last executing test programs: 5.219332667s ago: executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f0000002380)=""/129, 0x18) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) getdents(r0, &(0x7f0000000180)=""/33, 0x21) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x11, r1, 0x0) getdents64(r0, &(0x7f0000000100)=""/116, 0x74) 5.106266934s ago: executing program 2: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="00000100000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000680)={0x34, &(0x7f00000003c0)={0x0, 0x0, 0x49, "83bb7f1bb20bec05957070a433425eb0e4e13d63645372840a3f7c510588c6d668ccb473b7901f0733fbc6f9b378700947fc6b11a6a50f65c487aa960906aae8644c083e5658e0f5c9"}, 0x0, 0x0, 0x0, 0x0, 0x0}) 3.902146087s ago: executing program 3: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x50}]}, &(0x7f0000000080)='syzkaller\x00', 0x4}, 0x90) 3.712800166s ago: executing program 3: r0 = eventfd2(0x0, 0x0) io_setup(0x6, &(0x7f0000000000)=0x0) r2 = syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r2, 0x2def, 0x0, 0x0, 0x0, 0x0) r5 = socket$rds(0x15, 0x5, 0x0) ppoll(&(0x7f0000001100)=[{r0}], 0x1, 0x0, 0x0, 0x0) io_submit(r1, 0x1, &(0x7f0000001340)=[&(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x3, r0}]) 3.435427976s ago: executing program 0: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000020c0)=[@in6={0xa, 0x0, 0x0, @remote, 0x34}]}, &(0x7f0000002100)=0x10) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x2c, 0x0, 0x0) 2.41103793s ago: executing program 4: r0 = open(&(0x7f0000000040)='./bus\x00', 0x541142, 0x80) ftruncate(r0, 0x2007ffb) sendfile(r0, 0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000240)={[{@noload}, {@mblk_io_submit}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@auto_da_alloc}, {@block_validity}, {@quota}]}, 0x3, 0x434, &(0x7f00000002c0)="$eJzs289rHFUcAPDv7CataVMTS/3RtGq0isEfSZPW2oMXRcGDgqCHeoxJWmK3jTQRbAkaRepRCt7Fo+Bf4Ekvop4Er3qXQpFcWj2tzO5MsrvZTbPpJlvdzwcmeW/mLe99d+btvjdvJ4CeNZr+SSIGI+L3iBiqZusLjFb/3Vpdnvl7dXkmiXL5rb+SSrmbq8szedH8dfvzTF9E4bMkjjSpd/HylfPTpdLcpSw/sXTh/YnFy1eem78wfW7u3NzFqdOnT56YfOHU1PMdiTON6+bIRwtHD7/2zrU3Zs5ce/fnb5M8/oY4OmR0s4NPlssdrq67DtSkk74uNoS2FKvdNPor/X8oirF+8obi1U+72jhgR5XL5fIDrQ+vlIH/sSS63QKgO/Iv+nT+m2+7NPS4K9x4qToBSuO+lW3VI31RyMr0N8xvO2k0Is6s/PNVusXO3IcAAKjzfTr+ebbZ+K8QtfeF7s3WUIYj4r6IOBgRpyLiUETcH1Ep+2BEPNRm/Y2LJBvHP4Xr2wpsi9Lx34vZ2lb9+C8f/cVwMcsdqMTfn5ydL80dz96Tsejfm+YnN6njh1d++6LVsdrxX7ql9edjwawd1/v21r9mdnpp+k5irnXjk4iRvmbxJ2srAUlEHI6IkW3WMf/0N0dbHbt9/JvowDpT+euIp6rnfyUa4s8lm69PTtwTpbnjE/lVsdEvv159s1X9dxR/B6Tnf1/T638t/uGkdr12sf06rv7xecs5zXav/z3J23X7PpxeWro0GbEneb3a6Nr9Uw3lptbLp/GPHWve/w/G+jtxJCLSi/jhiHgkIh7N2v5YRDweEcc2if+nl594r27H2GAb8e+sNP7Zts7/emJPNO5pniie//G7ukqHo4340/N/spIay/Zs5fNvK+3a3tUMAAAA/z2FiBiMpDC+li4Uxserv+E/FPsKpYXFpWfOLnxwcbb6jMBw9BfyO11DNfdDJ7NpfZ6fasifyO4bf1kcqOTHZxZKs90OHnrc/hb9P/VnsdutA3ac57Wgd+n/0Lv0f+hd+j/0rib9f6Ab7QB2X7Pv/4+70A5g9zX0f8t+0EPM/6F36f/Qu/R/6EmLA3H7h+QlJDYkonBXNENihxLd/mQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADojH8DAAD//ygv5wk=") lsetxattr$trusted_overlay_nlink(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000140), 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740), 0x0, 0x0, 0x0) setresuid(0x0, 0xee00, 0x0) llistxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 2.366300333s ago: executing program 0: r0 = socket$igmp(0x2, 0x3, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000000), 0x4) setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000080)={@local, @multicast2, 0x0, "36c9e27c2067e46c15c9215e88549f1858666924db638d09487e93c970f1f2b3"}, 0x3c) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = dup(0xffffffffffffffff) ioctl$KVM_HYPERV_EVENTFD(r2, 0x4018aebd, &(0x7f0000000140)={0x0, r3}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r3, 0x4040534e, &(0x7f0000000400)={0x0, @tick=0x80000001, 0x20, {0x81, 0x2}, 0x7f}) bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x5, 0x4, 0x8, 0x6}, 0x48) getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f00000001c0), 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="240000001e005f031400ff01000000f80700b3586ff606c2e553797c080008e467dc0000", 0x24) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x1c, r5, 0x5, 0x0, 0x0, {{0x16}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}}, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, 0x0, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r7, &(0x7f0000000b00)=[{{&(0x7f0000000680)={0x2, 0x4e20, @multicast2}, 0x10, 0x0}}], 0x1, 0xc044) 2.328413366s ago: executing program 3: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000240)={0x2, 0x4e23, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000040)='\x00', 0x1, 0xc840, 0x0, 0x0) close(r0) 2.241670803s ago: executing program 3: socket$netlink(0x10, 0x3, 0x0) r0 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8) close(r0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) fcntl$setstatus(r0, 0x4, 0x2c00) r1 = syz_io_uring_setup(0x20fe, &(0x7f0000001a80)={0x0, 0x0, 0x10100}, &(0x7f0000001b00)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x1}) io_uring_enter(r1, 0x567, 0x0, 0x0, 0x0, 0x0) 2.215066567s ago: executing program 4: mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x10, 0xffffffffffffffff, 0x0) pipe2(&(0x7f00000005c0), 0x0) socket$igmp(0x2, 0x3, 0x2) syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socket(0x10, 0x3, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$usbmon(&(0x7f0000000180), 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c64656275672c6572726f72733d72656d6f756e742d726f2c757466383d302c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e6e742c756e695f786c6174653d302c636865636b3d72656c617865642c757466383d302c726f6469722c726f6469722c00bd11a3d82e3cc8e94a1ac3169cb253bc51dceb1a3c8675eef705933dac0549813c420584251b8849a95afa9de1a80dcc7f9d4e26116050410b89f88108d551843f6115dded9b54fcb36a3a7bab7fb11d2c7265fa11a3ff2f3ca1c0df2142ff9ce532341817f2bb2fef3428793728d4daa090c5becbb74d00c95f965afa83e5bb562620ea9e99853533ca4ef0702dad548503917329f0f431d87efa28137d3f0e0fa2906cb9e236094a2d7a9ce877c1d8509500"/315], 0x1, 0x217, &(0x7f00000004c0)="$eJzs3TFrE2EYB/CnttVSkGQQiiJ44uIUmop7ilQQA4qSQSeLTVGaWDAQ0KF180voV9DRVXAQV7+ACFIFF7t1ECL1YmNrYiM1OTG/35KH3Pu/e95LyEuGvLl1sr6ytNpY3tzciKmpsZgoRSm2xiIfh2I8Uo8CAPifbLVa8aWVyroXAGA4rP8AMHr6XP+vDrElAGDAfP8HgNFz/cbNy/Pl8sK1JJmKqD9uVpqV9DE9Pr8cd6MW1ZiNXHyNaO1I64uXyguzybaP+ajU19v59WZlfHe+GLnId88Xk9Tu/GRMt/PvpqMac5GLY93zc13zh+PsmZ+uX4hcvL0dq1GLpdjOdvJrxSS5cKW8J3/k+zgAAAAAAAAAAAAAAAAAAAAAABiEQrKj6/49hUKv42m+//2B9u7PMxEnJrKdOwAAAAAAAAAAAAAAAAAAAPwrGg8erizWatX7vyvuvXn2ar8xfRZj7ese9DwHL46e/vCk15jxP7s/f7d4eSrL29Jn8XrjzvFzjZnzmbUxGRG/PtPzrfU5FzGgfp5n+lr8mPW+g2eelhZfrL3/1O+Zh/5RBAAAAAAAAAAAAAAAAAAAI6/zo9+sOwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA7HT+/39wRdZzBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbwEAAP//uSidyw==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f00000002c0)=ANY=[@ANYRES8=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r2, 0x541c, &(0x7f0000000000)) 2.171735187s ago: executing program 3: syz_mount_image$btrfs(&(0x7f0000000100), &(0x7f0000005140)='./file0\x00', 0x816, &(0x7f0000000280)={[{@nospace_cache}, {@noautodefrag}, {@nobarrier}, {@noautodefrag}, {@nobarrier}, {@compress_algo={'compress', 0x3d, 'no'}}, {@nospace_cache}, {@usebackuproot}]}, 0x1, 0x50ed, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTsT3573JENYvrOR3E/wmHm5XUpgfKxQ6WkmPbbFHXpgfLxQ65pIemydDeHBhZX9S+H8stJPClbV54UhSOB0L+fnQLRxLCifimfb52ny6aeH7WMgvsJiPV1Cs6V4SkfS42q/HQuGGPc52Dw4AAHBPieE5z7Jjvc2QRtn52qAdVg/aYWTQDvVBO4wmO6Q79tseZnsLcXv7zMalPf//yHD5P74Vq7JFv+v/Q7z+P3+uYff6/9lYaCSF+VhopXcMaMVjZGH343iMRivvcWV9twAAAAB3tfi9QH2F5wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP+zda4xc1X0A8LPP8T68XkiqEBolm6TGcROv1zaQqKXKmlI1IqVZNxRURRQbe00WL9ixTYlRiIxNRCMEpQ1S8qEIoyiq+QC1AhFJAeEixREqj4iqKIBAoTVEQaSUJCJNkEI1e++ZvXPuzsOPNV76+0neOTP/87zz8Jx775wLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/w8GvXPO3zeKP/va8Z1+4ePyKPWsvfvW68059MoSJmcc7snBH/423j//87nPv2fPA6jvuO3z+R3vzcnk8DFT/dOZ3boi1Hl4cwv0dIXSngRWDWaAnvz8Y63vfYAinhNlArcRkf1YibTh8vy+EfWE2UKvqe30hDBYCFz71yMM3VxO39YWwNIRQSdt4vpK10ZcGzujNAv1pYGt3FvjVW5la4LudWQCOWXwz1F70BybqMwzPXa7B66/nuHXs7ZUOrysmhhvn+9naee5UQW/6wMQxPW2l6pgXpbfHQe+2BfBuK23nWz1txS9S+TeUt2ZDldC5aXLzhqund8ZHOsPoaFejmubpeX7m9S9tPJL0gnkdxg4MH5fX4S1PLL27a/kFj9+3YunL+z+295Vj7eaPCpu0mJ5vlZC/5hbM8xiN+zxZAG+/0rekEV+6QgibP/97n2kWL83/h5vP/+PLOd521uWOtb45lM3N4yODMfHaUDY3BwAAgAVjIew13Tr60Cea1Vea/4+0d/w/HvLPJ/PZaA+GMD6T2LskhNNmHs8Cd8XmLlsSwgdnUhP1gbVJ4GAI751JLK9VlZRYFEuMJIGfDOWB8SRwKAYmksC3YuDWJHBDDBxIAhtj4GASODcGwlT9OH5/KB9H24G+GFifbcQD8SyEXwzF1pJt9VytKgAAgOMknx321N8tnOtwrBni9