last executing test programs: 5.445270055s ago: executing program 2 (id=244): r0 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000100)={@loopback, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x380000, @dev, 0x9}, 0x1c) sendmmsg$alg(r0, &(0x7f0000000240)=[{0x20000000, 0xff00, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="d80000000000000001"], 0xd8}], 0x1, 0x0) 5.331344179s ago: executing program 2 (id=246): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f0000000440)={0xc, r1}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r0, 0x3b71, &(0x7f0000000880)={0x20, 0x0, 0x0, 0xffffffffffffffff, 0x3}) 5.262323528s ago: executing program 2 (id=248): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000008c0)={0x2c, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0}) 2.878308661s ago: executing program 1 (id=269): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) write$P9_RWSTAT(r1, 0x0, 0x0) 2.111570776s ago: executing program 2 (id=273): openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000180), 0x122800, 0x0) r0 = syz_io_uring_setup(0x7934, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)=0x0) syz_io_uring_setup(0xa91, &(0x7f0000000340), &(0x7f0000000040)=0x0, &(0x7f0000000140)) syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r0, 0xec4, 0x0, 0x0, 0x0, 0x0) 1.983781244s ago: executing program 3 (id=275): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='ext4_ext_remove_space_done\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x18000, &(0x7f0000000000), 0x80, 0x62d, &(0x7f0000000c40)="$eJzs3c9rHNcdAPDvzEqyZauVXUqpTUsFPdhQvJZcU7c92e6hPhhqqA8h5GBhSY7w+geWDLZjsAw5JJBACLmG4Ev+gZBr0DXkFgKJbzkHnBCc5JAEb5jZWWuz2rU3kla78Xw+MDNv3szue98dvZ03MzuaAEprKhulEfsi4lwSMdmybCIaC6eK9R5+fft8NiRRr///qySSIq+5/qNiujsbJY3XfHwy4neV9eUu3bx1cbZWb7gTcXj50tXDSzdvHVq8NHth/sL85Zkj/zx6bPpfMx9uTZy7i+mp0//70+svv/iPhU9qh5I4HmdHX5qLtji2ylTj040sxNb8kYg4liU6fC6wnSrF3+NoRPwhJqOSzzVMxuJrA60c0Ff1SmP/VB+rA6WTxKBrAAxGsx/QPLbvx3HwMHtwIhvf6BD/SHH0vjM/Ntr1MGk5MspyI/ZsQfkrEfHj7f1vZ0N0OQ8xsgXldC3/bkT8sdP2T/L49+SRZvGnkba8LktPF+c2svr9ZxN1SFrSvf393dlEaT/3S+Jv3Q5Z/MeLaZZ/ssv7P+0Uz1TbfNnaHwCDsXqi2JFnHZFY2/9lPcNm/yfa+z/19/NrQ+37ro3ovv9Lt+Ddny7v/4102v839/c783142tYPS2Ll2zOd33K0PePzV0+92a38qZb+XzZk5Tf7gj3YdNfwwd2I/W3xv5J/9Mnj7Z906P9mq5zrsYz/fvrlqW7LNhn/ptXvRRzoePyz1ivNUm3XJ5NoXp88OnN4YbE2P90Ydyzjg49eeLdb+YOOP9v+u7rE/6Ttn+Vd7bGM987cu9RI7Vi3bOKp8adfjCVn89RYPl5rXmPJ6WKVxuTG7PLytSNPrktznXw604j/4F87t/8u8ecHH+PNr8weXH3u4sNuyza5/R/Ve1yxmyz+uQ1u/zd6LOO756//uduy9fGvnZMY32hQAAAAAAAAUFJpfg02SauP02laLS68/T52pbUrS8t/W7hy/fJcxMH895CjafNK92RjPsnmZ4rfwzbnj7TN/z0i9kbEW5XxfL56/kptbtDBAwAAAAAAAAAAAAAAAAAAwJDYXdz//6h4Htg3lTStVgddK2Db9PMBc8Bw0/6hvPL2vz3PWwOGjP0/lFfH9u9LAUpBU4fy0v6hvLR/KC/tH8pL+4fy6t7+1y252++6AAAAAABbZu9fVu+PRMTKv8fzITNWLBsdaM2AftPGobwqg64AMDCPL/C7/R9Kp6f+//fFPwfsf3WAAUg6Zeadg/qTG/9qx1cCAAAAAAAAAAAAAH1wYN/q/cT9/1BKbvuD8trY/f+Vjb8UGBqd/vW/x4FAOTjGh5Lr4STAzm4L3P8PAAAAAAAAAAAAANtmIh+StFr8DHgi0rRajfhNROyJ0WRhsTY/HRG/jYjPKqM7svmZQVcaAAAAAAAAAAAAAAAAAAAAnjFLN29dnK3V5q+1Jn5Yl/NsJ5pPPB2W+rQmIul7EWm05YxHxDDE3p/ESEtOErGSbfmteOdk838/MQyfT5EY8BcTAAAAAAAAAAAAAAAAAACUUMu9x53tf2ebawQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA22/t+f/9Sww6RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg1+mnAAAA//+EYjvS") 1.971969681s ago: executing program 1 (id=276): sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)={0x10000000000000cf, 0x0, [{0x40000003}]}) 1.873570611s ago: executing program 2 (id=277): syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000540)='./file0\x00', 0x800, &(0x7f00000009c0)={[{@fat=@nfs_nostale_ro}, {@uni_xlate}, {@uni_xlate}, {@fat=@gid}, {@uni_xlate}, {@numtail}, {@iocharset={'iocharset', 0x3d, 'iso8859-13'}}, {@fat=@flush}]}, 0x1, 0x28d, &(0x7f0000000240)="$eJzs3cFLG1kcB/BfTNZEYUkOC7LLwmbZy55EXfawp1UWF5YNtLTk0J4qNdJirKAg1IN6k/ZvaP+F9throYfSa/+BUii20Iv25KGQkk6iiU2jsYbU8vkc9PHy+zov42OcGZmXaz8vLc4vry7s7e1ELpeKzHRE7KeiEEORjsRWAADfkv1aLXZriVPEh/owJACgz/Zrf92NOPXffwDgHOpw/X9wTZ/aOui7OJjRAQD98EX3/939B4Bz6fKVq//PlEqzl4rFXMTS9lp5rZx8T16fWYibUY1KTEQ+3jf/U5CcLdS//vtfaXaiWPe6ELmlzUZ+c62cbs9PRj4KnfOTxUSUW/PfxWgj/2I0KjEV+fihc36qY344fv+tZfvjkY/n12M5qjEf9WySz0bExmSx+M+F0mG+fl5Tzn6sAwAAAAAAAAAAAAAAAAAAAACAfhgvNuUaPe3r94wfFhTa19dJqlvXBxrpuj7Q0fV5MvFTZnDvGwAAAAAAAAAAAAAAAAAAAL4mq7fXF+eq1cpKt8atZw+e7GSTwFy1+dT+camOjVQj3Ftq+6TFf598PN//+ure0Zcysb6Y7X3/nG3j8S8D2GhlJTK9pJ7u3Pjxj9WxPz9XE5nWnjv16dJWU59IHX5y5ix3+FDLFH2bjxg+7aTt3njYbEy/+6SmOZkqKyOD+J22NsbuT8892nj5ptGTjmNSXQ4atfTZH4gAAAAAAAAAAAAAAAAAAICWx60HPRIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGJzDz//vtZGNtp5cW83wwQZ2awN9fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUPchAAD//26KiX0=") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x200, 0x0) fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) 1.759540814s ago: executing program 4 (id=278): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000004c0)={@val={0x0, 0x806}, @val={0x0, 0x0, 0x3}, @mpls={[], @ipv4=@gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x4, 0x0, 0x0, 0x21, 0x0, @dev, @broadcast}}}}, 0x66) 1.701584173s ago: executing program 1 (id=279): syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="747970653dbcaeaad02c636f6465706167653d6d616363656e746575726f2c71756965742c6769643d", @ANYRESHEX=0x0, @ANYBLOB="2c696f636861727365743d61736369692c00d0a8ec5a8890d9d4633918a2987ec6ac65d89ba6a0bd63fd96f96c3fb4f466427906b003f094f4af9e914718a353af395b6bce5e7ceb326d22f8e0aa6cf83fa438fda2026de6d1ad2d1c38e021e414ce150a41bf70f7fd2f86a9ade73fafb467c81cb59813d68600000000000000093700004eeda023fe7ec1e7c3069db2dac8990e273ddc3fa7581ad213ae17f312bd029ed6299c36911207f114373bef12ca0219aeb4d0e69462402b7a5e8a8e4096fdc1aba6530b7d42418edb34b22302b2f059681e2f108dbd979e92"], 0x5, 0x2d9, &(0x7f0000000240)="$eJzs3T9v004cx/HPOUmb/lF//rVFSCygQiVYKgoMiCUIZWVnQkCTShVREW2RgIWCGBEPgJ2nwINgAfEEYGLiAXQzuvPFdRLHTUQTN+37JSVyLnfn73F2fF9L1AJwZt2r//x887d9GamkmqQ7UiCpKpUlndP56ovtva29VrOR11HJtbAvo7il6amzsd3MamrbuRZeaD+VNZ8uw2hEUXT3V9FBoHDu7M8QSNP+PHTfV8cc16jsSxeLjmHc0hNsDnSgl1ooMBwAwAngr/+Bv0zMuyKjIJBW/WX/VF3/D4oO4HjdavUURbkNUtd/t7qLjJ3f/9xXh/meS+Hs90E7SxwkmErX5ynFR1bHAtMclVW6WIKZza2y1jbeqhHonWpeqtqye2/Eh27bEdGuZOSmOfr3VtH92Xg0bkXZrR3S5larOW03MuJfGm6P/858Nd/NQxPqkxrJ+q8cGTtNbqbCrpkKKjb+6/17nHOtbC35tL9WqwUdVf53O7ng9+D1jtKk/xGr2RlJus/2DYL9JIK8ON2+F9V5WyEe3foRrZayWoXJpz6tljtalfyRsLbxrJV7K2U02kM0H80Ds6I/+qJ6av0f2PhWlToz837qjavpj4x4PFPZNcuuZthz5Tic6UtJBN700GODNOTdsg96otta2H31+mmp1Wru2I3HGRvP53eML6m8lzLrjH6jpJw62j8siaw3UTRoz9Eog792rB3a34+kxJ4+WZXtWZaUBOOeprOyUf+mvANycjaiSOrz1ch+p3CC7Jr2pPuCmYIDwrjZdZeJ8z+3kverOpci2bcwJxvJTzLV0eN6ksF1LgUX3fvsUBncXP8MLrXHG31yRpdzXb4qXUkVGuXuMfRxnhKmrh96xP1/AAAAAAAAAAAAAAAAAACASTOO/2lQ9BgBAAAAAAAAAAAAAAAAAAAAAJh0Xc//LQ30/N+svxHvnv8b8vxfYIL8DQAA//9KdXmE") mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl$SIOCAX25GETINFOOLD(r0, 0x89e3, &(0x7f0000000280)) 1.63565148s ago: executing program 0 (id=280): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) wait4(0x0, 0x0, 0x40000000, 0x0) 1.614674989s ago: executing program 2 (id=281): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x955, 0x7214, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x8, "db19ff47"}]}}, 0x0}, 0x0) ioctl$KVM_SET_CLOCK(r0, 0x4030ae7b, 0x0) 1.403543497s ago: executing program 1 (id=282): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2={0xff, 0x3}}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendto$inet6(r0, &(0x7f0000000740)="9e3b22e0a8caa3a0", 0x8, 0x0, 0x0, 0x0) 1.358246912s ago: executing program 3 (id=283): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000130afff7"], 0x14}}, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), r0) 1.357735562s ago: executing program 4 (id=284): syz_mount_image$minix(&(0x7f0000000540), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="5233e4bcc8bb45113a25c1610e31d6cf63a55d6630a3393e148124e5f1a1436d9dc07e9071d1439b8e2197a77007013ebc090ec868980b344cbab5d9b01e239608a77a0ef84b71da8c25f697aad73b14d3dc5908370b7c45868ea512b8fc0bca8c4528e4297b3e413fd2dce3e006d7bcd25e582f516c51ee87e1153bbbcef76d7bb9955f66d313b51b76a55e34533f6b25fa6219e854e61d5212b6edfd829cac6ff13953d7304e9c47fe5d9c67d48183", @ANYRES8=0x0], 0xfd, 0x187, &(0x7f0000000200)="$eJzs289q4lAUx/Hf9e+M8//fZlYDMzCzGTM60LS7+iiiqZXGVmo3SqH4KH2gvkGhL6DQvkBTGsU2wWJIMbH6/YDkHuFwzl1cPXcRAdhYHyUZGeUleZ53tv/L6EfaTQFIhKdbD8Cmyl6n3QGAdIxrWX8O6Eq6ujltjKaffMT5YVzL+M9dSaNH+YWo+UPjP7/ngvlFSa+izC/nk/zfofqvjXkq5fJiTv1SKL8Uuf/J/v/8DOa/kfRW0jsjvZf0YXrX+iTp85z6zVD9bxHrA89hVA7HgS8y2mu7zr9ZnPfjyiwu+HE1FP+fxUU/LjeO3OaytgAgpsyC858Nnf9c6PwDeLl6/cFB3XWd4w1dDBMuOpS0KnuPuZBWog0Wixb39+f46Wn/MgFYNuuk07V6/cHfdqfeclrOYdXese3KdmXLtvzJ3wrO/wDWx8OfftqdAAAAAAAAAAAAAACAuL5I+pp2EwAAAAASkcTbSGnvEQAAAAAAAAAAAAAAAAAAAFgXdwEAAP//xZ5OgA==") mkdir(&(0x7f0000000440)='./control\x00', 0x0) open$dir(&(0x7f00000002c0)='./control/file0\x00', 0x80040, 0x0) unlink(&(0x7f00000001c0)='./control/file0\x00') rmdir(&(0x7f0000000000)='./control\x00') 1.241192363s ago: executing program 1 (id=285): syz_mount_image$hfs(&(0x7f0000000040), &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x30008c0, &(0x7f00000004c0)={[{}, {@codepage={'codepage', 0x3d, 'iso8859-13'}}, {@iocharset={'iocharset', 0x3d, 'iso8859-1'}}, {}, {@part={'part', 0x3d, 0x5}}]}, 0x11, 0x2b6, &(0x7f0000000200)="$eJzs3U9rE0EYx/HfbNI22lK3tiJ4rBb0Ilov4iUieRGeRG0iFENFrfjnVMWTiN69+xZ8EV4U34CePPkC6mllZifZJLvZTUOTber3Aw2b7D47z2T/zDyBsgLw37rV+Pn52m/7Z6SKKtK7G1IgqSZVJZ3R2dqznd3t3Xarmbejiouwf0ZxpElts7XTygq1cS7CC+27qpZ6P8NkRFF081fZSaB07urPEEgL/up062tTzyzf6zHj9g45j1lj9rWvF1ouOw8AQLn8+B/4cX7Jz9+DQNrww/6RHP/HtV92AhMX5a7tGf9dlRUZe3xPuVVJvedKOLs+6FSJo7Q8N/B+XvGZ1TfBNEVVpcslOPFgu926vPWo3Qz0RnWvZ7M199qMT92OgmzXM2rTHCP03WTPKBddH+ZsHzbj/J9L6st/dcwWx2a+mu/mjgn1Sc3u/K8aGXuY3JEKB45UnP+V4Xt0vQztVvK3jXq9HvRtsuIaOedb8Ap6WcuuSNQ5o1bU/wNBWJSnizo9EBX37mpB1Gpm1Gbn3ZCotb4o25vu2Ty8vUkzH8xts64/+qJGz/w/sPltKPfKTK4asxEPBe4bj/szn91c1e0zTI0c6cul+y0uDEv9b/49DQfwXvd1XctPX756WGm3W0/swr2MhcdL3U/m3kqZ25S8oL3kkwVFTmrjzqA0zcQuHeoO7f2jcGN7lR2Jg3KsFxrfpnsilbFQ8v0JU5Ec9LIzQUnsvMvE9V9Sr1TjyZ59CTPn6SP+EOD3GNk5dreCS2KjeEYu6eSBKrjF4RVcuuZK1Yyu5jp/Uboweouhz/OYMA390F1+/wcAAAAAAAAAAAAAAAAAAJg10/h3grL7CAAAAAAAAAAAAAAAAAAAAADArOs+/1ed5/9qtOf/Dj6K5TCf//txRzz/F5i8fwEAAP//FZd8vg==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$UHID_INPUT(r0, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3590bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d080000000000000014f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bdd277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd4829bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabaf18647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15283217e03d02a4054f34af3a65ef6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bccdf42bfd174d29b540161b4113c4e1a13f3a62bc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b391b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815501681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add38a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889581c750c34586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7004757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11c39d6fdcf5926d6ad5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a038813f2bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa500a0000000000006a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a00", 0xfffffffffffffe43}}, 0x1006) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0) open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) 1.053016134s ago: executing program 1 (id=286): r0 = syz_mount_image$btrfs(&(0x7f0000000200), &(0x7f0000005600)='./file0\x00', 0x800, &(0x7f0000000240), 0x0, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR") ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r0, 0x4008941a, &(0x7f0000000080)=0x2) r1 = epoll_create1(0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) ioctl$BTRFS_IOC_SEND(r0, 0x40489426, &(0x7f00000003c0)={{r1}, 0x1, &(0x7f0000000040)=[0x5], 0x5, 0x4, 0x4}) 989.500168ms ago: executing program 4 (id=287): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000280)=[@in6={0xa, 0x0, 0x0, @private1}]}, &(0x7f0000000140)=0x10) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x7d, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x54) 810.709388ms ago: executing program 0 (id=288): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 810.057263ms ago: executing program 3 (id=289): r0 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000080)=0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1) r3 = socket(0x10, 0x3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_SEND={0x1a, 0x20, 0x0, r3, 0x0, 0x0, 0x0, 0x200440c0, 0x1}) io_uring_enter(r0, 0x27e2, 0x0, 0x0, 0x0, 0x0) 698.378397ms ago: executing program 4 (id=290): prctl$PR_SET_MM_MAP(0x41, 0x3, 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x7fa962bfffff, 0x13012, r0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 687.390526ms ago: executing program 0 (id=291): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x8, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040), &(0x7f0000000600)="f231692662af33dcd6e72d2d6c42a3e70e68dc60501df625baca6177a1eb7b00591b7fda548374e7a70719f7357286a876b46e73ba65f3937e71482405954cf4a648f1b79912e227d70879141010a24f897793b071eac11770441610ea64ca711a042b7a389f87feea43637c989255000b1a82a9ad607ff18665fabab712d869061c435d45a42a7ba9286b432e341cd8a328a8fc1e9784aeb6374279dec90c4e96181d2be82047fb72", 0xce, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) 651.420675ms ago: executing program 3 (id=292): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f000000b500), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f000000d040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x34, r1, 0x8de13c6b70ae92c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x18, 0x11d, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x99}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x8f}]}]}]}, 0x34}}, 0x0) 502.984867ms ago: executing program 3 (id=293): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0xb2, 0x4) sendmmsg$inet6(r0, &(0x7f0000001100)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x8, @loopback}, 0x1c, 0x0}}], 0x1, 0x1) recvmmsg(r0, &(0x7f0000003380)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000dc0)=""/19, 0x13}, 0x101}], 0x1, 0x12141, 0x0) 502.392427ms ago: executing program 4 (id=294): r0 = socket(0x10, 0x3, 0x0) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000200)=0x1, 0x4) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000800)={'filter\x00', 0x7, 0x4, 0x418, 0x110, 0x0, 0x0, 0x330, 0x330, 0x330, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @multicast1}}}, {{@arp={@local, @broadcast, 0x0, 0xff, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pimreg\x00', 'pim6reg1\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@local, @mac=@dev, @rand_addr, @broadcast}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@multicast, @empty, @broadcast, @multicast2}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x468) recvmmsg$unix(r0, &(0x7f00000001c0), 