+0x15/0xb0 [ 434.745335][ T86] ? __pfx_shrink_node+0x10/0x10 [ 434.750265][ T86] ? psi_memstall_enter+0x280/0x320 [ 434.755455][ T86] ? __pfx_psi_memstall_enter+0x10/0x10 [ 434.761023][ T86] kswapd+0x1799/0x35e0 [ 434.765180][ T86] ? kswapd+0xbae/0x35e0 [ 434.769502][ T86] ? __pfx_kswapd+0x10/0x10 [ 434.773992][ T86] ? lock_release+0xbf/0x9f0 [ 434.778574][ T86] ? do_raw_spin_lock+0x14f/0x370 [ 434.783585][ T86] ? __pfx_lock_release+0x10/0x10 [ 434.788601][ T86] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 434.794923][ T86] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 434.801239][ T86] ? rcu_is_watching+0x15/0xb0 [ 434.805986][ T86] ? __pfx_autoremove_wake_function+0x10/0x10 [ 434.812042][ T86] ? __kthread_parkme+0x169/0x1d0 [ 434.817058][ T86] ? __pfx_kswapd+0x10/0x10 [ 434.821547][ T86] kthread+0x2f0/0x390 [ 434.825607][ T86] ? __pfx_kswapd+0x10/0x10 [ 434.830095][ T86] ? __pfx_kthread+0x10/0x10 [ 434.834676][ T86] ret_from_fork+0x4b/0x80 [ 434.839084][ T86] ? __pfx_kthread+0x10/0x10 [ 434.843661][ T86] ret_from_fork_asm+0x1a/0x30 [ 434.848419][ T86] [ 434.851539][ T86] Kernel Offset: disabled [ 434.855851][ T86] Rebooting in 86400 seconds..