PJAX6sM8QzshhkqSQ3pDLY2rWpYQ3erGjpb1VAb9+7mwy/V3NGq5tJpGB31GW7/5d98NjRRmv+PNZ//V+boSEfp+H8I62b+xtydeWS6Fl8/UZcBAAAAOAYD//viN5vFS/P/8fbO/4/7RLoKmcNjcTfEliUhjNUHsmr/sBzIjnoP5AEAAABYCGrH42vHwqfy2+wU7XQ+Xc4/cYT544H/8Tnz9x58cH2z/pbm/xPtnf/fX3+bdeJQ7MXXloSwqBD4QexlNTBjJAZ+/Mn6QD7+Q3ED3BSryk9MqFV1UyyxPgbGksC+RiV+WCtxWn0gf7Jqje+tjWMqL1EIAAAAwAkXdwfE4/Lx/P8P/Wb1Nc3Kleb/64/s/P+ZeXDp9P7pgRBWdofQlf4w4LH+bGHAGBjsyBMP9Wd1daVVXd8fwjnVgaVVvZiv/9+drjH4VF9WVQyc9qH9r59RTXyzL4SVxcDTn7vzrGpiZxKoNf6XfSF8oDratPHvLMoa70kb//qiEN5fCNSqumxRCNXGetOqHqnk1zFIq/rnSgjvKgRqVZ1dCWFXAGCBiv+Vbio+uGPXtVs2TE9Pbp/HRNyH3xc2T01Pjm7cOr2p0qBPm5I+1y1jdH15TO1e+ea5fImii+5dN9hOuvY7wbFiW/l+/NKJg/n9+F2oZ2acq3vq7q5Jh/yRD5ebCIVvUo2G3DnPQ+4vVjL7JJbqj/l7w0BYdPWOye2jX9ywc+f2VdnfdrOvzv7Gw0zZtlqVbqv+ufrWxsuj4WpZiaPdVsuKlazceeW2lTt2Xbti6soNl09ePnnVqrNXj505tmbs42eurI5qLPvbYqjL5qo6Gepbd7Y5ruM41NO7C5WciE8NCQmJhZbYOrCs6f/Jpfn/tubz//ipEz/58/UZGh3/H46H+bPHZw/zr4+Bfe0e/x9udDS/dmLASBLYHQO7HeYHAADgnSFO8uPezLhX+qfLv/Nys3Kl+f/u9n7/f5zW/68tXX9+o2X+l8cSY43W/0+X+a+t/7+70fr/6TL/tfX/970N6/9fXQskm+QX1v8HAADeCU7c+v8tl/dPLxBQytByef/0AgGlDC2X8W/3AgFHvP7/8//5V/8dmijN/29tb/5v4X4AAAA4eXz5z675nWbx0vx/X3vz/xO//l9odP7/SKPARKOFAa3/BwAAwALVaP2/4Rv7L21WrjT/P9De/D+edtFZlzvW+uZQtqZdSNe0e22o9pMBAAAAWBg6w+hoT5t561ZGXXv0bT6TLwXaLF304p8cPrLz/w+2N/+v+13GLU8svbtr+QWPv3nfiqUv7//Y3ldmj/8DAAAA86fd/RIAAAAAAAAAAAAAAMDb78X/2LOmWbz0+/+wbubxRr//j9f9i78veHdd7lhr6/X/8vsXfvqeXTNLFj42FMKHi4Ete7acEvJr8y8rBh6+ZPl7qok9aYkHXzj3pWri0jTwqRWnvlFNnJME1sdFEt+bBuJVFd9YnATi8or/ngbi9jiQBnrzwFcXZ+PoSLfVTwezbdWRbqtnB0NYUgjUttX9g1kbHekAb0sCtQF+IQ3EAf55HuhMe3XPQNarGBiMRe8YyHoFAMBJK34L7Ambp6Ynx+JX+Hh7enf9bVS3ZNn15Wo72mz+uXxpsovuXTfYTror/S46e63xnlCpDmFV6etqMUvHzCiPTy0tNt27Gwy51WpvnQ3KpY500/U2HlFfNqLRjVunN/W0HPia1llWd7fMsqo02Slm6ZzZpG3U0kZf2hhRm9umjS7H+51hdLQryfUHMTgc6rR6RbT7e/3iOn+NXgXFPFcd3vurZvWV5v/D7c3/K8VxvZFfDGB3vLLe3y2xzD8AAADMr6+u/fU34r/P3vjo083ylub/I+3N/+MerPxQcLa342C8/v/eJSHMXFp/OAvcFZu7bEkIH5xJTcQS2QX1z48lxrLAXXGHyfJYYv1EfVWLYuBAEvjJUB44mAQOxUC+l2J/yHfl/P1QCGfNpNbVl9gWSwwngc/EwEgSGI2BsSSwOAbGk8Cri/PARBL4txgIU/Xb6t7F+bYCAAA4Evk8q6f+bkjneQe6W2XoaJWhv1WGzlYZKq0yNBpFvP/tmKEnOXmlo5CpJ621L6mllCFeDP+I+1XKEH5YnzMtWGo6nn9QO9+goz7DA5/oroQmSvP/sfbm//31t1nrh+L8f/b6f1ngB7F7X4unjo/EwI8/WR/IdwwcipPdm2pVTeQl8kn7TbHEeAyMJIFtMTCeBNavywP73lMfyGfatcb31hqfyksUAgAAAHDCxR0EcTdNnP/fseMrA83Kleb/4+3N/2N7A8XGboi1Hl4cwv0ds72pBVYMZoG4H2Mw/jz+fYMhnFLYwVErMdmflehNGg7f78t+od6bVvW9vuzHB/H+hU898vDN1cRtfSEsLex9qbXxfCVroy8NnNGbBfrTwNbuLBD3/NQC3+3MAnDMansF4wsqP9WlZnjucg1ef++Ua4KmwyvtA50j31y/uZovpR2u+T7VmiN72pruv+W4Kb09Dnq3LcR327B3W/GLVP4N5a3ZUCV0bprcvOHq6Z3xkeIvWUvm6Xku/kq1nfRxeB3uPvretlZJOzCWfHyMzV1u7tdhR6zulieW3t21/ILH71ux9OX9H9v7StvdaCD+UPiR6/518EeFzTvfKiF/zS24z5MJnycL8b+BEU9bCGHdq1+/qVm8NP+faG/+353czvh13Jg7loTwkcLGfSxu/j9ekn0OFgLZp+S7yoHskPt/DTX85AQAAIDjrba7o7a/YCq/zU4IT+fJ5fwTR5g/7q8YnzN/u/3u/+tLljaLl+b/65vP/xcl3XT83/F/5onj/3M62XdFL0of2H1Mu6JL1TEvHP+f08n+bnP8f06O/zv+PxfH/1tw/H9OJ/vTVvqWtM2XrhDCy3/00LPN4qX5/7b25v/W/5t70b7a+n/rG63/t63R+n+7rf8HAADMqwYLzaXzvNLqfaUM6ep9pQwtFwhsucSg9f+OeP2/l05//jehidL8f3d78//4chgotr5Q1v8bWdegqltjYJuFAQEAADgZNdpBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNvrgX/4n03N4o/+9rxnX7h4/Io9ay9+9brzTn0yhKmZxzuycEf/jbeP//zuc+/Z88DqO+47fP5HK3m5nvz2d+tyx1rfHAphX+GRwZh4bah6ZzZw4afv2dVdTTw2FMKHi4Ete7acUk18ayiEZcXAw5csf081sSct8eAL575UTVyaBj614tQ3qolz8kBH2t1/XJx1tyPt7s2LQ1hSCNS6e8Xi+qpqbfxpHuhM2/inwayNGBiMRb8xmLURA9OxxNSiEFZ2h9CVVvVoJauqK63qXypZVV1pVV+uhHBOCKE7reqF3qyq7nTkT/ZmVcXAaR/a//oZ1cS+3hBWFgNPf+7Os6qJLySBWuN/0RvCB6ovmbTxb/dkjfekjd/WE8L7Qwi9aYlfdmcletMSL3aH8K5CoNb457tD2BV4R4gfPnWfaDt2Xbtlw/T05PZ5TPTmbfWFzVPTk6Mbt05vqiR9aqSjkH7r+qMf+3Ovf2lj9faie9cNtpPuzsv1zHR5dU/d3TUne+9jv/qLlcw+H6X6Y/7eMBAWXb1jcvvoFzfs3Ll9Vfa33eyrs79deTTbVqsWyrZaVqxk5c4rt63csevaFVNXbrh88vLJq1advXrszLE1Yx8/c2V1VGPZ3+Mx1DtP/FBP7y5UciI+ACQkJBZaorPu023sZP8gL33Rn+1oT6jMfECXphXFLB0zozweg157lCM+mu8pLUe0qjRxKGVZ3TrLmtJkYjZLX5Zl5ntdaXJYrKlzZpPG+51hdLSr0XYYrr9b3Lw/O4bN+0y+6dpNAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwf+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86jJ4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgUAAD//wNUIwc=") copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) renameat2(r0, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000002c0)='./file0\x00', 0x2) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81000) renameat2(r2, &(0x7f0000000000)='./file1\x00', r2, &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fsync(r3) 2.161263664s ago: executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000600)=0x8) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000080)={r3}, &(0x7f0000000100)=0x8) 2.113442235s ago: executing program 0: syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80, &(0x7f0000000140), 0x0, 0x4c9, &(0x7f0000001a40)="$eJzs3FtrHFUcAPD/bC5tbGtivfaijVYxeEma9Prgi6LQF0FQpD6uSVpq01aaCG0JNopU8EHpJ/DyIAh+AvHFF1GfFF8VX0Uokpe2PsjI7M6mm+5ukm022dj9/WDbc2bOzDn/OTO7M+cwCaBjDWb/JBFbI+K3iOgvZxcXGCz/d31+dvzG/Ox4Emn66t9Jqdy1+dnxStHKdlvyzFAhovBBErvq1Dt94eKp4tTU5Lk8PzJz+u2R6QsXnz15unhi8sTkmbEjRw7s7zt8aOxgS+LM2nRt57tnd+84+saVl8ePXXnzx6+z9qb5+uo4ygaarKGrZslgDC4+llWeaHLvG922qnTS3caG0JTsrM26q6d0/fdHV9zsvP546f22Ng5YU2mapptqli78ls2l1ZKkvAFwh0hc0tChKj/01+azJ9XZ8drn4Dvb1eej9ASUxX09/5TXdEche4YfKD8b9axR/fdFxLG5fz7NPlF3HAIAoNW6I54p33dUPuXlhXigqtTd+dzQQETcExHbI+Le/P7l/ohS2Qcj4qGqbbI7ytqxpcUGb8nX3v/80req8JaR3f89l89tLb7/K1SKDHTluW2l+HuS4yenJvflx2QoejZl+dHaXX9bSXz34q+fNKp/sOr+L/tk9VfuBfN2/NV9y0GcKM4UVxt3xdX3SkN6l2rjTxZmArJ+3BERO29j/9kxO/nUV7sbrV8+/o8b77wF80zp5xFPlvt/Lm6JP9Obp+rPT44ePjR2cGRzTE3uG6mcFbV++vnyK3my5jFi+fjXVtb/d9U9/xdmLgeS6vna6ebruPz7hw2faW73/O9NXiule/Nl54szM+dGI3qTudrlYze3PV/sW1Q+i39ob/3rf3vEv5/l2+2KiOwkfjgiHomIPXnbH42IxyJi7xLx//DC4281eoTcCP0/0VT/N5/oOvX9NzUVfzS4wviz/j9QSg3lSyaKM5uXCKl0nFfawJYcRAAAANjg9kTE1kgKw/kY59YoFIaHI7YsjKBMzzx9/Ow7ZybK7wgMRE+hMtLVXzUeOpqPDWf5bKuxqny2fn9p3DhN07SvlB8ePzu1rb2hQ8fb0uD6z/xZ+0oLcKdpah6t0RttwP/S7c+jpy1tB7D+vK8NnavR9T+3zu0A1t+Kf//X6i04oG3qXf+XIq63oSnAOqt3/b/ehnYA68/4H3Qu1z90rCtf3vANAB1oNe/1L5XYfnSJMkn32lTaOFGIpf8KwEBEczv8oxDRmhZ2tTTSvhX06eZoRV1RWLZMdxN/iGF9E4UN0Izs6JQSmyqJxmfvwsl2qZK4uNYtLH09fNHu7ycAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDV+i8AAP//R4vb+Q==") r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000940)={{}, 'syz0\x00'}) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x12) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x1) ioctl$UI_DEV_CREATE(r1, 0x5501) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) r3 = dup(r2) write$uinput_user_dev(r3, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x7ff, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x790, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2fb]}, 0x45c) 2.111874697s ago: executing program 2: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x2000000058831, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) rt_sigprocmask(0x0, &(0x7f000078b000), 0x0, 0x8) mlock(&(0x7f00002cb000/0x2000)=nil, 0x2000) madvise(&(0x7f000012f000/0x2000)=nil, 0xf01200, 0x9) 1.983249364s ago: executing program 1: r0 = gettid() clock_gettime(0x0, &(0x7f00000032c0)={0x0}) futex_waitv(&(0x7f0000002940)=[{0x0, &(0x7f0000001000), 0x82}, {0x0, &(0x7f0000001040), 0x82}, {0x0, &(0x7f0000001080), 0x82}, {0x0, &(0x7f00000010c0), 0x82}, {0x0, &(0x7f0000001100), 0x82}, {0x0, &(0x7f0000001140), 0x82}, {0x0, &(0x7f0000001180)}, {0x0, &(0x7f00000011c0)}, {0x0, &(0x7f0000001200)}, {0x0, &(0x7f0000001240)}, {0x0, &(0x7f0000001280)}, {0x0, &(0x7f00000012c0)}, {0x0, &(0x7f0000001300)}, {0x0, &(0x7f0000001340)}, {0x0, &(0x7f0000001380)}, {0x0, &(0x7f00000013c0)}, {0x0, &(0x7f0000001400)}, {0x0, &(0x7f0000001440)}, {0x0, &(0x7f0000001480)}, {0x0, &(0x7f00000014c0)}, {0x0, &(0x7f0000001500)}, {0x0, &(0x7f0000001540)}, {0x0, &(0x7f0000001580)}, {0x0, &(0x7f00000015c0)}, {0x0, &(0x7f0000001600)}, {0x0, &(0x7f0000001640)}, {0x0, &(0x7f0000001680)}, {0x0, &(0x7f00000016c0)}, {0x0, &(0x7f0000001700)}, {0x0, &(0x7f0000001740)}, {0x0, &(0x7f0000001780)}, {0x0, &(0x7f00000017c0)}, {0x0, &(0x7f0000001800)}, {0x0, &(0x7f0000001840)}, {0x0, &(0x7f0000001880)}, {0x0, &(0x7f00000018c0)}, {0x0, &(0x7f0000001900)}, {0x0, &(0x7f0000001940)}, {0x0, &(0x7f0000001980)}, {0x0, &(0x7f00000019c0)}, {0x0, &(0x7f0000001a00)}, {0x0, &(0x7f0000001a40)}, {0x0, &(0x7f0000001a80)}, {0x0, &(0x7f0000001ac0)}, {0x0, &(0x7f0000001b00)}, {0x0, &(0x7f0000001b40)}, {0x0, &(0x7f0000001b80)}, {0x0, &(0x7f0000001bc0)}, {0x0, &(0x7f0000001c00)}, {0x0, &(0x7f0000001c40)}, {0x0, &(0x7f0000001c80)}, {0x0, &(0x7f0000001cc0)}, {0x0, &(0x7f0000001d00)}, {0x0, &(0x7f0000001d40)}, {0x0, &(0x7f0000001d80)}, {0x0, &(0x7f0000001dc0)}, {0x0, &(0x7f0000001e00)}, {0x0, &(0x7f0000001e40)}, {0x0, &(0x7f0000001e80)}, {0x0, &(0x7f0000001ec0)}, {0x0, &(0x7f0000001f00)}, {0x0, &(0x7f0000001f40)}, {0x0, &(0x7f0000001f80)}, {0x0, &(0x7f0000001fc0)}, {0x0, &(0x7f0000002000)}, {0x0, &(0x7f0000002040)}, {0x0, &(0x7f0000002080)}, {0x0, &(0x7f00000020c0)}, {0x0, &(0x7f0000002100)}, {0x0, &(0x7f0000002140)}, {0x0, &(0x7f0000002180)}, {0x0, &(0x7f00000021c0)}, {0x0, &(0x7f0000002200)}, {0x0, &(0x7f0000002240)}, {0x0, &(0x7f0000002280)}, {0x0, &(0x7f00000022c0)}, {0x0, &(0x7f0000002300)}, {0x0, &(0x7f0000002340)}, {0x0, &(0x7f0000002380)}, {0x0, &(0x7f00000023c0)}, {0x0, &(0x7f0000002400)}, {0x0, &(0x7f0000002440)}, {0x0, &(0x7f0000002480)}, {0x0, &(0x7f00000024c0)}, {0x0, &(0x7f0000002500)}, {0x0, &(0x7f0000002540)}, {0x0, &(0x7f0000002580)}, {0x0, &(0x7f00000025c0)}, {0x0, &(0x7f0000002600)}, {0x0, &(0x7f0000002640)}, {0x0, &(0x7f0000002680)}, {0x0, &(0x7f00000026c0)}, {0x0, &(0x7f0000002700)}, {0x0, &(0x7f0000002740)}, {0x0, &(0x7f0000002780)}, {0x0, &(0x7f00000027c0)}, {0x0, &(0x7f0000002800)}, {0x0, &(0x7f0000002840)}, {0x0, &(0x7f0000002880)}, {0x0, &(0x7f0000003380)}, {0x0, &(0x7f0000002900)}], 