0x4000000000000bd, 0x2, 0x0) sendmsg$NFQNL_MSG_VERDICT_BATCH(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)={0x14, 0x3, 0x3, 0x3}, 0x14}}, 0x0) 494.583316ms ago: executing program 0 (id=295): syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f0000000240)='./bus\x00', 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="005901e3fd18fb9c322293c67dcde48bfeffd1843c336e09b34af65ad26aafded7da5cfeeda2b8d8d900c2195f00f646f699eeb47813177405a6a6baf786c0d14f2079a9efa9db8973bcca25eb2973856c6760a483c41d0980c78a4cb096a5affa6b980600000000000000a1eacd2c820176737d4eb55dca564820dd769d8742f6d9ab243775a67afcdf845f978e95365cdf6f30aa43423b381881433e00ccbe6353b21300d8f0ca972589398eef9487db78486fcf174990c488031f8b39cc01bb509f3ea4bcde33d4c9e305ecb4dd88204c5d7bb5e469cabfda0feca3ce70c0acbc34d13e5a5c796eab23abfe3b717834f8e9d7120e1e925c4e210b4152c75210b3e979fbe8ddf23eef2d53733209b22206e0a4afc354c33d7ca2a00116a14d686e4aa86b6ec6a4130178c3ad8c723c0d8506bd7bff780000000000000000004b2ec61cfde813cc124715aaaf5508b93d8cf0860042108b660b74f94b1e4851eeec09fdb7a617eabeeeff8ce8bb99f4b1f9c2896cf31e19c3c24155b0ea7dc3cae1b56acb1946830cad94af3f1caf43ea03b38fc08a7e19480e283a4c0d", @ANYRES64=0x0, @ANYRES16=0x0, @ANYRESHEX, @ANYRES64=0x0, @ANYRES32, @ANYRESOCT=0x0], 0x21, 0x1f9, &(0x7f0000000b80)="$eJzskr1rFEEYxp/ZndvsBWMOiYIiiBo0TXJ7Gzk/CgUbD7UQiRADgsdmcy5u/Mge6B0pVhBEbASDkCAWgiSIhfgPuIVVOoVgFwKpU6QQQRJXZvbdc47rrebXPDPvvPN+zdyJHkZ9AHa35z2gBAHHEL4xBg7gCJMmTJuZ2qRXSS06v2RkmpD+Jt093Z6cAlhwbL1qJHFmxM/VDXgYvIWzb698/H69sLC2b+v9F3Fy+UbrM9jJ6cF3bz69vLg4IMOzm1NqHDM5vGQfZbLYVzuT6xv8IIbyWMHC2n77z4HVp8sfqs9FB69nwJwlG8DY19HF887AC4NiRq323XoY+nPRhScGtmSqH9vznljcBpCmaSp7B1ADoPqI9lcUn0McmABgIu34cPyj3Jx9UI5a7dFgtt7wG/491x2vOqdoivCd8kwQ+g5TUtAEYQC/RBbxTEXlvABgB7gm9v3oRjil/VlpdM7Uu5bydCPHu+8aSlu5MiSdu33kJ2qfwAmI0T6KmWIdllE4ZEs1FGHSpsKV+rJcDQChP+bdt8kkPK2isgn9yiYKnYCuuhk/k38pPCMdJq2RLpNukuY/Ov+pXEYw6CVGYsDC43qzOVexgJU9dItsrhhctirF6sBE1pLZ3dw5Ez3s7TVpNBqNRqPRaDQazX/hbwAAAP//FKeYyA==") munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) 362.088976ms ago: executing program 3 (id=296): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000480)={0xa, 0x0, 0x0, @mcast1={0xff, 0x5}}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c) shutdown(r0, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) 232.706338ms ago: executing program 4 (id=297): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f00000000c0)={@val={0x8, 0x800}, @val, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, {{0x0, 0x88a8, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}, 0x36) 152.818557ms ago: executing program 0 (id=298): syz_emit_ethernet(0x7a, &(0x7f0000000280)=ANY=[@ANYBLOB="0180c20000001704b45adbde810000000800450000680000000000019078ac1e0001ac1414aa05009078e00000e0430000000000000000110000ac04000000000000000300443400030000000001000000ffffffff00000000ac1414"], 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000203010400000000ffffffff000000000800010001"], 0x28}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x2, 0x3, 0x201, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_VERDICT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="20000000030301010000000000000000000000000c0002"], 0x20}}, 0x0) 0s ago: executing program 0 (id=299): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount_setattr(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0, &(0x7f0000000080)={0x0, 0x0, 0x20000}, 0x20) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.4' (ED25519) to the list of known hosts. [ 47.989644][ T5225] cgroup: Unknown subsys name 'net' [ 48.139020][ T5225] cgroup: Unknown subsys name 'cpuset' [ 48.148205][ T5225] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 49.489205][ T5225] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 51.811301][ T5252] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 51.818587][ T5253] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 51.836405][ T5252] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 51.846336][ T5253] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 51.855069][ T5252] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 51.858769][ T5254] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 51.865552][ T5252] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 51.872480][ T5253] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 51.882587][ T5255] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 51.897387][ T5253] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 51.902561][ T5252] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 51.911901][ T5254] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 51.919163][ T5252] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 51.935430][ T5257] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 51.936529][ T5254] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 51.943999][ T5257] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 51.952939][ T5254] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 51.969255][ T5252] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 51.969484][ T5254] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 51.978401][ T5257] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 51.991249][ T5254] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 51.997572][ T5252] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 52.006273][ T5254] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 52.020054][ T5257] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 52.039185][ T5257] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 52.048492][ T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 52.057153][ T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 52.059882][ T5257] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 52.072308][ T5257] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 52.080889][ T5257] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 52.520363][ T5248] chnl_net:caif_netlink_parms(): no params data found [ 52.553972][ T5237] chnl_net:caif_netlink_parms(): no params data found [ 52.606963][ T5235] chnl_net:caif_netlink_parms(): no params data found [ 52.666813][ T5236] chnl_net:caif_netlink_parms(): no params data found [ 52.703585][ T5243] chnl_net:caif_netlink_parms(): no params data found [ 52.788260][ T5237] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.796140][ T5237] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.810491][ T5237] bridge_slave_0: entered allmulticast mode [ 52.818175][ T5237] bridge_slave_0: entered promiscuous mode [ 52.838135][ T5248] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.849078][ T5248] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.856620][ T5248] bridge_slave_0: entered allmulticast mode [ 52.865006][ T5248] bridge_slave_0: entered promiscuous mode [ 52.895412][ T5237] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.903316][ T5237] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.914391][ T5237] bridge_slave_1: entered allmulticast mode [ 52.923694][ T5237] bridge_slave_1: entered promiscuous mode [ 52.952945][ T5248] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.961265][ T5248] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.969598][ T5248] bridge_slave_1: entered allmulticast mode [ 52.977776][ T5248] bridge_slave_1: entered promiscuous mode [ 53.059582][ T5237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.071952][ T5236] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.083441][ T5236] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.091683][ T5236] bridge_slave_0: entered allmulticast mode [ 53.099676][ T5236] bridge_slave_0: entered promiscuous mode [ 53.109022][ T5235] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.117428][ T5235] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.126548][ T5235] bridge_slave_0: entered allmulticast mode [ 53.133948][ T5235] bridge_slave_0: entered promiscuous mode [ 53.145638][ T5235] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.153217][ T5235] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.161784][ T5235] bridge_slave_1: entered allmulticast mode [ 53.170164][ T5235] bridge_slave_1: entered promiscuous mode [ 53.182763][ T5248] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.198176][ T5248] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.227051][ T5237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.244150][ T5236] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.252046][ T5236] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.260337][ T5236] bridge_slave_1: entered allmulticast mode [ 53.267924][ T5236] bridge_slave_1: entered promiscuous mode [ 53.290753][ T5243] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.298870][ T5243] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.307749][ T5243] bridge_slave_0: entered allmulticast mode [ 53.315861][ T5243] bridge_slave_0: entered promiscuous mode [ 53.334628][ T5237] team0: Port device team_slave_0 added [ 53.368988][ T5243] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.380941][ T5243] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.388680][ T5243] bridge_slave_1: entered allmulticast mode [ 53.396625][ T5243] bridge_slave_1: entered promiscuous mode [ 53.406775][ T5237] team0: Port device team_slave_1 added [ 53.432684][ T5236] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.444404][ T5235] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.456268][ T5235] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.470005][ T5248] team0: Port device team_slave_0 added [ 53.506643][ T5236] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.543223][ T5248] team0: Port device team_slave_1 added [ 53.571926][ T5237] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.582807][ T5237] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.615529][ T5237] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.629484][ T5237] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.637594][ T5237] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.665531][ T5237] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.688830][ T5236] team0: Port device team_slave_0 added [ 53.699237][ T5235] team0: Port device team_slave_0 added [ 53.708169][ T5235] team0: Port device team_slave_1 added [ 53.721816][ T5248] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.730323][ T5248] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.758693][ T5248] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.776580][ T5243] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.794375][ T5236] team0: Port device team_slave_1 added [ 53.819490][ T5248] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.827309][ T5248] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.857166][ T5248] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.873100][ T5243] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.897090][ T5235] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.904983][ T5235] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.933368][ T5235] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.945804][ T5235] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.952808][ T5235] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.981472][ T5235] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.045463][ T5236] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.052595][ T5236] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.055595][ T5250] Bluetooth: hci1: command tx timeout [ 54.079629][ T5236] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.085759][ T5257] Bluetooth: hci2: command tx timeout [ 54.122218][ T5243] team0: Port device team_slave_0 added [ 54.128411][ T5250] Bluetooth: hci3: command tx timeout [ 54.132259][ T5243] team0: Port device team_slave_1 added [ 54.134953][ T5257] Bluetooth: hci4: command tx timeout [ 54.141118][ T54] Bluetooth: hci0: command tx timeout [ 54.162238][ T5237] hsr_slave_0: entered promiscuous mode [ 54.168897][ T5237] hsr_slave_1: entered promiscuous mode [ 54.178334][ T5236] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.186694][ T5236] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.219099][ T5236] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.248648][ T5248] hsr_slave_0: entered promiscuous mode [ 54.256240][ T5248] hsr_slave_1: entered promiscuous mode [ 54.263066][ T5248] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.271366][ T5248] Cannot create hsr debugfs directory [ 54.297220][ T5243] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.304305][ T5243] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.331915][ T5243] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.370434][ T5236] hsr_slave_0: entered promiscuous mode [ 54.377028][ T5236] hsr_slave_1: entered promiscuous mode [ 54.383480][ T5236] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.392468][ T5236] Cannot create hsr debugfs directory [ 54.403267][ T5235] hsr_slave_0: entered promiscuous mode [ 54.410610][ T5235] hsr_slave_1: entered promiscuous mode [ 54.417250][ T5235] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.425024][ T5235] Cannot create hsr debugfs directory [ 54.431703][ T5243] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.439605][ T5243] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.466529][ T5243] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.645178][ T5243] hsr_slave_0: entered promiscuous mode [ 54.651830][ T5243] hsr_slave_1: entered promiscuous mode [ 54.658519][ T5243] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.666717][ T5243] Cannot create hsr debugfs directory [ 54.913950][ T5236] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 54.941241][ T5236] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 54.951917][ T5236] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 54.963180][ T5236] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 55.019925][ T5237] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 55.032726][ T5237] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 55.054790][ T5237] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 55.070645][ T5237] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 55.116645][ T5235] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 55.134434][ T5235] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 55.173749][ T5235] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 55.188674][ T5235] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 55.253694][ T5248] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 55.269066][ T5248] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 55.287234][ T5248] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 55.297837][ T5248] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 55.356176][ T5236] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.377414][ T5243] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 55.410594][ T5243] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 55.424315][ T5243] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 55.446520][ T5243] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 55.470650][ T5236] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.518400][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.525908][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.551341][ T1111] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.559101][ T1111] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.631112][ T5235] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.647559][ T5237] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.704243][ T5237] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.742378][ T5235] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.772108][ T1111] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.779853][ T1111] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.793670][ T1111] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.801292][ T1111] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.815316][ T5248] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.839255][ T1111] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.846456][ T1111] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.859361][ T1111] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.867582][ T1111] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.933572][ T5248] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.971926][ T5243] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.993947][ T2484] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.001572][ T2484] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.025742][ T1833] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.033057][ T1833] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.061387][ T5243] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.100734][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.108080][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.125145][ T54] Bluetooth: hci1: command tx timeout [ 56.128840][ T5257] Bluetooth: hci2: command tx timeout [ 56.147503][ T5235] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.193131][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.200325][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.208180][ T5257] Bluetooth: hci0: command tx timeout [ 56.208733][ T54] Bluetooth: hci4: command tx timeout [ 56.213603][ T5257] Bluetooth: hci3: command tx timeout [ 56.292738][ T5236] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.309043][ T5243] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.466498][ T5236] veth0_vlan: entered promiscuous mode [ 56.511531][ T5236] veth1_vlan: entered promiscuous mode [ 56.589594][ T5236] veth0_macvtap: entered promiscuous mode [ 56.633004][ T5236] veth1_macvtap: entered promiscuous mode [ 56.712001][ T5235] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.730328][ T5237] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.742130][ T5236] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.760536][ T5248] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.788131][ T5243] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.828273][ T5236] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.859022][ T5236] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.868727][ T5236] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.878916][ T5236] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.888472][ T5236] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.952713][ T5235] veth0_vlan: entered promiscuous mode [ 57.016010][ T5235] veth1_vlan: entered promiscuous mode [ 57.097404][ T5243] veth0_vlan: entered promiscuous mode [ 57.117328][ T5248] veth0_vlan: entered promiscuous mode [ 57.154411][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.158746][ T5248] veth1_vlan: entered promiscuous mode [ 57.183297][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.186865][ T5243] veth1_vlan: entered promiscuous mode [ 57.223160][ T5235] veth0_macvtap: entered promiscuous mode [ 57.253830][ T5235] veth1_macvtap: entered promiscuous mode [ 57.269136][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.292802][ T5237] veth0_vlan: entered promiscuous mode [ 57.299660][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.320653][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.333271][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.348830][ T5235] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.385485][ T5237] veth1_vlan: entered promiscuous mode [ 57.398755][ T5243] veth0_macvtap: entered promiscuous mode [ 57.404293][ T5236] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 57.410794][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.433086][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.445133][ T5235] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.472809][ T5248] veth0_macvtap: entered promiscuous mode [ 57.493444][ T5243] veth1_macvtap: entered promiscuous mode [ 57.536597][ T5235] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.549964][ T5235] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.560483][ T5235] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.573123][ T5235] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.598420][ T5248] veth1_macvtap: entered promiscuous mode [ 57.613169][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.630574][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.641111][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.654018][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.670382][ T5243] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.712426][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.732312][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.748880][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.762207][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.775777][ T5243] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.836874][ T5248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.855011][ T5248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.881343][ T5248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.894724][ T5248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.904853][ T5248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.915729][ T5248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.927883][ T5248] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.938540][ T5248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.949243][ T5248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.959218][ T5248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.969948][ T5248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.980664][ T5248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.991217][ T5248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.003388][ T5248] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.012329][ T5243] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.031229][ T5243] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.040921][ T5243] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.058920][ T5243] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.084671][ T5248] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.093437][ T5248] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.111949][ T5248] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.119701][ T5323] loop3: detected capacity change from 0 to 32768 [ 58.122801][ T5248] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.139684][ T5237] veth0_macvtap: entered promiscuous mode [ 58.152739][ T5237] veth1_macvtap: entered promiscuous mode [ 58.169656][ T5237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.180564][ T5237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.190428][ T5237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.201069][ T5237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.212463][ T5237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.223081][ T5237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.233027][ T5237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.243633][ T5237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.255467][ T5237] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.267279][ T5257] Bluetooth: hci1: command tx timeout [ 58.273033][ T5257] Bluetooth: hci2: command tx timeout [ 58.292134][ T5257] Bluetooth: hci4: command tx timeout [ 58.297973][ T5257] Bluetooth: hci3: command tx timeout [ 58.303474][ T5257] Bluetooth: hci0: command tx timeout [ 58.329196][ T5237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.333091][ T5323] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 58.341481][ T5237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.359926][ T5237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.373311][ T5237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.384612][ T5237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.396698][ T5237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.407093][ T5237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.417980][ T5323] XFS (loop3): Internal error hlen <= 0 || hlen > bufsize at line 2968 of file fs/xfs/xfs_log_recover.c. Caller xlog_valid_rec_header+0x251/0x390 [ 58.418320][ T5237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.433450][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.3.4 Not tainted 6.12.0-rc3-next-20241014-syzkaller #0 [ 58.451221][ T5237] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.453561][ T5323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 58.471152][ T5323] Call Trace: [ 58.474670][ T5323] [ 58.477761][ T5323] dump_stack_lvl+0x241/0x360 [ 58.482748][ T5323] ? __pfx_dump_stack_lvl+0x10/0x10 [ 58.488005][ T5323] ? xfs_rw_bdev+0x2de/0x300 [ 58.493017][ T5323] xfs_corruption_error+0x11d/0x170 [ 58.498228][ T5323] ? xlog_valid_rec_header+0x251/0x390 [ 58.503989][ T5323] xlog_valid_rec_header+0x2e0/0x390 [ 58.509304][ T5323] ? xlog_valid_rec_header+0x251/0x390 [ 58.514867][ T5323] xlog_do_recovery_pass+0x29d/0xdc0 [ 58.520265][ T5323] ? mark_lock+0x9a/0x360 [ 58.524624][ T5323] ? __pfx_xlog_do_recovery_pass+0x10/0x10 [ 58.531208][ T5323] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 58.537701][ T5323] ? xlog_verify_head+0x1b0/0x5a0 [ 58.542909][ T5323] ? kfree+0x1a0/0x460 [ 58.547123][ T5323] ? xlog_verify_head+0x1b0/0x5a0 [ 58.552407][ T5323] xlog_verify_head+0x21f/0x5a0 [ 58.557480][ T5323] ? xlog_bread+0x57/0xc0 [ 58.562192][ T5323] ? __pfx_xlog_verify_head+0x10/0x10 [ 58.567689][ T5323] ? xlog_check_unmount_rec+0x295/0x5c0 [ 58.573276][ T5323] ? __pfx_xlog_check_unmount_rec+0x10/0x10 [ 58.579393][ T5323] xlog_find_tail+0xa04/0xdf0 [ 58.584229][ T5323] ? __pfx_xlog_find_tail+0x10/0x10 [ 58.589637][ T5323] ? try_to_wake_up+0x9f3/0x14b0 [ 58.595235][ T5323] xlog_recover+0xe1/0x540 [ 58.599681][ T5323] ? __pfx_xlog_recover+0x10/0x10 [ 58.604743][ T5323] xfs_log_mount+0x252/0x3e0 [ 58.609678][ T5323] xfs_mountfs+0xd2b/0x2020 [ 58.615905][ T5323] ? __pfx_xfs_mountfs+0x10/0x10 [ 58.621326][ T5323] ? xfs_mru_cache_create+0x4c6/0x5f0 [ 58.626757][ T5323] ? rcu_is_watching+0x15/0xb0 [ 58.631563][ T5323] xfs_fs_fill_super+0x11f0/0x1460 [ 58.636732][ T5323] get_tree_bdev_flags+0x48c/0x5c0 [ 58.641956][ T5323] ? __pfx_xfs_fs_fill_super+0x10/0x10 [ 58.647537][ T5323] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 58.653204][ T5323] ? apparmor_capable+0x13b/0x1b0 [ 58.658374][ T5323] vfs_get_tree+0x90/0x2b0 [ 58.663214][ T5323] do_new_mount+0x2be/0xb40 [ 58.667808][ T5323] ? __pfx_do_new_mount+0x10/0x10 [ 58.672864][ T5323] __se_sys_mount+0x2d6/0x3c0 [ 58.677557][ T5323] ? __pfx___se_sys_mount+0x10/0x10 [ 58.682844][ T5323] ? exc_page_fault+0x590/0x8c0 [ 58.688066][ T5323] ? __x64_sys_mount+0x20/0xc0 [ 58.693473][ T5323] do_syscall_64+0xf3/0x230 [ 58.697992][ T5323] ? clear_bhb_loop+0x35/0x90 [ 58.702679][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.708615][ T5323] RIP: 0033:0x7fd6eb97f79a [ 58.713073][ T5323] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.732902][ T5323] RSP: 002b:00007fd6ec6a4e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 58.741362][ T5323] RAX: ffffffffffffffda RBX: 00007fd6ec6a4ef0 RCX: 00007fd6eb97f79a [ 58.749818][ T5323] RDX: 0000000020000280 RSI: 0000000020000580 RDI: 00007fd6ec6a4eb0 [ 58.757817][ T5323] RBP: 0000000020000280 R08: 00007fd6ec6a4ef0 R09: 0000000000014800 [ 58.766778][ T5323] R10: 0000000000014800 R11: 0000000000000246 R12: 0000000020000580 [ 58.774859][ T5323] R13: 00007fd6ec6a4eb0 R14: 00000000000098e1 R15: 0000000020000140 [ 58.783689][ T5323] [ 58.807161][ T5323] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 58.820668][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.829228][ T5323] XFS (loop3): Torn write (CRC failure) detected at log block 0x10. Truncating head block from 0x30. [ 58.829989][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.854915][ T5323] XFS (loop3): Corruption warning: Metadata has LSN (1:48) ahead of current LSN (1:16). Please unmount and run xfs_repair (>= v4.3) to resolve. [ 58.870909][ T5323] XFS (loop3): log mount/recovery failed: error -22 [ 58.897464][ T5323] XFS (loop3): log mount failed [ 58.921092][ T5237] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.932931][ T5237] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.945881][ T5237] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.957955][ T5237] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.107835][ T1111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.131157][ T1111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.199287][ T2520] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.221047][ T2520] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.300727][ T2520] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.335394][ T2520] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.346224][ T1111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.389291][ T5323] loop3: detected capacity change from 0 to 128 [ 59.412302][ T1111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.448727][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.462382][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.468726][ T5323] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 59.502793][ T1833] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.503111][ T5323] ext4 filesystem being mounted at /0/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 59.512289][ T1833] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.616831][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.625410][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.736473][ T5236] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 60.202026][ T5340] loop3: detected capacity change from 0 to 32768 [ 60.438676][ T5257] Bluetooth: hci2: command tx timeout [ 60.445150][ T5257] Bluetooth: hci1: command tx timeout [ 60.451095][ T5257] Bluetooth: hci0: command tx timeout [ 60.456843][ T5257] Bluetooth: hci3: command tx timeout [ 60.462450][ T5257] Bluetooth: hci4: command tx timeout [ 60.538628][ T5338] loop0: detected capacity change from 0 to 40427 [ 60.547612][ T5342] loop2: detected capacity change from 0 to 32768 [ 60.572616][ T5338] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 60.584400][ T5338] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 60.617047][ T5342] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.3 (5342) [ 60.664872][ T5342] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 60.679317][ T5349] loop1: detected capacity change from 0 to 64 [ 60.692611][ T5342] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 60.703520][ T5342] BTRFS info (device loop2): using free-space-tree [ 60.734250][ T5340] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 60.775452][ T5291] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 60.880746][ T5338] F2FS-fs (loop0): Found nat_bits in checkpoint [ 61.065132][ T5291] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 61.094898][ T5342] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 61.105041][ T5291] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 61.142362][ T5340] XFS (loop3): Ending clean mount [ 61.159896][ T5243] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 61.172814][ T5291] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 61.192994][ T5338] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 61.194204][ T5340] XFS (loop3): Quotacheck needed: Please wait. [ 61.212428][ T5291] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 61.215436][ T5338] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 61.228381][ T5291] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.286107][ T5291] usb 5-1: config 0 descriptor?? [ 61.390525][ T29] audit: type=1800 audit(1728905513.421:2): pid=5338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1" name="bus" dev="loop0" ino=10 res=0 errno=0 [ 61.448949][ T5377] syz.0.1: attempt to access beyond end of device [ 61.448949][ T5377] loop0: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 61.556835][ T5340] XFS (loop3): Quotacheck: Done. [ 61.627079][ T5338] syz.0.1: attempt to access beyond end of device [ 61.627079][ T5338] loop0: rw=0, sector=45096, nr_sectors = 8 limit=40427 [ 61.810166][ T5291] plantronics 0003:047F:FFFF.0001: ignoring exceeding usage max [ 61.821464][ T5382] loop2: detected capacity change from 0 to 4096 [ 61.869524][ T5291] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 61.881785][ T5382] NILFS (loop2): invalid segment: Checksum error in segment payload [ 61.917921][ T5375] loop1: detected capacity change from 0 to 32768 [ 61.933925][ T5382] NILFS (loop2): trying rollback from an earlier position [ 61.942777][ T5375] XFS: ikeep mount option is deprecated. [ 61.961121][ T5291] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 61.986543][ T5375] XFS: noikeep mount option is deprecated. [ 62.017998][ T5236] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 62.029406][ T5382] NILFS (loop2): recovery complete [ 62.113885][ T5291] usb 5-1: USB disconnect, device number 2 [ 62.155133][ T5388] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 62.185638][ T5375] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 62.344759][ T29] audit: type=1800 audit(1728905514.351:3): pid=5382 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.11" name="bus" dev="loop2" ino=12 res=0 errno=0 [ 62.427217][ T5375] XFS (loop1): Ending clean mount [ 62.508045][ T5375] XFS (loop1): Quotacheck needed: Please wait. [ 62.633906][ T5397] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12'. [ 62.664324][ T5375] XFS (loop1): Quotacheck: Done. [ 62.821087][ T5405] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 62.851790][ T5404] loop0: detected capacity change from 0 to 256 [ 62.908082][ T5235] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 62.969017][ T29] audit: type=1326 audit(1728905514.991:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5408 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59ad97dff9 code=0x7ffc0000 [ 63.024569][ T29] audit: type=1326 audit(1728905515.001:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5408 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59ad97dff9 code=0x7ffc0000 [ 63.134640][ T29] audit: type=1326 audit(1728905515.001:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5408 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f59ad97dff9 code=0x7ffc0000 [ 63.167264][ T29] audit: type=1326 audit(1728905515.001:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5408 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59ad97dff9 code=0x7ffc0000 [ 63.191166][ T29] audit: type=1326 audit(1728905515.001:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5408 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59ad97dff9 code=0x7ffc0000 [ 63.215107][ T29] audit: type=1326 audit(1728905515.001:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5408 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f59ad97dff9 code=0x7ffc0000 [ 63.237981][ T29] audit: type=1326 audit(1728905515.001:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5408 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59ad97dff9 code=0x7ffc0000 [ 63.261287][ T29] audit: type=1326 audit(1728905515.001:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5408 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59ad97dff9 code=0x7ffc0000 [ 63.549023][ T5422] loop4: detected capacity change from 0 to 128 [ 63.576908][ T5422] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 63.651792][ T5422] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 64.468511][ T5439] loop4: detected capacity change from 0 to 1024 [ 64.566241][ T5417] loop3: detected capacity change from 0 to 32768 [ 64.666520][ T5439] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 64.832910][ T5439] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 64.869979][ T5430] loop0: detected capacity change from 0 to 40427 [ 64.889068][ T5430] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x1fffff [ 64.919464][ T5430] F2FS-fs (loop0): invalid crc value [ 64.962916][ T5430] F2FS-fs (loop0): Found nat_bits in checkpoint [ 65.047683][ T5237] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 65.062925][ T5430] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 65.080746][ T5455] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode [ 65.264432][ T5430] F2FS-fs (loop0): inject dquot initialize in f2fs_dquot_initialize of f2fs_setxattr+0x148/0x320 [ 65.295331][ T5430] overlayfs: failed to create directory ./file0/index (errno: 3); mounting read-only [ 65.325575][ T5430] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 65.468223][ T5248] F2FS-fs (loop0): access invalid blkaddr:2816 [ 65.506384][ T5460] loop4: detected capacity change from 0 to 4096 [ 65.530798][ T5248] CPU: 0 UID: 0 PID: 5248 Comm: syz-executor Not tainted 6.12.0-rc3-next-20241014-syzkaller #0 [ 65.544637][ T5248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 65.557715][ T5248] Call Trace: [ 65.561168][ T5248] [ 65.564378][ T5248] dump_stack_lvl+0x241/0x360 [ 65.569484][ T5248] ? __pfx_dump_stack_lvl+0x10/0x10 [ 65.577172][ T5248] ? __pfx_f2fs_get_dnode_of_data+0x10/0x10 [ 65.584825][ T5248] ? validate_chain+0x11e/0x5920 [ 65.592540][ T5248] __f2fs_is_valid_blkaddr+0xe16/0x1460 [ 65.599897][ T5248] f2fs_map_blocks+0xdd4/0x4f10 [ 65.605644][ T5248] ? mark_lock+0x9a/0x360 [ 65.612136][ T5248] ? __pfx_f2fs_map_blocks+0x10/0x10 [ 65.619940][ T5248] ? xa_load+0x2dd/0x350 [ 65.626294][ T5248] ? __pfx_xa_load+0x10/0x10 [ 65.634178][ T5248] ? cgroup_rstat_updated+0x13b/0xc60 [ 65.642288][ T5248] ? folio_index+0xab/0x350 [ 65.649339][ T5248] f2fs_mpage_readpages+0xcae/0x2140 [ 65.656880][ T5248] ? __pfx_f2fs_mpage_readpages+0x10/0x10 [ 65.664772][ T5248] ? __folio_batch_add_and_move+0x81a/0xf00 [ 65.672585][ T5248] ? __pfx_lock_release+0x10/0x10 [ 65.679984][ T5248] ? rcu_is_watching+0x15/0xb0 [ 65.686307][ T5248] ? f2fs_readahead+0x184/0x340 [ 65.694629][ T5248] read_pages+0x17e/0x840 [ 65.699997][ T5248] ? percpu_ref_put+0x19/0x180 [ 65.704894][ T5248] ? __pfx_read_pages+0x10/0x10 [ 65.710707][ T5248] ? filemap_add_folio+0x26d/0x650 [ 65.716570][ T5248] ? __pfx_filemap_add_folio+0x10/0x10 [ 65.723574][ T5248] page_cache_ra_unbounded+0x774/0x8a0 [ 65.729534][ T5248] f2fs_readdir+0x5b9/0xbf0 [ 65.734434][ T5248] ? __pfx___might_resched+0x10/0x10 [ 65.740859][ T5248] ? __pfx_f2fs_readdir+0x10/0x10 [ 65.746307][ T5248] ? trace_contention_end+0x3c/0x120 [ 65.752568][ T5248] ? iterate_dir+0x20c/0x800 [ 65.757471][ T5248] ? fdget_pos+0x254/0x320 [ 65.761930][ T5248] ? end_current_label_crit_section+0x151/0x180 [ 65.770479][ T5248] ? common_file_perm+0x1a6/0x210 [ 65.776255][ T5248] iterate_dir+0x571/0x800 [ 65.781334][ T5248] __se_sys_getdents64+0x1d3/0x4a0 [ 65.786981][ T5248] ? __pfx___se_sys_getdents64+0x10/0x10 [ 65.793933][ T5248] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 65.800598][ T5248] ? __pfx_filldir64+0x10/0x10 [ 65.806861][ T5248] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 65.817798][ T5248] ? exc_page_fault+0x590/0x8c0 [ 65.823656][ T5248] ? do_syscall_64+0xb6/0x230 [ 65.828492][ T5248] do_syscall_64+0xf3/0x230 [ 65.833738][ T5248] ? clear_bhb_loop+0x35/0x90 [ 65.839414][ T5248] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.845368][ T5248] RIP: 0033:0x7f02d99b0193 [ 65.849789][ T5248] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 42 43 f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8 [ 65.876646][ T5248] RSP: 002b:00007ffebe966b88 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 65.887042][ T5248] RAX: ffffffffffffffda RBX: 0000555570601600 RCX: 00007f02d99b0193 [ 65.897423][ T5248] RDX: 0000000000008000 RSI: 0000555570601600 RDI: 0000000000000005 [ 65.907599][ T5248] RBP: 00005555706015d4 R08: 0000000000000000 R09: 0000000000000000 [ 65.916709][ T5248] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8 [ 65.925379][ T5248] R13: 0000000000000010 R14: 00005555706015d0 R15: 00007ffebe968e30 [ 65.934534][ T5248] [ 65.949238][ T5460] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512). [ 66.031114][ T5441] loop2: detected capacity change from 0 to 32768 [ 66.042339][ T5441] XFS: ikeep mount option is deprecated. [ 66.065963][ T5248] F2FS-fs (loop0): access invalid blkaddr:2816 [ 66.073965][ T5248] CPU: 1 UID: 0 PID: 5248 Comm: syz-executor Not tainted 6.12.0-rc3-next-20241014-syzkaller #0 [ 66.085873][ T5248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 66.098305][ T5248] Call Trace: [ 66.101908][ T5248] [ 66.105002][ T5248] dump_stack_lvl+0x241/0x360 [ 66.110235][ T5248] ? __pfx_dump_stack_lvl+0x10/0x10 [ 66.115838][ T5248] ? __pfx_f2fs_get_dnode_of_data+0x10/0x10 [ 66.121871][ T5248] __f2fs_is_valid_blkaddr+0xe16/0x1460 [ 66.129195][ T5248] f2fs_map_blocks+0xdd4/0x4f10 [ 66.134372][ T5248] ? mark_lock+0x9a/0x360 [ 66.138755][ T5248] ? __pfx_f2fs_map_blocks+0x10/0x10 [ 66.145232][ T5248] ? xa_load+0x2dd/0x350 [ 66.150658][ T5248] ? __pfx_xa_load+0x10/0x10 [ 66.156335][ T5248] ? cgroup_rstat_updated+0x13b/0xc60 [ 66.161947][ T5248] ? folio_index+0xab/0x350 [ 66.166970][ T5248] f2fs_mpage_readpages+0xcae/0x2140 [ 66.173147][ T5248] ? __pfx_f2fs_mpage_readpages+0x10/0x10 [ 66.179786][ T5248] ? __folio_batch_add_and_move+0x81a/0xf00 [ 66.187397][ T5248] ? __pfx_lock_release+0x10/0x10 [ 66.194102][ T5248] ? rcu_is_watching+0x15/0xb0 [ 66.201277][ T5248] ? f2fs_readahead+0x184/0x340 [ 66.208256][ T5248] read_pages+0x17e/0x840 [ 66.212998][ T5248] ? percpu_ref_put+0x19/0x180 [ 66.218507][ T5248] ? __pfx_read_pages+0x10/0x10 [ 66.224347][ T5248] ? filemap_add_folio+0x26d/0x650 [ 66.229714][ T5248] ? __pfx_filemap_add_folio+0x10/0x10 [ 66.235291][ T5248] page_cache_ra_unbounded+0x774/0x8a0 [ 66.240798][ T5248] f2fs_readdir+0x5b9/0xbf0 [ 66.245531][ T5248] ? __pfx___might_resched+0x10/0x10 [ 66.251143][ T5248] ? __pfx_f2fs_readdir+0x10/0x10 [ 66.257875][ T5248] ? trace_contention_end+0x3c/0x120 [ 66.263926][ T5248] ? iterate_dir+0x20c/0x800 [ 66.272898][ T5248] ? fdget_pos+0x254/0x320 [ 66.277530][ T5248] ? end_current_label_crit_section+0x151/0x180 [ 66.284910][ T5248] ? common_file_perm+0x1a6/0x210 [ 66.290268][ T5248] iterate_dir+0x571/0x800 [ 66.294803][ T5248] __se_sys_getdents64+0x1d3/0x4a0 [ 66.301223][ T5248] ? __pfx___se_sys_getdents64+0x10/0x10 [ 66.307407][ T5248] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 66.314835][ T5248] ? __pfx_filldir64+0x10/0x10 [ 66.320430][ T5248] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 66.327080][ T5248] ? exc_page_fault+0x590/0x8c0 [ 66.332324][ T5248] ? do_syscall_64+0xb6/0x230 [ 66.337421][ T5248] do_syscall_64+0xf3/0x230 [ 66.342146][ T5248] ? clear_bhb_loop+0x35/0x90 [ 66.347147][ T5248] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.353347][ T5248] RIP: 0033:0x7f02d99b0193 [ 66.357825][ T5248] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 42 43 f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8 [ 66.379029][ T5248] RSP: 002b:00007ffebe966b88 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 66.390281][ T5248] RAX: ffffffffffffffda RBX: 0000555570601600 RCX: 00007f02d99b0193 [ 66.399446][ T5248] RDX: 0000000000008000 RSI: 0000555570601600 RDI: 0000000000000005 [ 66.409665][ T5248] RBP: 00005555706015d4 R08: 0000000000000000 R09: 0000000000000000 [ 66.418022][ T5248] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8 [ 66.426656][ T5248] R13: 0000000000000010 R14: 00005555706015d0 R15: 00007ffebe968e30 [ 66.435287][ T5248] [ 66.468154][ T5248] syz-executor: attempt to access beyond end of device [ 66.468154][ T5248] loop0: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 66.544996][ T5441] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 66.642048][ T5460] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 66.683928][ T5441] XFS (loop2): Ending clean mount [ 66.708861][ T5441] XFS (loop2): Quotacheck needed: Please wait. [ 66.781055][ T5441] XFS (loop2): Quotacheck: Done. [ 66.909412][ T5248] syz-executor: attempt to access beyond end of device [ 66.909412][ T5248] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 66.926511][ T5248] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 66.933781][ T5248] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 66.955081][ T5243] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 67.075815][ T5478] netlink: 'syz.1.44': attribute type 10 has an invalid length. [ 67.083761][ T5478] netlink: 55 bytes leftover after parsing attributes in process `syz.1.44'. [ 67.360940][ T2520] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.449341][ T5488] loop4: detected capacity change from 0 to 2048 [ 67.771015][ T5488] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 67.936877][ T5257] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 67.956370][ T5257] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 67.974146][ T5257] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 67.993691][ T5257] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 68.069057][ T5257] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 68.081679][ T5257] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 68.202928][ T2520] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.211198][ T5237] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.307274][ T5509] loop4: detected capacity change from 0 to 128 [ 68.414307][ T2520] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.683916][ T2520] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.854653][ T5291] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 69.014845][ T5291] usb 3-1: Using ep0 maxpacket: 32 [ 69.038913][ T5291] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 69.069485][ T5291] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.130094][ T5513] loop4: detected capacity change from 0 to 40427 [ 69.147448][ T5513] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x1fffff [ 69.158345][ T5513] F2FS-fs (loop4): heap/no_heap options were deprecated [ 69.166902][ T5513] F2FS-fs (loop4): Image doesn't support compression [ 69.180485][ T5291] usb 3-1: config 0 descriptor?? [ 69.196982][ T2520] bridge_slave_1: left allmulticast mode [ 69.205475][ T5513] F2FS-fs (loop4): invalid crc value [ 69.220528][ T5513] F2FS-fs (loop4): Found nat_bits in checkpoint [ 69.226683][ T5291] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 69.233705][ T2520] bridge_slave_1: left promiscuous mode [ 69.259025][ T2520] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.297699][ T2520] bridge_slave_0: left allmulticast mode [ 69.307509][ T5513] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 69.313703][ T2520] bridge_slave_0: left promiscuous mode [ 69.331374][ T2520] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.383006][ T5513] F2FS-fs (loop4): inject kmalloc in f2fs_kmalloc of __se_sys_ioctl+0xf9/0x170 [ 69.411337][ T5507] loop3: detected capacity change from 0 to 40427 [ 69.462934][ T5507] F2FS-fs (loop3): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 69.489391][ T5507] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 69.495287][ T5237] syz-executor: attempt to access beyond end of device [ 69.495287][ T5237] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 69.506948][ T5507] F2FS-fs (loop3): invalid crc value [ 69.517159][ T5237] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 69.527437][ T5237] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 69.599320][ T5507] F2FS-fs (loop3): Found nat_bits in checkpoint [ 69.723101][ T5507] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 69.731205][ T5507] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 69.801571][ T5507] syz.3.55: attempt to access beyond end of device [ 69.801571][ T5507] loop3: rw=2051, sector=36912, nr_sectors = 8144 limit=40427 [ 69.820610][ T5507] syz.3.55: attempt to access beyond end of device [ 69.820610][ T5507] loop3: rw=2051, sector=45096, nr_sectors = 20440 limit=40427 [ 69.870581][ T5507] F2FS-fs (loop3): Issue discard(4614, 4614, 1018) failed, ret: -5 [ 69.896577][ T5507] F2FS-fs (loop3): Issue discard(5637, 5637, 2555) failed, ret: -5 [ 70.134624][ T5257] Bluetooth: hci4: command tx timeout [ 70.255480][ T5291] gspca_nw80x: reg_w err -71 [ 70.261534][ T5291] nw80x 3-1:0.0: probe with driver nw80x failed with error -71 [ 70.274173][ T5291] usb 3-1: USB disconnect, device number 2 [ 70.320044][ T2520] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 70.345742][ T2520] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 70.361897][ T2520] bond0 (unregistering): Released all slaves [ 70.689440][ T5500] chnl_net:caif_netlink_parms(): no params data found [ 71.031169][ T5539] loop3: detected capacity change from 0 to 8192 [ 71.083830][ T5539] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 71.540142][ T5500] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.572417][ T5500] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.617385][ T5500] bridge_slave_0: entered allmulticast mode [ 71.637967][ T5500] bridge_slave_0: entered promiscuous mode [ 71.743845][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.755046][ T5500] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.764558][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.825423][ T5500] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.832783][ T5500] bridge_slave_1: entered allmulticast mode [ 71.904580][ T5500] bridge_slave_1: entered promiscuous mode [ 72.070195][ T5547] loop2: detected capacity change from 0 to 32768 [ 72.228075][ T5257] Bluetooth: hci4: command tx timeout [ 72.266331][ T5576] syz.3.70 uses obsolete (PF_INET,SOCK_PACKET) [ 72.276658][ T5547] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 72.374100][ T2520] hsr_slave_0: left promiscuous mode [ 72.382291][ T2520] hsr_slave_1: left promiscuous mode [ 72.424055][ T2520] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 72.450079][ T2520] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 72.524756][ T2520] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 72.533263][ T2520] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 72.576435][ T2520] veth1_macvtap: left promiscuous mode [ 72.582716][ T2520] veth0_macvtap: left promiscuous mode [ 72.588668][ T2520] veth1_vlan: left promiscuous mode [ 72.594258][ T2520] veth0_vlan: left promiscuous mode [ 72.614131][ T5547] XFS (loop2): Ending clean mount [ 72.622079][ T5547] XFS (loop2): Quotacheck needed: Please wait. [ 72.669333][ T5547] XFS (loop2): Quotacheck: Done. [ 72.743791][ T5568] loop4: detected capacity change from 0 to 40427 [ 72.816000][ T5568] F2FS-fs (loop4): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 72.823996][ T5568] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 72.847633][ T5568] F2FS-fs (loop4): invalid crc value [ 72.849041][ T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 72.877125][ T5568] F2FS-fs (loop4): Found nat_bits in checkpoint [ 72.948593][ T5243] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 72.973439][ T5568] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 72.980937][ T5568] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 73.034579][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 73.054672][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 73.083204][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 73.144730][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 73.195913][ T9] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 73.231427][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 73.247714][ T5237] syz-executor: attempt to access beyond end of device [ 73.247714][ T5237] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 73.264123][ T5237] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 73.285511][ T9] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 73.297885][ T9] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 73.308931][ T9] usb 2-1: Manufacturer: syz [ 73.317249][ T9] usb 2-1: config 0 descriptor?? [ 73.604569][ T9] rc_core: IR keymap rc-hauppauge not found [ 73.611491][ T9] Registered IR keymap rc-empty [ 73.638310][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 73.685711][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 73.741019][ T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 73.763781][ T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input5 [ 73.817242][ T2520] team0 (unregistering): Port device team_slave_1 removed [ 73.840512][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 73.876564][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 73.909808][ T2520] team0 (unregistering): Port device team_slave_0 removed [ 73.920947][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 73.961839][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 74.005251][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 74.045043][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 74.074947][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 74.104685][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 74.126053][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 74.156279][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 74.179031][ T9] mceusb 2-1:0.0: Registered with mce emulator interface version 1 [ 74.190975][ T9] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 74.242529][ T9] usb 2-1: USB disconnect, device number 2 [ 74.288758][ T5257] Bluetooth: hci4: command tx timeout [ 74.367670][ T5598] loop4: detected capacity change from 0 to 4096 [ 74.378078][ T5598] ======================================================= [ 74.378078][ T5598] WARNING: The mand mount option has been deprecated and [ 74.378078][ T5598] and is ignored by this kernel. Remove the mand [ 74.378078][ T5598] option from the mount to silence this warning. [ 74.378078][ T5598] ======================================================= [ 74.877983][ T5603] loop1: detected capacity change from 0 to 1024 [ 74.999362][ T5500] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.122157][ T5500] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.235984][ T5608] loop4: detected capacity change from 0 to 1024 [ 75.248661][ T5605] C: renamed from team_slave_0 (while UP) [ 75.305904][ T5605] netlink: 'syz.2.80': attribute type 1 has an invalid length. [ 75.331672][ T5605] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 75.335945][ T5608] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.493471][ T5500] team0: Port device team_slave_0 added [ 75.539043][ T5500] team0: Port device team_slave_1 added [ 75.627319][ T5608] support for the xor transformation has been removed. [ 75.701154][ T5500] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.747395][ T5500] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.838223][ T5500] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.858863][ T5500] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.872990][ T5500] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.924965][ T5237] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.943306][ T5500] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.976705][ T5627] loop2: detected capacity change from 0 to 4096 [ 76.188804][ T5629] loop3: detected capacity change from 0 to 32768 [ 76.231125][ T5629] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.86 (5629) [ 76.241524][ T5500] hsr_slave_0: entered promiscuous mode [ 76.364715][ T5257] Bluetooth: hci4: command tx timeout [ 76.465196][ T5500] hsr_slave_1: entered promiscuous mode [ 76.472287][ T5500] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 76.481140][ T5500] Cannot create hsr debugfs directory [ 76.604770][ T5631] loop1: detected capacity change from 0 to 32768 [ 76.670047][ T5629] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 76.713457][ T5629] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 76.745941][ T5629] BTRFS info (device loop3): using free-space-tree [ 76.747885][ T5631] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 76.819514][ T5631] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 77.033965][ T2855] cfg80211: failed to load regulatory.db [ 77.163034][ T5631] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 1ms [ 77.256984][ T937] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 77.300934][ T937] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 77.448841][ T5629] BTRFS warning (device loop3): failed to trim 1 block group(s), last error -512 [ 77.517043][ T937] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 216ms [ 77.532846][ T5671] netlink: 'syz.2.91': attribute type 1 has an invalid length. [ 77.548614][ T937] gfs2: fsid=syz:syz.0: jid=0: Done [ 77.594842][ T5631] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 77.687499][ T5629] BTRFS warning (device loop3): failed to trim 1 device(s), last error -512 [ 77.698831][ T5643] loop4: detected capacity change from 0 to 32768 [ 77.776165][ T5236] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 77.820595][ T5643] XFS (loop4): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 78.034359][ T5643] XFS (loop4): Ending clean mount [ 78.063621][ T5643] XFS (loop4): Quotacheck needed: Please wait. [ 78.170435][ T5643] XFS (loop4): Quotacheck: Done. [ 78.299593][ T5500] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 78.415156][ T5500] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 78.442438][ T5500] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 78.471806][ T5237] XFS (loop4): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 78.503164][ T5500] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 78.599569][ T5703] netlink: 28 bytes leftover after parsing attributes in process `syz.3.97'. [ 78.625317][ T5703] netlink: 28 bytes leftover after parsing attributes in process `syz.3.97'. [ 78.958617][ T5500] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.048706][ T5500] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.098928][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.106140][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.191526][ T1833] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.201695][ T1833] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.211010][ T5714] Driver unsupported XDP return value 0 on prog (id 7) dev N/A, expect packet loss! [ 79.797397][ T5706] loop2: detected capacity change from 0 to 32768 [ 79.813682][ T5729] loop3: detected capacity change from 0 to 1024 [ 79.838822][ T5706] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.98 (5706) [ 79.929958][ T5706] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 79.975722][ T5706] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 80.032832][ T5706] BTRFS info (device loop2): disk space caching is enabled [ 80.072451][ T5500] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.101712][ T5706] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 80.162737][ T12] hfsplus: b-tree write err: -5, ino 4 [ 80.370148][ T5500] veth0_vlan: entered promiscuous mode [ 80.433054][ T5500] veth1_vlan: entered promiscuous mode [ 80.490974][ T5500] veth0_macvtap: entered promiscuous mode [ 80.506064][ T5500] veth1_macvtap: entered promiscuous mode [ 80.562808][ T5500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.565514][ T5706] BTRFS info (device loop2): rebuilding free space tree [ 80.615068][ T5500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.682389][ T5763] loop1: detected capacity change from 0 to 512 [ 80.690724][ T5500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.734900][ T5500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.766392][ T5763] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 80.789845][ T5765] loop3: detected capacity change from 0 to 4096 [ 80.794750][ T5500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.802178][ T5716] loop4: detected capacity change from 0 to 32768 [ 80.810648][ T5763] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 80.829914][ T5765] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512). [ 80.890243][ T5500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.897870][ T5706] BTRFS info (device loop2): disabling free space tree [ 80.906980][ T5500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.944117][ T5500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.949314][ T5763] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002] [ 80.970099][ T5500] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.983957][ T5706] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 80.999227][ T5706] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 81.021863][ T5500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.033245][ T5500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.052683][ T5500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.063925][ T5500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.066091][ T5763] System zones: [ 81.074946][ T5500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.092666][ T5500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.114592][ T5500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.118787][ T5763] 1-12 [ 81.158072][ T5716] JBD2: Ignoring recovery information on journal [ 81.168184][ T5763] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2863: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 81.209990][ T5500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.234921][ T5716] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 81.248189][ T5763] EXT4-fs (loop1): 1 truncate cleaned up [ 81.259451][ T5500] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.276201][ T5763] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.379224][ T5500] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.454061][ T5500] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.508528][ T5500] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.545861][ T5763] EXT4-fs error (device loop1): ext4_expand_extra_isize_ea:2813: inode #15: comm syz.1.109: corrupted xattr block 33: invalid header [ 81.561549][ T5500] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.642913][ T5763] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2977: inode #15: comm syz.1.109: corrupted xattr block 33: invalid header [ 81.748461][ T5790] loop3: detected capacity change from 0 to 512 [ 81.789341][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.814716][ T5763] EXT4-fs warning (device loop1): ext4_evict_inode:276: xattr delete (err -117) [ 81.824070][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.840485][ T5243] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 81.864004][ T5790] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 81.890438][ T5237] ocfs2: Unmounting device (7,4) on (node local) [ 81.936291][ T5790] EXT4-fs (loop3): 1 truncate cleaned up [ 81.942149][ T2484] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.960910][ T2484] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.982970][ T5790] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.055548][ T5235] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.374905][ T5236] EXT4-fs error (device loop3): ext4_lookup:1813: inode #11: comm syz-executor: iget: bad extra_isize 46 (inode size 256) [ 82.737951][ T5802] loop4: detected capacity change from 0 to 40427 [ 82.870207][ T5798] loop1: detected capacity change from 0 to 40427 [ 82.893706][ T5236] EXT4-fs error (device loop3): ext4_lookup:1813: inode #11: comm syz-executor: iget: bad extra_isize 46 (inode size 256) [ 82.950055][ T5798] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 82.957695][ T5798] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 82.988016][ T5802] F2FS-fs (loop4): invalid crc value [ 83.013660][ T5798] F2FS-fs (loop1): build fault injection attr: rate: 17008, type: 0x1fffff [ 83.026040][ T5798] F2FS-fs (loop1): build fault injection attr: rate: 0, type: 0x6 [ 83.060992][ T5798] F2FS-fs (loop1): invalid crc value [ 83.082406][ T5802] F2FS-fs (loop4): Found nat_bits in checkpoint [ 83.106781][ T5798] F2FS-fs (loop1): Found nat_bits in checkpoint [ 83.282447][ T5802] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 83.312004][ T5236] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.353949][ T5798] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 83.383994][ T5798] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 83.400689][ T5236] syz-executor (5236) used greatest stack depth: 19248 bytes left [ 83.432498][ T5802] syz.4.113: attempt to access beyond end of device [ 83.432498][ T5802] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 83.473463][ T5802] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 83.490516][ T5802] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 83.573392][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.636416][ T5798] syz.1.115: attempt to access beyond end of device [ 83.636416][ T5798] loop1: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 83.685422][ T5827] netlink: 32 bytes leftover after parsing attributes in process `syz.2.119'. [ 83.701754][ T5827] (unnamed net_device) (uninitialized): option ad_select: invalid value (36) [ 83.735898][ T5827] Zero length message leads to an empty skb [ 83.843199][ T5235] syz-executor: attempt to access beyond end of device [ 83.843199][ T5235] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 83.868904][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.904677][ T5235] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 84.020555][ T5840] pim6reg: entered allmulticast mode [ 84.136836][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.215571][ T5843] pim6reg: left allmulticast mode [ 84.504730][ T2855] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 84.514149][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.605106][ T5250] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.640312][ T5250] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.690523][ T5250] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 84.707795][ T5250] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 84.725577][ T5250] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 84.736432][ T5250] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 84.974900][ T5874] loop1: detected capacity change from 0 to 64 [ 85.037651][ T2855] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 85.049358][ T2855] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 85.059443][ T2855] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 85.069179][ T2855] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.078023][ T5874] BFS-fs: bfs_readdir(): Bad f_pos=0000000c for loop1:00000002 [ 85.115579][ T5846] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 85.161600][ T2855] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 85.238725][ T12] bridge_slave_1: left allmulticast mode [ 85.253599][ T12] bridge_slave_1: left promiscuous mode [ 85.266581][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.337646][ T12] bridge_slave_0: left allmulticast mode [ 85.343477][ T12] bridge_slave_0: left promiscuous mode [ 85.353624][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.649113][ T937] usb 3-1: USB disconnect, device number 3 [ 85.676935][ T5885] loop1: detected capacity change from 0 to 32768 [ 85.828732][ T5885] JBD2: Ignoring recovery information on journal [ 85.872900][ T5885] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 85.946735][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 85.946753][ T29] audit: type=1800 audit(1728905537.981:17): pid=5885 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.133" name="file0" dev="loop1" ino=17058 res=0 errno=0 [ 86.100918][ T5235] ocfs2: Unmounting device (7,1) on (node local) [ 86.704860][ T937] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 86.771348][ T5904] loop1: detected capacity change from 0 to 2048 [ 86.781072][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 86.801992][ T5904] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 86.818917][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 86.844879][ T5250] Bluetooth: hci1: command tx timeout [ 86.862956][ T5904] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 86.876726][ T12] bond0 (unregistering): Released all slaves [ 86.904569][ T937] usb 3-1: Using ep0 maxpacket: 8 [ 86.915796][ T937] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 86.935992][ T937] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 86.990238][ T937] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 87.020672][ T937] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 87.075534][ T937] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 87.099830][ T5897] loop4: detected capacity change from 0 to 32768 [ 87.107472][ T937] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.306058][ T937] hub 3-1:1.0: bad descriptor, ignoring hub [ 87.312069][ T937] hub 3-1:1.0: probe with driver hub failed with error -5 [ 87.331114][ T937] cdc_wdm 3-1:1.0: skipping garbage [ 87.345185][ T937] cdc_wdm 3-1:1.0: skipping garbage [ 87.356669][ T937] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 87.362871][ T937] cdc_wdm 3-1:1.0: Unknown control protocol [ 87.411105][ T5906] loop0: detected capacity change from 0 to 40427 [ 87.460305][ T5897] XFS (loop4): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 87.463451][ T5906] F2FS-fs (loop0): heap/no_heap options were deprecated [ 87.481477][ T5906] F2FS-fs (loop0): invalid crc value [ 87.483634][ T5852] chnl_net:caif_netlink_parms(): no params data found [ 87.496780][ T5906] F2FS-fs (loop0): Found nat_bits in checkpoint [ 87.554609][ T5290] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 87.562809][ T5906] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 87.595687][ T5897] XFS (loop4): Ending clean mount [ 87.605686][ T5897] XFS (loop4): Quotacheck needed: Please wait. [ 87.737046][ T5897] XFS (loop4): Quotacheck: Done. [ 87.754646][ T5290] usb 2-1: Using ep0 maxpacket: 32 [ 87.767726][ T5290] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 87.789049][ T5500] syz-executor: attempt to access beyond end of device [ 87.789049][ T5500] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 87.794690][ T5290] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 87.813821][ T5500] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 87.827315][ T5500] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 87.853623][ T5290] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 87.874643][ T5290] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 87.896724][ T12] hsr_slave_0: left promiscuous mode [ 87.897174][ T5290] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 87.924945][ T12] hsr_slave_1: left promiscuous mode [ 87.940407][ T5237] XFS (loop4): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 87.943042][ T5290] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 87.969817][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 87.994559][ T5290] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 87.994768][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 88.003637][ T5290] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.019265][ T5290] usb 2-1: config 0 descriptor?? [ 88.050291][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 88.084582][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 88.152964][ T5900] usb 3-1: reset high-speed USB device number 4 using dummy_hcd [ 88.188501][ T12] veth1_macvtap: left promiscuous mode [ 88.195485][ T12] veth0_macvtap: left promiscuous mode [ 88.201188][ T12] veth1_vlan: left promiscuous mode [ 88.216476][ T12] veth0_vlan: left promiscuous mode [ 88.553775][ T5290] usblp 2-1:0.0: usblp1: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 88.613997][ T5290] usb 2-1: USB disconnect, device number 3 [ 88.657455][ T5290] usblp1: removed [ 88.864981][ T2855] usb 3-1: USB disconnect, device number 4 [ 88.937812][ T5250] Bluetooth: hci1: command tx timeout [ 89.213251][ T5949] mmap: syz.0.148 (5949) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 89.405540][ T12] team0 (unregistering): Port device team_slave_1 removed [ 89.599467][ T12] team0 (unregistering): Port device team_slave_0 removed [ 89.710546][ T5958] loop1: detected capacity change from 0 to 4096 [ 90.243691][ T5960] loop2: detected capacity change from 0 to 32768 [ 90.301470][ T5960] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 90.335565][ T5971] loop1: detected capacity change from 0 to 4096 [ 90.467480][ T5960] XFS (loop2): Ending clean mount [ 90.493320][ T5960] XFS (loop2): Quotacheck needed: Please wait. [ 90.593182][ T5960] XFS (loop2): Quotacheck: Done. [ 90.679127][ T29] audit: type=1800 audit(1728905542.691:18): pid=5960 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.152" name="file1" dev="loop2" ino=9286 res=0 errno=0 [ 90.741137][ T5243] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 90.815325][ T29] audit: type=1326 audit(1728905542.841:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5984 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f973c17dff9 code=0x7ffc0000 [ 90.838073][ T29] audit: type=1326 audit(1728905542.841:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5984 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f973c17dff9 code=0x7ffc0000 [ 90.890316][ T29] audit: type=1326 audit(1728905542.921:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5984 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f973c17dff9 code=0x7ffc0000 [ 90.922090][ T29] audit: type=1326 audit(1728905542.921:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5984 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f973c17dff9 code=0x7ffc0000 [ 90.997491][ T29] audit: type=1326 audit(1728905542.921:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5984 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f973c17dff9 code=0x7ffc0000 [ 91.004685][ T5250] Bluetooth: hci1: command tx timeout [ 91.084954][ T29] audit: type=1326 audit(1728905542.951:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5984 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f973c17dff9 code=0x7ffc0000 [ 91.128959][ T29] audit: type=1326 