0x6, 0x0, &(0x7f0000003300)={r1}, 0x1) tkill(r0, 0x7) 1.963105691s ago: executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000100)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r4, 0x0, r3, 0x0, 0x1, 0x0) tee(r2, r5, 0xaf5, 0x0) 981.78864ms ago: executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x3c, 0x2, {{}, [@TCA_NETEM_RATE={0x14, 0x6, {0x0, 0x0, 0x1}}, @TCA_NETEM_RATE64={0xc}]}}}]}, 0x6c}}, 0x0) 961.4379ms ago: executing program 2: socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$inet_dccp(0x2, 0x6, 0x0) socket$packet(0x11, 0x3, 0x300) socket$packet(0x11, 0x3, 0x300) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000240)=0x7) connect$inet(r0, &(0x7f0000e5c000)={0x2, 0x0, @local}, 0x10) 879.802721ms ago: executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'erspan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x4c, 0x10, 0x405, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_ERSPAN_VER={0x5}, @IFLA_GRE_ENCAP_SPORT={0x6}, @IFLA_GRE_ENCAP_DPORT={0x6}]}}}]}, 0x4c}}, 0x0) 743.113415ms ago: executing program 1: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000240)={0x2, 0x4e23, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000040)='\x00', 0x1, 0xc840, 0x0, 0x0) close(r0) 656.657161ms ago: executing program 1: syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000053877d40da040d3943fa0000000109021b00010000000009040000017f3d66000905040010"], 0x0) 639.690375ms ago: executing program 4: r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) 636.965736ms ago: executing program 0: syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x3000080, &(0x7f0000000200)=ANY=[@ANYBLOB="71756965742c636f6465706167653d69736f383835392d31352c706172743d3078303030303030300000000000000000662c00a20000000700000000ede9debf530c3cc4d04b548919aca0c2937d4da1fc31dc42fc2e3e", @ANYRES8], 0x11, 0x2d2, &(0x7f0000000bc0)="$eJzs3U1rE1scx/HfmaRteht6pw+XC3fZa0E3UutG3KRIXoS4ELWJUAwVbQV1YxVXIrp371vwLQhuFN+Arlz5AiIII+fMZJJJJzMxNDMNfj9gmMycM+d/Mg/n/AfsCMAf60rzy9uL3+w/I1VUkV5cljxJNakq6R/9W3uwf7h32Gm3MvbTDRxbyyisaY4V2t1vp9WtKaoR8e23quqD6zAdQRDsfJV0UHYgKJW7+lN40kJ0dbrttcIjy/Z0wnpHJxzHrDFddfVQy2XHAQAoVzT+e9E4X4/m754nbUbD/qkc/yfVLTuAqQsytw6M/y7LCow9vn+7Tf18z6VwdrvXyxLHaXlu6Pu8wjMrMcE0eVmli8VbvL3XaZ/fvdtpeXqmRmSg2Lr7bIWnbk9OtBspuWmGMfpu0meUS64Pc7YP2yPiX5uwxYmZD+aTuW58vVErnv9VA2MPkztS/tCRCuPfGr1H10vfllJ022g0Gl6iyIpr5L+ohUhOL2vpGYl6Z9SKkg8I/Lw4Xa3VoVph7y7k1FoLa+0sJmpt976NqLWeaMv2Jj6bR7c3beaVuWo29F3v1ByY/3s2vk1lXpn9q8ZshkOB+8XD/synN1d1+/SPjRxHulZProl/xYVRof/IvqdhyJOMbS91S5e0fPDo8Z1Kp9O+bxdupizcq8dr5p5LqWVKWPDUX6Oj/qYFhQ8ij9XqDUpFhnruRHdo7x+5he1VVkgHT82ZUMZC82OxJ1IZCwXdo1Cq/kHPLfq+kIBQNDfvCvO/gXxly0327IefMU/PnZBFewzsHDvOgGqJ+qtu6a/fyuCWRmdw4+Zc/5+VzsSrfgY5LfpRnLMhyJr6Waapz7rB838AAAAAAAAAAAAAAAAAAIBZU8R/Jyi7jwAAAAAAAAAAAAAAAAAAAAAAzLr4/b/qvf9X473/d/gvf1fCN7ycyPt/X++L9/8C0/crAAD//zZmik0=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1a4243c, &(0x7f0000000840)=ANY=[@ANYBLOB="a83e7b3825cefd691cb5e897a4eb3d9a4b64d83e2fdbe0f411d3a5c01b9688807a6f83748ca7121a0b9e97f5b44756b46dc611e0f0c1b7681d22d6978cd3d3cd581728bfb1127ae810228d291cc3be601380a7e33989860123f8268cb4881fa8c684fd6e030d32f22781f71104cd6c5ea5c837f059496d3be7bee818bcfbf37689b3df5a0793b34633f5f986c40a07ef5357d13bf1c01ae25660189bd0aee76163c3", @ANYRES8, @ANYRES8, @ANYRESOCT, @ANYRESOCT=r0, @ANYRESOCT, @ANYRES64, @ANYRES32, @ANYRES32, @ANYBLOB="7a89fff3d0a91f0281d95c3a0254375b0cedb7c42de9274d323c661ee43d745216d350e93b11f299585c2988365b06ac6e75d4831f242216e02c457b15274deba199416da279d512ef4cae1165fa1813f6a06374d29bfd5d36e8ecba6897758469b2a911adf6fdfec1ff3fd3035d20689062aa726a1d8ad68bf180b8ef61d46ec9159f83063fb04c311447b183f6b5b5d642a3717630c08828d44114a19217b1603ceeeb731ae985e12158027671e2fb7ae4b443f18fe743d83d07c16c65442b758393869c7fee1a0fe8812826f30b6aba7415cb9f47c92b8515f545e4e8e901ccff5d0120a21f6c83b47cdb4120b8889e76f2dc69a3d746fa98efb8"], 0x1, 0x0, &(0x7f0000000000)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1a4243c, &(0x7f0000000440)=ANY=[@ANYRES16, @ANYRES8, @ANYRES8, @ANYRESOCT, @ANYRESOCT, @ANYRESOCT, @ANYRES64, @ANYRES32, @ANYRES8, @ANYRES8=0x0], 0x2, 0x0, &(0x7f0000000000)) 493.655534ms ago: executing program 4: r0 = socket$igmp(0x2, 0x3, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000000), 0x4) setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000080)={@local, @multicast2, 0x0, "36c9e27c2067e46c15c9215e88549f1858666924db638d09487e93c970f1f2b3"}, 0x3c) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = dup(0xffffffffffffffff) ioctl$KVM_HYPERV_EVENTFD(r2, 0x4018aebd, &(0x7f0000000140)={0x0, r3}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r3, 0x4040534e, &(0x7f0000000400)={0x0, @tick=0x80000001, 0x20, {0x81, 0x2}, 0x7f}) bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x5, 0x4, 0x8, 0x6}, 0x48) getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f00000001c0), 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="240000001e005f031400ff01000000f80700b3586ff606c2e553797c080008e467dc0000", 0x24) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x1c, r5, 0x5, 0x0, 0x0, {{0x16}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}}, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, 0x0, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r7, &(0x7f0000000b00)=[{{&(0x7f0000000680)={0x2, 0x4e20, @multicast2}, 0x10, 0x0}}], 0x1, 0xc044) 413.180842ms ago: executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000600)=0x8) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000080)={r3}, &(0x7f0000000100)=0x8) 311.744084ms ago: executing program 4: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x2000000058831, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) rt_sigprocmask(0x0, &(0x7f000078b000), 0x0, 0x8) mlock(&(0x7f00002cb000/0x2000)=nil, 0x2000) madvise(&(0x7f000012f000/0x2000)=nil, 0xf01200, 0x9) 224.208801ms ago: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2400) splice(r1, 0x0, r0, 0x0, 0x1, 0x0) 200.61882ms ago: executing program 3: openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "ff00f7000000000000000000af88008300"}) socket$kcm(0x10, 0x0, 0x10) syz_usb_connect(0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) unshare(0x0) sendmsg$AUDIT_ADD_RULE(0xffffffffffffffff, 0x0, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r2, &(0x7f0000000580)=ANY=[@ANYBLOB="390200000200000005ca000000000000000000000000040000000000000000000000000000000000000073000000000000001b00046e6f6465767b65766f6f7e05"], 0x239) unshare(0x4040400) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) syz_open_pts(r0, 0x143201) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000004850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) syz_emit_ethernet(0x3e, &(0x7f0000000200)={@link_local={0x1, 0x80, 0xc2, 0x3}, @dev, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x8, 0x11, 0x0, @private2, @mcast2, {[], {0x0, 0xe22, 0x8}}}}}}, 0x0) 185.216579ms ago: executing program 4: openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "ff00f7000000000000000000af88008300"}) socket$kcm(0x10, 0x0, 0x10) syz_usb_connect(0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) unshare(0x0) sendmsg$AUDIT_ADD_RULE(0xffffffffffffffff, 0x0, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r2, &(0x7f0000000580)=ANY=[@ANYBLOB="390200000200000005ca000000000000000000000000040000000000000000000000000000000000000073000000000000001b00046e6f6465767b65766f6f7e05"], 0x239) unshare(0x4040400) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) syz_open_pts(r0, 0x143201) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000004850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) syz_emit_ethernet(0x3e, &(0x7f0000000200)={@link_local={0x1, 