audit(1728905542.991:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5984 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f973c17dff9 code=0x7ffc0000 [ 91.153211][ T29] audit: type=1326 audit(1728905542.991:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5984 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f973c17dff9 code=0x7ffc0000 [ 91.175512][ T29] audit: type=1326 audit(1728905542.991:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5984 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f973c17dff9 code=0x7ffc0000 [ 91.198021][ T29] audit: type=1326 audit(1728905542.991:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5984 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f973c17dff9 code=0x7ffc0000 [ 91.220339][ T29] audit: type=1326 audit(1728905543.001:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5984 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=179 compat=0 ip=0x7f973c17dff9 code=0x7ffc0000 [ 91.242882][ T29] audit: type=1326 audit(1728905543.001:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5984 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f973c17dff9 code=0x7ffc0000 [ 91.254004][ T5993] loop2: detected capacity change from 0 to 2048 [ 91.315500][ T5993] NILFS (loop2): invalid segment: Magic number mismatch [ 91.322619][ T5993] NILFS (loop2): trying rollback from an earlier position [ 91.382905][ T5993] NILFS (loop2): recovery complete [ 91.427453][ T5996] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 91.889823][ T6022] netlink: 104 bytes leftover after parsing attributes in process `syz.0.171'. [ 91.991304][ T6028] loop4: detected capacity change from 0 to 64 [ 92.036633][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.057644][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.099928][ T5852] bridge_slave_0: entered allmulticast mode [ 92.121338][ T5852] bridge_slave_0: entered promiscuous mode [ 92.146440][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.149721][ T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 92.200482][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.229816][ T5852] bridge_slave_1: entered allmulticast mode [ 92.245134][ T5852] bridge_slave_1: entered promiscuous mode [ 92.324575][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 92.343895][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 92.359678][ T9] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 92.366260][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.378171][ T9] usb 2-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00 [ 92.397631][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.430698][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.482738][ T9] usb 2-1: config 0 descriptor?? [ 92.572351][ T5852] team0: Port device team_slave_0 added [ 92.594851][ T5852] team0: Port device team_slave_1 added [ 92.676641][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.694900][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.727206][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.750157][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.766573][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.770132][ T25] usb 2-1: USB disconnect, device number 4 [ 92.861215][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.952628][ T5852] hsr_slave_0: entered promiscuous mode [ 92.972045][ T5852] hsr_slave_1: entered promiscuous mode [ 92.992218][ T5852] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.009634][ T5852] Cannot create hsr debugfs directory [ 93.084710][ T5250] Bluetooth: hci1: command tx timeout [ 93.528055][ T6069] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 93.616276][ T6072] loop0: detected capacity change from 0 to 256 [ 93.671620][ T6072] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 93.697619][ T6074] loop1: detected capacity change from 0 to 2048 [ 93.763604][ T6074] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 93.837385][ T29] audit: type=1804 audit(1728905545.871:31): pid=6074 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.186" name="/newroot/45/file0/file1" dev="loop1" ino=15 res=1 errno=0 [ 93.947573][ T5235] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.010429][ T6079] netlink: 8 bytes leftover after parsing attributes in process `syz.4.187'. [ 94.033489][ T6086] loop1: detected capacity change from 0 to 8 [ 94.055695][ T6086] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 94.469923][ T6102] loop1: detected capacity change from 0 to 2048 [ 94.571618][ T6111] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 94.630821][ T29] audit: type=1800 audit(1728905546.661:32): pid=6102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.194" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 94.651365][ T9] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 94.688378][ T5852] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.728499][ T5852] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.755798][ T6111] NILFS (loop1): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 94.765864][ T5852] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.794619][ T6111] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=4) [ 94.825202][ T5852] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.830201][ T6111] Remounting filesystem read-only [ 94.839096][ T9] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 94.866407][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 94.880536][ T5235] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer [ 94.902417][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 94.941782][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 95.008837][ T9] usb 3-1: New USB device found, idVendor=057e, idProduct=2009, bcdDevice= 0.00 [ 95.042594][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.083904][ T9] usb 3-1: config 0 descriptor?? [ 95.138669][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.203112][ T5852] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.231695][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.239018][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.263246][ T6126] ALSA: mixer_oss: invalid OSS volume '˛}8ző§00000' [ 95.367434][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.374650][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.527823][ T9] nintendo 0003:057E:2009.0002: unknown main item tag 0x0 [ 95.565108][ T9] nintendo 0003:057E:2009.0002: unknown main item tag 0x0 [ 95.584677][ T9] nintendo 0003:057E:2009.0002: item fetching failed at offset 2/5 [ 95.603327][ T9] nintendo 0003:057E:2009.0002: HID parse failed [ 95.627690][ T9] nintendo 0003:057E:2009.0002: probe - fail = -22 [ 95.634337][ T9] nintendo 0003:057E:2009.0002: probe with driver nintendo failed with error -22 [ 95.703939][ T6137] loop1: detected capacity change from 0 to 256 [ 95.774224][ T9] usb 3-1: USB disconnect, device number 5 [ 95.808488][ T6137] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x0b0ca5f0, utbl_chksum : 0xe619d30d) [ 96.052984][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.091445][ T6115] loop4: detected capacity change from 0 to 40427 [ 96.129069][ T6115] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 96.156127][ T6119] loop0: detected capacity change from 0 to 32768 [ 96.165658][ T6115] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 96.179552][ T5852] veth0_vlan: entered promiscuous mode [ 96.219631][ T5852] veth1_vlan: entered promiscuous mode [ 96.226203][ T6119] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.200 (6119) [ 96.256637][ T6115] F2FS-fs (loop4): invalid crc value [ 96.293150][ T6115] F2FS-fs (loop4): Found nat_bits in checkpoint [ 96.303547][ T6119] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 96.322951][ T5852] veth0_macvtap: entered promiscuous mode [ 96.332064][ T6119] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 96.365656][ T5852] veth1_macvtap: entered promiscuous mode [ 96.384437][ T6119] BTRFS info (device loop0): using free-space-tree [ 96.434407][ T5852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.456558][ T5852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.466983][ T5852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.478123][ T5852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.489491][ T5852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.511410][ T6115] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 96.535433][ T6115] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 96.576486][ T5852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.608040][ T5852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.633375][ T5852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.675970][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.677946][ T5237] syz-executor: attempt to access beyond end of device [ 96.677946][ T5237] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 96.695994][ T5852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.710657][ T5852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.721325][ T5852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.732430][ T5852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.744220][ T5852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.755211][ T5852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.765893][ T5237] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 96.773493][ T5852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.795767][ T5852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.843251][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.900725][ T5852] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.923305][ T5852] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.982129][ T5852] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.017102][ T2484] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 97.034922][ T5852] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.160345][ T5500] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 97.514068][ T6180] loop2: detected capacity change from 0 to 40427 [ 97.531657][ T6180] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 97.557128][ T6180] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 97.584132][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.609129][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.628473][ T6180] F2FS-fs (loop2): invalid crc value [ 97.657568][ T6180] F2FS-fs (loop2): Found nat_bits in checkpoint [ 97.704265][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.733573][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.897904][ T6180] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 97.924612][ T6180] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 98.083652][ T6180] syz.2.209: attempt to access beyond end of device [ 98.083652][ T6180] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 98.267416][ T35] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 98.333072][ T35] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 98.408328][ T6203] netlink: 20 bytes leftover after parsing attributes in process `syz.4.218'. [ 98.650487][ T6187] loop1: detected capacity change from 0 to 32768 [ 98.685538][ T6187] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.212 (6187) [ 98.733303][ T6187] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 98.773594][ T6187] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 98.836149][ T6187] BTRFS info (device loop1): using free-space-tree [ 99.403799][ T5235] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 99.451255][ T6243] netlink: 172 bytes leftover after parsing attributes in process `syz.2.216'. [ 99.451990][ T6242] loop3: detected capacity change from 0 to 2048 [ 99.572388][ T6242] Alternate GPT is invalid, using primary GPT. [ 99.594704][ T6242] loop3: p1 p2 p3 [ 99.920138][ T6207] loop4: detected capacity change from 0 to 32768 [ 100.006713][ T6207] XFS (loop4): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 100.071152][ T6207] XFS (loop4): Ending clean mount [ 100.219992][ T5237] XFS (loop4): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 100.621282][ T5239] udevd[5239]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 100.632078][ T6245] loop0: detected capacity change from 0 to 40427 [ 100.714837][ T6245] F2FS-fs (loop0): Found nat_bits in checkpoint [ 100.744982][ T6273] warning: `syz.4.232' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 100.786229][ T6245] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 100.950880][ T5500] syz-executor: attempt to access beyond end of device [ 100.950880][ T5500] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 100.980619][ T6283] netlink: 16 bytes leftover after parsing attributes in process `syz.3.238'. [ 100.983767][ T6281] loop2: detected capacity change from 0 to 64 [ 100.994739][ T5500] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 101.024917][ T6283] netlink: 16 bytes leftover after parsing attributes in process `syz.3.238'. [ 101.425764][ T6266] loop1: detected capacity change from 0 to 32768 [ 101.518078][ T6285] loop4: detected capacity change from 0 to 32768 [ 101.609012][ T6266] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 101.640513][ T6285] (syz.4.240,6285,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 101.796105][ T6285] (syz.4.240,6285,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 101.978918][ T6285] JBD2: Ignoring recovery information on journal [ 102.045749][ T6285] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 102.056938][ T6266] XFS (loop1): Ending clean mount [ 102.123558][ T6266] XFS (loop1): Quotacheck needed: Please wait. [ 102.174363][ T6266] XFS (loop1): Quotacheck: Done. [ 102.204811][ T5291] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 102.294122][ T5235] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 102.407261][ T5291] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 102.419279][ T5291] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 102.433952][ T5291] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.456334][ T5291] usb 3-1: config 0 descriptor?? [ 102.513594][ T5291] pwc: Askey VC010 type 2 USB webcam detected. [ 102.581952][ T5237] ocfs2: Unmounting device (7,4) on (node local) [ 102.749840][ T5291] pwc: send_video_command error -71 [ 102.772318][ T5291] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 102.797226][ T5291] Philips webcam 3-1:0.0: probe with driver Philips webcam failed with error -71 [ 102.847798][ T5291] usb 3-1: USB disconnect, device number 6 [ 103.159060][ T6340] input: syz1 as /devices/virtual/input/input6 [ 103.293311][ T6331] loop3: detected capacity change from 0 to 32768 [ 103.299176][ T5291] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 103.332777][ T6331] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.257 (6331) [ 103.373759][ T6331] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 103.396288][ T6331] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 103.413808][ T6331] BTRFS info (device loop3): using free-space-tree [ 103.477040][ T5291] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 103.509161][ T5291] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 103.569161][ T5291] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.624975][ T5291] usb 3-1: config 0 descriptor?? [ 103.634122][ T6338] loop4: detected capacity change from 0 to 32768 [ 103.658338][ T6338] JBD2: Ignoring recovery information on journal [ 103.679876][ T29] audit: type=1800 audit(1728905555.711:33): pid=6331 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.257" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 103.733435][ T5291] pwc: Askey VC010 type 2 USB webcam detected. [ 103.797736][ T6338] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 104.048545][ T5237] ocfs2: Unmounting device (7,4) on (node local) [ 104.236219][ T5852] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 104.337501][ T5291] pwc: recv_control_msg error -71 req 02 val 2700 [ 104.346197][ T5291] pwc: recv_control_msg error -71 req 02 val 2c00 [ 104.356279][ T5291] pwc: recv_control_msg error -71 req 04 val 1000 [ 104.365022][ T5291] pwc: recv_control_msg error -71 req 04 val 1300 [ 104.395207][ T5291] pwc: recv_control_msg error -71 req 04 val 1400 [ 104.407323][ T5291] pwc: recv_control_msg error -71 req 02 val 2000 [ 104.414375][ T5291] pwc: recv_control_msg error -71 req 02 val 2100 [ 104.421920][ T5291] pwc: recv_control_msg error -71 req 04 val 1500 [ 104.443669][ T5291] pwc: recv_control_msg error -71 req 02 val 2500 [ 104.461786][ T5291] pwc: recv_control_msg error -71 req 02 val 2400 [ 104.497118][ T5291] pwc: recv_control_msg error -71 req 02 val 2600 [ 104.511152][ T5291] pwc: recv_control_msg error -71 req 02 val 2900 [ 104.523825][ T5291] pwc: recv_control_msg error -71 req 02 val 2800 [ 104.536362][ T5291] pwc: recv_control_msg error -71 req 04 val 1100 [ 104.546135][ T5291] pwc: recv_control_msg error -71 req 04 val 1200 [ 104.563662][ T5291] pwc: Registered as video71. [ 104.572901][ T5291] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input7 [ 104.587654][ T5291] usb 3-1: USB disconnect, device number 7 [ 105.274054][ T6395] loop0: detected capacity change from 0 to 8192 [ 105.307405][ T6412] loop2: detected capacity change from 0 to 256 [ 105.423673][ T6411] loop3: detected capacity change from 0 to 1024 [ 105.489841][ T6411] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 105.541359][ T6411] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 105.565687][ T6411] EXT4-fs (loop3): orphan cleanup on readonly fs [ 105.577331][ T6416] loop1: detected capacity change from 0 to 64 [ 105.584606][ T6411] EXT4-fs error (device loop3): ext4_free_blocks:6589: comm syz.3.275: Freeing blocks not in datazone - block = 0, count = 4096 [ 105.606322][ T6411] EXT4-fs (loop3): 1 orphan inode deleted [ 105.614524][ T6411] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 105.810869][ T6424] loop4: detected capacity change from 0 to 64 [ 105.839568][ T5852] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.925154][ T5291] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 105.927385][ T6429] loop1: detected capacity change from 0 to 64 [ 106.075689][ T6432] netlink: 4 bytes leftover after parsing attributes in process `syz.3.283'. [ 106.096043][ T29] audit: type=1800 audit(1728905558.101:34): pid=6429 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.285" name=D54AE4933AD529888FDAC7BB8A70C72BC0FC81BA06506F2D5BC7686E219BBE5283959CBEF9950E071CB6D9F341FC624A5110341F26CEBD71 dev="loop1" ino=22 res=0 errno=0 [ 106.106400][ T5291] usb 3-1: Using ep0 maxpacket: 16 [ 106.165547][ T5291] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 106.204023][ T5291] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 106.238716][ T5291] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 106.303894][ T5291] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice= 0.00 [ 106.335526][ T5291] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.370360][ T5291] usb 3-1: config 0 descriptor?? [ 106.564749][ T6446] af_packet: packet_mmap: vma is busy: 1 [ 106.799193][ T6454] loop0: detected capacity change from 0 to 8 [ 106.820485][ T5291] input: HID 0955:7214 Haptics as /devices/virtual/input/input8 [ 107.059720][ T5291] shield 0003:0955:7214.0003: Registered Thunderstrike controller [ 107.068315][ T5291] shield 0003:0955:7214.0003: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0 [ 107.081450][ T6460] syzkaller1: entered promiscuous mode [ 107.094920][ T6462] netlink: 12 bytes leftover after parsing attributes in process `syz.0.298'. [ 107.111281][ T6460] syzkaller1: entered allmulticast mode [ 107.157515][ T46] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 107.193692][ T5291] usb 3-1: USB disconnect, device number 8 [ 107.200201][ T46] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 107.231386][ T46] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 107.239794][ T6436] loop1: detected capacity change from 0 to 32768 [ 107.254389][ T5291] ------------[ cut here ]------------ [ 107.260809][ T5291] WARNING: CPU: 1 PID: 5291 at drivers/thermal/thermal_thresholds.c:28 thermal_thresholds_flush+0x1ff/0x230 [ 107.272948][ T5291] Modules linked in: [ 107.277231][ T5291] CPU: 1 UID: 0 PID: 5291 Comm: kworker/1:4 Not tainted 6.12.0-rc3-next-20241014-syzkaller #0 [ 107.287943][ T5291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 107.298698][ T5291] Workqueue: usb_hub_wq hub_event [ 107.303881][ T5291] RIP: 0010:thermal_thresholds_flush+0x1ff/0x230 [ 107.311449][ T5291] Code: 34 24 eb 05 e8 12 b9 36 f9 4c 89 f7 be 0f 00 00 00 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 c7 3a ff ff e8 f2 b8 36 f9 90 <0f> 0b 90 e9 7f fe ff ff 48 c7 c1 7c e0 1d 90 80 e1 07 80 c1 03 38 [ 107.334120][ T5291] RSP: 0018:ffffc90004347168 EFLAGS: 00010287 [ 107.340391][ T5291] RAX: ffffffff885e49be RBX: 0000000000000000 RCX: 0000000000100000 [ 107.348792][ T5291] RDX: ffffc90014582000 RSI: 0000000000005741 RDI: 0000000000005742 [ 107.356948][ T5291] RBP: ffffffff8f97b7a0 R08: ffffffff885e4832 R09: 1ffffffff285d10e [ 107.365071][ T5291] R10: dffffc0000000000 R11: fffffbfff285d10f R12: dffffc0000000000 [ 107.365301][ T6436] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.286 (6436) [ 107.373155][ T5291] R13: dffffc0000000000 R14: ffff888062144000 R15: ffff8880621447c0 [ 107.373202][ T5291] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 107.373221][ T5291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 107.373236][ T5291] CR2: 00007fe904336e05 CR3: 000000005d8d2000 CR4: 00000000003526f0 [ 107.373254][ T5291] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 107.373268][ T5291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 107.373283][ T5291] Call Trace: [ 107.373294][ T5291] [ 107.373306][ T5291] ? __warn+0x168/0x4e0 [ 107.450067][ T5291] ? thermal_thresholds_flush+0x1ff/0x230 [ 107.456072][ T5291] ? report_bug+0x2b3/0x500 [ 107.463024][ T5291] ? thermal_thresholds_flush+0x1ff/0x230 [ 107.468918][ T5291] ? handle_bug+0x60/0x90 [ 107.473404][ T5291] ? exc_invalid_op+0x1a/0x50 [ 107.478821][ T5291] ? asm_exc_invalid_op+0x1a/0x20 [ 107.487611][ T5291] ? thermal_thresholds_flush+0x72/0x230 [ 107.493609][ T5291] ? thermal_thresholds_flush+0x1fe/0x230 [ 107.499598][ T5291] ? thermal_thresholds_flush+0x1ff/0x230 [ 107.505476][ T5291] ? thermal_thresholds_flush+0x1fe/0x230 [ 107.511287][ T5291] thermal_zone_device_unregister+0x29e/0x370 [ 107.518223][ T5291] power_supply_unregister+0xe8/0x140 [ 107.523668][ T5291] ? __pfx_shield_remove+0x10/0x10 [ 107.529526][ T5291] shield_remove+0x72/0x120 [ 107.534106][ T5291] hid_device_remove+0x225/0x370 [ 107.539324][ T5291] ? __pfx_hid_device_remove+0x10/0x10 [ 107.545028][ T5291] device_release_driver_internal+0x4a9/0x7c0 [ 107.551188][ T5291] bus_remove_device+0x34f/0x420 [ 107.556313][ T5291] device_del+0x57a/0x9b0 [ 107.558970][ T6436] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 107.560998][ T5291] ? __pfx_device_del+0x10/0x10 [ 107.577603][ T5291] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 107.585189][ T5291] hid_destroy_device+0x6a/0x1b0 [ 107.589765][ T6436] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 107.590257][ T5291] usbhid_disconnect+0x9e/0xc0 [ 107.603871][ T5291] usb_unbind_interface+0x25e/0x940 [ 107.609254][ T5291] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 107.615213][ T5291] ? __pfx_usb_unbind_interface+0x10/0x10 [ 107.621702][ T5291] device_release_driver_internal+0x503/0x7c0 [ 107.627132][ T6436] BTRFS info (device loop1): using free-space-tree [ 107.628491][ T5291] bus_remove_device+0x34f/0x420 [ 107.639414][ T5291] device_del+0x57a/0x9b0 [ 107.643964][ T5291] ? kobject_put+0x272/0x480 [ 107.648809][ T5291] ? __pfx_device_del+0x10/0x10 [ 107.653727][ T5291] ? kobject_put+0x44d/0x480 [ 107.658547][ T5291] usb_disable_device+0x3bf/0x850 [ 107.663642][ T5291] usb_disconnect+0x340/0x950 [ 107.668432][ T5291] hub_event+0x1ebc/0x5150 [ 107.672950][ T5291] ? debug_object_deactivate+0x2d5/0x390 [ 107.678883][ T5291] ? __pfx_hub_event+0x10/0x10 [ 107.683924][ T5291] ? __pfx_lock_acquire+0x10/0x10 [ 107.689050][ T5291] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 107.696791][ T5291] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 107.703218][ T5291] ? process_scheduled_works+0x976/0x1850 [ 107.709128][ T5291] process_scheduled_works+0xa63/0x1850 [ 107.714880][ T5291] ? __pfx_process_scheduled_works+0x10/0x10 [ 107.721783][ T5291] ? assign_work+0x364/0x3d0 [ 107.727125][ T5291] worker_thread+0x870/0xd30 [ 107.731806][ T5291] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 107.737860][ T5291] ? __kthread_parkme+0x169/0x1d0 [ 107.742958][ T5291] ? __pfx_worker_thread+0x10/0x10 [ 107.748209][ T5291] kthread+0x2f0/0x390 [ 107.752346][ T5291] ? __pfx_worker_thread+0x10/0x10 [ 107.757598][ T5291] ? __pfx_kthread+0x10/0x10 [ 107.762249][ T5291] ret_from_fork+0x4b/0x80 [ 107.766742][ T5291] ? __pfx_kthread+0x10/0x10 [ 107.771436][ T5291] ret_from_fork_asm+0x1a/0x30 [ 107.776644][ T5291] [ 107.779695][ T5291] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 107.787010][ T5291] CPU: 1 UID: 0 PID: 5291 Comm: kworker/1:4 Not tainted 6.12.0-rc3-next-20241014-syzkaller #0 [ 107.797289][ T5291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 107.807479][ T5291] Workqueue: usb_hub_wq hub_event [ 107.812556][ T5291] Call Trace: [ 107.815863][ T5291] [ 107.818831][ T5291] dump_stack_lvl+0x241/0x360 [ 107.823557][ T5291] ? __pfx_dump_stack_lvl+0x10/0x10 [ 107.828809][ T5291] ? __pfx__printk+0x10/0x10 [ 107.833423][ T5291] ? vscnprintf+0x5d/0x90 [ 107.837799][ T5291] panic+0x349/0x880 [ 107.841729][ T5291] ? __warn+0x177/0x4e0 [ 107.845912][ T5291] ? __pfx_panic+0x10/0x10 [ 107.850332][ T5291] ? ret_from_fork_asm+0x1a/0x30 [ 107.855277][ T5291] __warn+0x34b/0x4e0 [ 107.859263][ T5291] ? thermal_thresholds_flush+0x1ff/0x230 [ 107.865096][ T5291] report_bug+0x2b3/0x500 [ 107.869520][ T5291] ? thermal_thresholds_flush+0x1ff/0x230 [ 107.875245][ T5291] handle_bug+0x60/0x90 [ 107.879401][ T5291] exc_invalid_op+0x1a/0x50 [ 107.883900][ T5291] asm_exc_invalid_op+0x1a/0x20 [ 107.888849][ T5291] RIP: 0010:thermal_thresholds_flush+0x1ff/0x230 [ 107.895202][ T5291] Code: 34 24 eb 05 e8 12 b9 36 f9 4c 89 f7 be 0f 00 00 00 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 c7 3a ff ff e8 f2 b8 36 f9 90 <0f> 0b 90 e9 7f fe ff ff 48 c7 c1 7c e0 1d 90 80 e1 07 80 c1 03 38 [ 107.915001][ T5291] RSP: 0018:ffffc90004347168 EFLAGS: 00010287 [ 107.921076][ T5291] RAX: ffffffff885e49be RBX: 0000000000000000 RCX: 0000000000100000 [ 107.929055][ T5291] RDX: ffffc90014582000 RSI: 0000000000005741 RDI: 0000000000005742 [ 107.937055][ T5291] RBP: ffffffff8f97b7a0 R08: ffffffff885e4832 R09: 1ffffffff285d10e [ 107.945038][ T5291] R10: dffffc0000000000 R11: fffffbfff285d10f R12: dffffc0000000000 [ 107.953017][ T5291] R13: dffffc0000000000 R14: ffff888062144000 R15: ffff8880621447c0 [ 107.961014][ T5291] ? thermal_thresholds_flush+0x72/0x230 [ 107.966673][ T5291] ? thermal_thresholds_flush+0x1fe/0x230 [ 107.972403][ T5291] ? thermal_thresholds_flush+0x1fe/0x230 [ 107.978154][ T5291] thermal_zone_device_unregister+0x29e/0x370 [ 107.984339][ T5291] power_supply_unregister+0xe8/0x140 [ 107.989812][ T5291] ? __pfx_shield_remove+0x10/0x10 [ 107.994923][ T5291] shield_remove+0x72/0x120 [ 107.999428][ T5291] hid_device_remove+0x225/0x370 [ 108.004514][ T5291] ? __pfx_hid_device_remove+0x10/0x10 [ 108.010065][ T5291] device_release_driver_internal+0x4a9/0x7c0 [ 108.016155][ T5291] bus_remove_device+0x34f/0x420 [ 108.021105][ T5291] device_del+0x57a/0x9b0 [ 108.025469][ T5291] ? __pfx_device_del+0x10/0x10 [ 108.030334][ T5291] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 108.036798][ T5291] hid_destroy_device+0x6a/0x1b0 [ 108.041746][ T5291] usbhid_disconnect+0x9e/0xc0 [ 108.046546][ T5291] usb_unbind_interface+0x25e/0x940 [ 108.052035][ T5291] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 108.057771][ T5291] ? __pfx_usb_unbind_interface+0x10/0x10 [ 108.063522][ T5291] device_release_driver_internal+0x503/0x7c0 [ 108.069624][ T5291] bus_remove_device+0x34f/0x420 [ 108.074587][ T5291] device_del+0x57a/0x9b0 [ 108.078952][ T5291] ? kobject_put+0x272/0x480 [ 108.083568][ T5291] ? __pfx_device_del+0x10/0x10 [ 108.088450][ T5291] ? kobject_put+0x44d/0x480 [ 108.093063][ T5291] usb_disable_device+0x3bf/0x850 [ 108.098272][ T5291] usb_disconnect+0x340/0x950 [ 108.102962][ T5291] hub_event+0x1ebc/0x5150 [ 108.107420][ T5291] ? debug_object_deactivate+0x2d5/0x390 [ 108.113168][ T5291] ? __pfx_hub_event+0x10/0x10 [ 108.118118][ T5291] ? __pfx_lock_acquire+0x10/0x10 [ 108.123172][ T5291] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 108.129204][ T5291] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 108.135583][ T5291] ? process_scheduled_works+0x976/0x1850 [ 108.141485][ T5291] process_scheduled_works+0xa63/0x1850 [ 108.147057][ T5291] ? __pfx_process_scheduled_works+0x10/0x10 [ 108.153139][ T5291] ? assign_work+0x364/0x3d0 [ 108.157743][ T5291] worker_thread+0x870/0xd30 [ 108.162347][ T5291] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 108.168243][ T5291] ? __kthread_parkme+0x169/0x1d0 [ 108.173269][ T5291] ? __pfx_worker_thread+0x10/0x10 [ 108.178382][ T5291] kthread+0x2f0/0x390 [ 108.182457][ T5291] ? __pfx_worker_thread+0x10/0x10 [ 108.187586][ T5291] ? __pfx_kthread+0x10/0x10 [ 108.192279][ T5291] ret_from_fork+0x4b/0x80 [ 108.199391][ T5291] ? __pfx_kthread+0x10/0x10 [ 108.203985][ T5291] ret_from_fork_asm+0x1a/0x30 [ 108.208796][ T5291] [ 108.212112][ T5291] Kernel Offset: disabled [ 108.216489][ T5291] Rebooting in 86400 seconds..