0x80, 0xc2, 0x3}, @dev, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x8, 0x11, 0x0, @private2, @mcast2, {[], {0x0, 0xe22, 0x8}}}}}}, 0x0) 0s ago: executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x3c, 0x2, {{}, [@TCA_NETEM_RATE={0x14, 0x6, {0x0, 0x0, 0x1}}, @TCA_NETEM_RATE64={0xc}]}}}]}, 0x6c}}, 0x0) kernel console output (not intermixed with test programs): ing mode [ 84.293690][ T5774] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec118, mo2=0002] [ 84.315583][ T5774] System zones: 1-12 [ 84.351539][ T5774] EXT4-fs (loop3): 1 truncate cleaned up [ 84.409076][ T5774] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 84.739290][ T5788] loop4: detected capacity change from 0 to 256 [ 84.780786][ T5120] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.795596][ T5788] FAT-fs (loop4): bogus number of directory entries (4) [ 84.847499][ T5788] FAT-fs (loop4): Can't find a valid FAT filesystem [ 85.005043][ T5796] loop3: detected capacity change from 0 to 512 [ 85.032546][ T5796] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz-executor.3: bg 0: block 131: padding at end of block bitmap is not set [ 85.064299][ T5796] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 85.090223][ T5796] EXT4-fs (loop3): 1 truncate cleaned up [ 85.113126][ T5796] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.308472][ T5120] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size [ 85.348899][ T5120] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size [ 85.375631][ T5120] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size [ 85.397756][ T5125] Bluetooth: hci4: command 0x0405 tx timeout [ 85.407731][ T5120] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size [ 85.436406][ T5120] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size [ 85.478689][ T5120] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size [ 85.510291][ T5120] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size [ 85.525779][ T5120] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size [ 85.546067][ T5120] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size [ 85.639393][ T5120] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size [ 86.135716][ T5806] usb usb8: usbfs: interface 0 claimed by hub while 'syz-executor.4' sets config #1 [ 86.282525][ T5808] program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 86.738268][ T5804] loop1: detected capacity change from 0 to 32768 [ 86.846011][ T5804] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 86.967017][ T5804] XFS (loop1): Ending clean mount [ 86.979424][ T5804] XFS (loop1): Quotacheck needed: Please wait. [ 87.118495][ T5804] XFS (loop1): Quotacheck: Done. [ 87.210415][ T5829] loop4: detected capacity change from 0 to 512 [ 87.228688][ T5829] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 87.274164][ T5829] EXT4-fs (loop4): 1 truncate cleaned up [ 87.299735][ T5829] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 87.477820][ T5125] Bluetooth: hci4: command 0x0405 tx timeout [ 87.500424][ T5110] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.587614][ T5113] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 87.857379][ T5120] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.026180][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.216340][ T5838] loop1: detected capacity change from 0 to 64 [ 88.230730][ T5839] program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 88.277065][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.511804][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.734338][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.037864][ T5125] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 89.052092][ T5125] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 89.061198][ T5125] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 89.069501][ T5125] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 89.091029][ T11] bridge_slave_1: left allmulticast mode [ 89.097110][ T11] bridge_slave_1: left promiscuous mode [ 89.115146][ T5857] loop4: detected capacity change from 0 to 64 [ 89.123174][ T5125] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 89.132659][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.149149][ T5125] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 89.309815][ T11] bridge_slave_0: left allmulticast mode [ 89.315557][ T11] bridge_slave_0: left promiscuous mode [ 89.340050][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.444161][ T5863] program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 89.578393][ T5865] loop4: detected capacity change from 0 to 256 [ 89.595963][ T5865] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 89.631838][ T5865] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe622a5da, utbl_chksum : 0xe619d30d) [ 90.105891][ T5861] loop1: detected capacity change from 0 to 40427 [ 90.142850][ T5861] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(175702528) [ 90.155659][ T5861] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 90.204245][ T5861] F2FS-fs (loop1): invalid crc value [ 90.256030][ T5861] F2FS-fs (loop1): Found nat_bits in checkpoint [ 90.413756][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 90.422433][ T5861] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 90.430052][ T5861] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 90.446827][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 90.482788][ T11] bond0 (unregistering): Released all slaves [ 90.552698][ T5867] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 90.673340][ T5113] syz-executor.1: attempt to access beyond end of device [ 90.673340][ T5113] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 90.728520][ T5113] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 90.742651][ T5113] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 90.806635][ T5877] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 90.867122][ T5877] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 90.956859][ T5882] loop4: detected capacity change from 0 to 256 [ 91.019887][ T5163] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 91.050634][ T5882] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 91.237723][ T5127] Bluetooth: hci4: command tx timeout [ 91.529069][ T11] hsr_slave_0: left promiscuous mode [ 91.550454][ T11] hsr_slave_1: left promiscuous mode [ 91.558849][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 91.585835][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 91.615459][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 91.622787][ T29] audit: type=1326 audit(1717410302.306:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5896 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7150c7cee9 code=0x0 [ 91.629965][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 91.689603][ T5901] loop1: detected capacity change from 0 to 64 [ 91.701767][ T11] veth1_macvtap: left promiscuous mode [ 91.713110][ T11] veth0_macvtap: left promiscuous mode [ 91.725562][ T11] veth1_vlan: left promiscuous mode [ 91.735090][ T11] veth0_vlan: left promiscuous mode [ 91.930651][ T5904] loop0: detected capacity change from 0 to 1024 [ 91.945075][ T5904] EXT4-fs (loop0): unsupported inode size: 2048 [ 91.951761][ T5904] EXT4-fs (loop0): blocksize: 1024 [ 92.759409][ T5903] loop1: detected capacity change from 0 to 40427 [ 92.769373][ T5903] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(175702528) [ 92.791211][ T11] team0 (unregistering): Port device team_slave_1 removed [ 92.799737][ T5903] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 92.833951][ T5903] F2FS-fs (loop1): invalid crc value [ 92.856497][ T5906] loop2: detected capacity change from 0 to 40427 [ 92.875441][ T5903] F2FS-fs (loop1): Found nat_bits in checkpoint [ 92.883826][ T5906] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(175702528) [ 92.907553][ T5906] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 92.928049][ T11] team0 (unregistering): Port device team_slave_0 removed [ 92.955523][ T5906] F2FS-fs (loop2): invalid crc value [ 92.975642][ T5903] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 92.984760][ T5906] F2FS-fs (loop2): Found nat_bits in checkpoint [ 92.990876][ T5903] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 93.084331][ T5906] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 93.097962][ T5906] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 93.156276][ T5113] syz-executor.1: attempt to access beyond end of device [ 93.156276][ T5113] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 93.175525][ T5113] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 93.186566][ T5113] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 93.213387][ T5111] syz-executor.2: attempt to access beyond end of device [ 93.213387][ T5111] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 93.239987][ T5111] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 93.249191][ T5111] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 93.318559][ T5127] Bluetooth: hci4: command tx timeout [ 93.668844][ T5918] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 93.899087][ T5899] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap2 [ 93.939462][ T5922] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 94.004483][ T5854] chnl_net:caif_netlink_parms(): no params data found [ 94.181415][ T5931] loop2: detected capacity change from 0 to 2048 [ 94.204208][ T5931] /dev/loop2: Can't open blockdev [ 94.340244][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.347787][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.354972][ T5854] bridge_slave_0: entered allmulticast mode [ 94.390185][ T5854] bridge_slave_0: entered promiscuous mode [ 94.411371][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.429655][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.436938][ T5854] bridge_slave_1: entered allmulticast mode [ 94.465584][ T5949] syz-executor.0 (pid 5949) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 94.488987][ T5854] bridge_slave_1: entered promiscuous mode [ 94.544458][ T5951] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload [ 94.573732][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.611491][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.713295][ T5854] team0: Port device team_slave_0 added [ 94.751711][ T5854] team0: Port device team_slave_1 added [ 94.777200][ T5959] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 94.808921][ T5961] process 'syz-executor.2' launched './file0' with NULL argv: empty string added [ 94.875700][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.890930][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.957212][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.979137][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.986128][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.014997][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.184148][ T5854] hsr_slave_0: entered promiscuous mode [ 95.207276][ T5974] loop4: detected capacity change from 0 to 512 [ 95.214857][ T5854] hsr_slave_1: entered promiscuous mode [ 95.218915][ T5974] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 95.244597][ T5974] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #16: comm syz-executor.4: invalid indirect mapped block 83886080 (level 1) [ 95.268028][ T5974] EXT4-fs (loop4): Remounting filesystem read-only [ 95.277841][ T5974] EXT4-fs (loop4): 1 orphan inode deleted [ 95.284709][ T5974] EXT4-fs (loop4): 1 truncate cleaned up [ 95.293107][ T5974] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.397754][ T5127] Bluetooth: hci4: command tx timeout [ 95.462035][ T785] kernel write not supported for file 5981/task/5982/clear_refs (pid: 785 comm: kworker/0:2) [ 95.628808][ T5163] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 95.789085][ T5854] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 95.799567][ T5854] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 95.813199][ T5854] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 95.823643][ T5992] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload [ 95.835043][ T5163] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 95.850482][ T5854] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 95.863413][ T5163] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 95.910280][ T5163] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 95.945229][ T5163] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.957775][ T5163] usb 5-1: config 0 descriptor?? [ 96.059068][ T5997] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 96.076475][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.091264][ T5997] netlink: 112860 bytes leftover after parsing attributes in process `syz-executor.2'. [ 96.129128][ T5854] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.158350][ T5997] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 96.180749][ T5227] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.187930][ T5227] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.329645][ T6005] trusted_key: encrypted_key: master key parameter 'trusted:' is invalid [ 96.442073][ T5227] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.449265][ T5227] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.717571][ T6011] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 97.165838][ T5227] kernel write not supported for file 6016/task/6017/clear_refs (pid: 5227 comm: kworker/1:7) [ 97.249501][ T6021] loop0: detected capacity change from 0 to 2048 [ 97.321998][ T6025] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 97.409813][ T6021] syz-executor.0 (6021) used greatest stack depth: 18200 bytes left [ 97.481052][ T5127] Bluetooth: hci4: command tx timeout [ 97.574614][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.591588][ T6036] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 97.636424][ T6036] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 97.675129][ T6039] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 97.702572][ T6036] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 97.720049][ T5127] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 97.730056][ T5127] Bluetooth: hci3: Injecting HCI hardware error event [ 97.742668][ T5125] Bluetooth: hci3: hardware error 0x00 [ 97.775946][ T5854] veth0_vlan: entered promiscuous mode [ 97.824458][ T5854] veth1_vlan: entered promiscuous mode [ 97.854880][ T6043] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap2 [ 97.976999][ T5854] veth0_macvtap: entered promiscuous mode [ 98.007415][ T5854] veth1_macvtap: entered promiscuous mode [ 98.066016][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.089024][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.112283][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.124830][ T6053] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.0'. [ 98.143913][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.169770][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.282890][ T5165] usb 5-1: USB disconnect, device number 3 [ 98.297569][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.310675][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.322975][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.334723][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.346006][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.347907][ T5110] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.356617][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.391016][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.423514][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.440994][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.462743][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.474104][ T6057] loop2: detected capacity change from 0 to 2048 [ 98.479548][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.504691][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.526204][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.536862][ T6060] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 98.581429][ T5854] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.617619][ T5854] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.640732][ T5854] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.663605][ T5854] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.837715][ T6038] loop1: detected capacity change from 0 to 40427 [ 98.856693][ T6038] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 98.892355][ T6038] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 98.953578][ T6038] F2FS-fs (loop1): Found nat_bits in checkpoint [ 98.959026][ T2778] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.960872][ T6070] netlink: 14593 bytes leftover after parsing attributes in process `syz-executor.4'. [ 99.002533][ T2778] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.082211][ T2781] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.102482][ T2781] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.124644][ T6038] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 99.161112][ T6038] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 99.362907][ T6079] loop3: detected capacity change from 0 to 2048 [ 99.415307][ T6079] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.456880][ T6079] EXT4-fs error (device loop3): ext4_ext_precache:645: inode #2: comm syz-executor.3: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 99.504027][ T6079] EXT4-fs (loop3): Remounting filesystem read-only [ 99.602860][ T5854] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.798389][ T5125] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 99.972054][ T6092] loop2: detected capacity change from 0 to 1024 [ 100.015587][ T6094] loop0: detected capacity change from 0 to 64 [ 100.113153][ T6092] hfsplus: xattr searching failed [ 100.200798][ T6092] hfsplus: b-tree write err: -5, ino 3 [ 100.485329][ T6114] loop1: detected capacity change from 0 to 2048 [ 100.599485][ T6117] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 100.951324][ T6112] loop2: detected capacity change from 0 to 4096 [ 101.712343][ T29] audit: type=1800 audit(1717411592.390:121): pid=6112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=33 res=0 errno=0 [ 101.789245][ T29] audit: type=1800 audit(1717411592.420:122): pid=6123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=33 res=0 errno=0 [ 102.182117][ T5127] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 102.197806][ T5127] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 102.207241][ T5127] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 102.218443][ T5127] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 102.261624][ T5127] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 102.269441][ T5127] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 102.523944][ T6145] MTD: Couldn't look up 'memory.events': -15 [ 102.640247][ T6150] loop2: detected capacity change from 0 to 512 [ 102.677659][ T6153] loop0: detected capacity change from 0 to 512 [ 102.714230][ T6150] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 102.793182][ T6153] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.808450][ T6150] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2856: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 102.838545][ T6153] ext4 filesystem being mounted at /root/syzkaller-testdir2347730601/syzkaller.A6Lif3/58/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 102.841228][ T6150] EXT4-fs (loop2): 1 truncate cleaned up [ 102.861269][ T6150] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.900347][ T6135] chnl_net:caif_netlink_parms(): no params data found [ 103.064093][ T5111] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.194952][ T6135] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.203171][ T6174] dlm: no local IP address has been set [ 103.210796][ T6174] dlm: cannot start dlm midcomms -107 [ 103.227190][ T6135] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.248941][ T6135] bridge_slave_0: entered allmulticast mode [ 103.256513][ T6135] bridge_slave_0: entered promiscuous mode [ 103.303812][ T5112] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.324046][ T6135] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.358833][ T6135] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.366109][ T6135] bridge_slave_1: entered allmulticast mode [ 103.390577][ T6135] bridge_slave_1: entered promiscuous mode [ 103.564920][ T6135] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.615177][ T6135] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.805417][ T6135] team0: Port device team_slave_0 added [ 103.841718][ T6135] team0: Port device team_slave_1 added [ 103.850410][ T5161] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 104.019229][ T5125] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 104.031883][ T5125] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 104.041271][ T5125] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 104.056238][ T5125] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 104.057312][ T6135] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.077694][ T5161] usb 1-1: Using ep0 maxpacket: 8 [ 104.083821][ T5125] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 104.093324][ T5125] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 104.096947][ T6135] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.109525][ T5161] usb 1-1: New USB device found, idVendor=2639, idProduct=0002, bcdDevice=27.3c [ 104.136940][ T5161] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.148412][ T5161] usb 1-1: config 0 descriptor?? [ 104.150068][ T6190] loop1: detected capacity change from 0 to 1024 [ 104.203354][ T6135] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.231393][ T6190] hfsplus: xattr searching failed [ 104.306715][ T6135] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.311057][ T6190] hfsplus: b-tree write err: -5, ino 3 [ 104.313983][ T6135] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.346793][ T6135] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.367712][ T5127] Bluetooth: hci0: command tx timeout [ 104.395792][ T5161] usb 1-1: USB disconnect, device number 2 [ 104.444597][ T2873] hfsplus: b-tree write err: -5, ino 3 [ 104.506755][ T51] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.658068][ T51] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.907687][ T6207] loop2: detected capacity change from 0 to 2048 [ 105.162833][ T6207] Alternate GPT is invalid, using primary GPT. [ 105.170051][ T6207] loop2: p2 p3 p7 [ 105.765834][ T51] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.836579][ T6135] hsr_slave_0: entered promiscuous mode [ 105.849801][ T6135] hsr_slave_1: entered promiscuous mode [ 105.857229][ T6135] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 105.870500][ T6216] loop0: detected capacity change from 0 to 256 [ 105.878001][ T6135] Cannot create hsr debugfs directory [ 105.903437][ T6214] loop2: detected capacity change from 0 to 512 [ 105.928428][ T6214] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 105.947724][ T6214] EXT4-fs (loop2): blocks per group (71) and clusters per group (20800) inconsistent [ 105.962627][ T51] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.201271][ T5127] Bluetooth: hci4: command tx timeout [ 106.443861][ T5127] Bluetooth: hci0: command tx timeout [ 106.534987][ T6187] chnl_net:caif_netlink_parms(): no params data found [ 106.719552][ T6233] loop0: detected capacity change from 0 to 2048 [ 106.951113][ T6233] Alternate GPT is invalid, using primary GPT. [ 106.958075][ T6233] loop0: p2 p3 p7 [ 107.102198][ T51] bridge_slave_1: left allmulticast mode [ 107.179523][ T51] bridge_slave_1: left promiscuous mode [ 107.260312][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.490866][ T51] bridge_slave_0: left allmulticast mode [ 107.496605][ T51] bridge_slave_0: left promiscuous mode [ 107.502989][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.955778][ T6229] loop1: detected capacity change from 0 to 32768 [ 107.985336][ T6229] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (6229) [ 108.016473][ T6229] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 108.030377][ T6229] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 108.039362][ T6229] BTRFS info (device loop1): using free-space-tree [ 108.094384][ T6229] BTRFS info (device loop1): rebuilding free space tree [ 108.171296][ T5166] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 108.274328][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 108.283941][ T5127] Bluetooth: hci4: command tx timeout [ 108.312861][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 108.337132][ T51] bond0 (unregistering): Released all slaves [ 108.359325][ T5166] usb 3-1: Using ep0 maxpacket: 8 [ 108.368590][ T5166] usb 3-1: New USB device found, idVendor=2639, idProduct=0002, bcdDevice=27.3c [ 108.378102][ T5166] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.390838][ T5166] usb 3-1: config 0 descriptor?? [ 108.413337][ T6229] BTRFS info (device loop1 state M): max_inline set to 0 [ 108.518518][ T5127] Bluetooth: hci0: command tx timeout [ 108.558501][ T5113] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 108.677996][ T5165] usb 3-1: USB disconnect, device number 3 [ 108.718858][ T6135] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.890382][ T6260] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 108.906596][ T6261] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 108.909826][ T6264] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 108.938248][ T6264] netlink: 112860 bytes leftover after parsing attributes in process `syz-executor.1'. [ 108.979144][ T6264] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 108.981576][ T6135] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.157263][ T6135] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.187975][ T6187] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.207706][ T6187] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.232673][ T6187] bridge_slave_0: entered allmulticast mode [ 109.252027][ T6187] bridge_slave_0: entered promiscuous mode [ 109.413938][ T6135] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.457830][ T6187] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.465013][ T6187] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.490212][ T6187] bridge_slave_1: entered allmulticast mode [ 109.511329][ T6187] bridge_slave_1: entered promiscuous mode [ 109.587005][ T6187] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.625784][ T51] hsr_slave_0: left promiscuous mode [ 109.657730][ T51] hsr_slave_1: left promiscuous mode [ 109.670180][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 109.685132][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 109.710065][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 109.720059][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 109.781384][ T51] veth1_macvtap: left promiscuous mode [ 109.789955][ T51] veth0_macvtap: left promiscuous mode [ 109.795764][ T51] veth1_vlan: left promiscuous mode [ 109.801824][ T51] veth0_vlan: left promiscuous mode [ 110.083856][ T6292] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 110.094296][ T6292] netlink: 112860 bytes leftover after parsing attributes in process `syz-executor.2'. [ 110.113054][ T6292] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 110.358719][ T5127] Bluetooth: hci4: command tx timeout [ 110.598329][ T5127] Bluetooth: hci0: command tx timeout [ 110.659450][ T51] team0 (unregistering): Port device team_slave_1 removed [ 110.865755][ T6311] loop0: detected capacity change from 0 to 2048 [ 110.963052][ T6311] Alternate GPT is invalid, using primary GPT. [ 110.969948][ T6311] loop0: p2 p3 p7 [ 111.384165][ T51] team0 (unregistering): Port device team_slave_0 removed [ 111.643444][ T6313] loop2: detected capacity change from 0 to 512 [ 111.674586][ T6313] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 111.692833][ T6313] EXT4-fs (loop2): orphan cleanup on readonly fs [ 111.711683][ T6313] EXT4-fs warning (device loop2): ext4_enable_quotas:7078: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 111.747321][ T6313] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 111.783914][ T6313] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz-executor.2: bg 0: block 40: padding at end of block bitmap is not set [ 111.811521][ T6313] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 111.829531][ T6313] EXT4-fs (loop2): 1 truncate cleaned up [ 111.839077][ T6313] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 111.924010][ T5111] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.324821][ T6332] x_tables: eb_tables: nflog.0 target: invalid size 80 (kernel) != (user) 0 [ 112.417674][ T6187] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 112.437686][ T5127] Bluetooth: hci4: command tx timeout [ 112.530527][ T6322] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. [ 112.548302][ T6337] loop1: detected capacity change from 0 to 512 [ 112.592587][ T6337] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 112.601332][ T6337] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2 [ 112.606098][ T6341] loop2: detected capacity change from 0 to 512 [ 112.617814][ T6337] EXT4-fs (loop1): 1 truncate cleaned up [ 112.622850][ T6187] team0: Port device team_slave_0 added [ 112.625120][ T6337] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.662654][ T6337] EXT4-fs: group quota file already specified [ 112.689925][ T6341] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 112.703918][ T6187] team0: Port device team_slave_1 added [ 112.740684][ T6341] EXT4-fs (loop2): blocks per group (71) and clusters per group (20800) inconsistent [ 112.751417][ T5113] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.891738][ T6187] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.898916][ T6187] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.939391][ T6346] loop1: detected capacity change from 0 to 512 [ 112.943245][ T6187] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.969316][ T6346] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 112.971672][ T6135] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 112.988130][ T6135] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 113.005950][ T6346] EXT4-fs (loop1): orphan cleanup on readonly fs [ 113.015180][ T6135] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 113.022146][ T6346] EXT4-fs warning (device loop1): ext4_enable_quotas:7078: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 113.051815][ T6135] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 113.074745][ T6346] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 113.125977][ T6346] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz-executor.1: bg 0: block 40: padding at end of block bitmap is not set [ 113.156716][ T6187] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 113.175871][ T6187] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.211849][ T6346] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 113.224982][ T6346] EXT4-fs (loop1): 1 truncate cleaned up [ 113.234138][ T6187] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 113.242981][ T6346] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 113.405529][ T5113] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.425248][ T6187] hsr_slave_0: entered promiscuous mode [ 113.448746][ T6187] hsr_slave_1: entered promiscuous mode [ 113.491269][ T6354] loop0: detected capacity change from 0 to 2048 [ 113.526299][ T6354] /dev/loop0: Can't open blockdev [ 113.936282][ T6135] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.002006][ T6135] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.070958][ T5164] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.078182][ T5164] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.119398][ T5164] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.126563][ T5164] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.188159][ T6369] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 114.330378][ T6369] loop2: detected capacity change from 0 to 2048 [ 114.414220][ T6369] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 115.120573][ T6187] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 115.164791][ T2778] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm kworker/u8:6: bg 0: block 234: padding at end of block bitmap is not set [ 115.204485][ T6187] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 115.237389][ T2778] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2048 with error 117 [ 115.262397][ T2778] EXT4-fs (loop2): This should not happen!! Data will be lost [ 115.262397][ T2778] [ 115.263403][ T6187] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 115.305318][ T6187] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 115.454637][ T6381] loop0: detected capacity change from 0 to 2048 [ 116.368835][ T2778] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 2048 with error 28 [ 116.397060][ T2778] EXT4-fs (loop2): This should not happen!! Data will be lost [ 116.397060][ T2778] [ 116.398416][ T6135] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.422649][ T2778] EXT4-fs (loop2): Total free blocks count 0 [ 116.476578][ T2778] EXT4-fs (loop2): Free/Dirty block details [ 116.487556][ T2778] EXT4-fs (loop2): free_blocks=0 [ 116.492713][ T2778] EXT4-fs (loop2): dirty_blocks=5392 [ 116.504506][ T2778] EXT4-fs (loop2): Block reservation details [ 116.694292][ T6187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.745036][ T6187] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.820562][ T5162] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.827744][ T5162] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.892036][ T5165] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.899181][ T5165] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.956370][ T6187] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 117.017783][ T6187] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 117.358674][ T6135] veth0_vlan: entered promiscuous mode [ 117.390410][ T6135] veth1_vlan: entered promiscuous mode [ 117.432169][ T29] audit: type=1326 audit(1717411608.120:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6403 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efc54e7cee9 code=0x0 [ 117.496516][ T6187] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.529732][ T6135] veth0_macvtap: entered promiscuous mode [ 117.556201][ T6135] veth1_macvtap: entered promiscuous mode [ 117.564601][ T6406] loop1: detected capacity change from 0 to 256 [ 117.617985][ T785] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 117.623494][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 117.652231][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.662499][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 117.680437][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.694058][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 117.711682][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.724918][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 117.740130][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.756616][ T6135] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 117.772409][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 117.793239][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.805236][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 117.807620][ T785] usb 3-1: Using ep0 maxpacket: 8 [ 117.821068][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.829240][ T6393] loop0: detected capacity change from 0 to 32768 [ 117.834573][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 117.844125][ T785] usb 3-1: New USB device found, idVendor=2639, idProduct=0002, bcdDevice=27.3c [ 117.854105][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.857001][ T785] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.868313][ T6393] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (6393) [ 117.881879][ T785] usb 3-1: config 0 descriptor?? [ 117.900397][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 117.911120][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.923114][ T6135] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 117.930735][ T6393] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 117.941480][ T6393] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 117.950790][ T6135] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.951787][ T6393] BTRFS info (device loop0): using free-space-tree [ 117.968902][ T6135] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.983734][ T6135] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.993093][ T6135] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.050789][ T6187] veth0_vlan: entered promiscuous mode [ 118.093643][ T6187] veth1_vlan: entered promiscuous mode [ 118.124915][ T5162] usb 3-1: USB disconnect, device number 4 [ 118.158022][ T6393] BTRFS info (device loop0): rebuilding free space tree [ 118.213084][ T6187] veth0_macvtap: entered promiscuous mode [ 118.225812][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.251168][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.272121][ T6187] veth1_macvtap: entered promiscuous mode [ 118.343211][ T2873] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.375609][ T2873] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.379326][ T6187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.399801][ T6393] BTRFS info (device loop0 state M): max_inline set to 0 [ 118.407234][ T6187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.427560][ T6187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.444608][ T6187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.454554][ T6187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.465103][ T6187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.481613][ T6187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.495971][ T6187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.505942][ T6187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.522337][ T6187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.534377][ T6187] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 118.536785][ T5112] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 118.564486][ T6423] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 118.582006][ T6424] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 118.613827][ T6187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.646835][ T6187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.684280][ T6187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.699646][ T6187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.718683][ T6187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.736229][ T6187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.747663][ T6187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.765736][ T6187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.777669][ T6187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.788211][ T6187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.830525][ T6187] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 118.871449][ T6187] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.907016][ T6187] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.927533][ T6187] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.936285][ T6187] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.998067][ T6437] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 119.040367][ T6437] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 119.164712][ T29] audit: type=1326 audit(1717411609.850:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6440 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f195a27cee9 code=0x0 [ 119.254025][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.288776][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.289908][ T6444] loop4: detected capacity change from 0 to 256 [ 119.356228][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.395193][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.604815][ T6454] loop2: detected capacity change from 0 to 2048 [ 119.695576][ T6454] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 119.812799][ T29] audit: type=1804 audit(1717411610.490:125): pid=6454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2896365834/syzkaller.wlcMj1/103/file0/bus" dev="loop2" ino=18 res=1 errno=0 [ 119.914171][ T29] audit: type=1804 audit(1717411610.560:126): pid=6454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir2896365834/syzkaller.wlcMj1/103/file0/bus" dev="loop2" ino=18 res=1 errno=0 [ 119.996463][ T29] audit: type=1804 audit(1717411610.570:127): pid=6454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir2896365834/syzkaller.wlcMj1/103/file0/bus" dev="loop2" ino=18 res=1 errno=0 [ 120.074804][ T6470] loop1: detected capacity change from 0 to 2048 [ 120.088254][ T29] audit: type=1804 audit(1717411610.780:128): pid=6454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2896365834/syzkaller.wlcMj1/103/file0/bus" dev="loop2" ino=18 res=1 errno=0 [ 120.147416][ T29] audit: type=1804 audit(1717411610.780:129): pid=6454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2896365834/syzkaller.wlcMj1/103/file0/bus" dev="loop2" ino=18 res=1 errno=0 [ 120.153837][ T6470] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 120.249556][ T6472] loop3: detected capacity change from 0 to 8192 [ 120.301304][ T6477] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 120.358318][ T29] audit: type=1804 audit(1717411611.030:130): pid=6470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir1044833428/syzkaller.C5WFRw/104/file0/bus" dev="loop1" ino=18 res=1 errno=0 [ 120.419718][ T29] audit: type=1804 audit(1717411611.030:131): pid=6470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir1044833428/syzkaller.C5WFRw/104/file0/bus" dev="loop1" ino=18 res=1 errno=0 [ 120.468436][ T5111] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.537565][ T29] audit: type=1804 audit(1717411611.050:132): pid=6470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir1044833428/syzkaller.C5WFRw/104/file0/bus" dev="loop1" ino=18 res=1 errno=0 [ 120.580273][ T6451] loop0: detected capacity change from 0 to 32768 [ 120.589347][ T6451] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (6451) [ 120.609615][ T6451] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 120.620260][ T6451] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 120.629852][ T6451] BTRFS info (device loop0): using free-space-tree [ 120.806359][ T5113] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.888684][ T6451] loop0: detected capacity change from 32768 to 0 [ 120.905948][ T6506] syz-executor.0: attempt to access beyond end of device [ 120.905948][ T6506] loop0: rw=2051, sector=2048, nr_sectors = 8 limit=0 [ 120.931246][ T6506] syz-executor.0: attempt to access beyond end of device [ 120.931246][ T6506] loop0: rw=2051, sector=10240, nr_sectors = 24 limit=0 [ 120.979716][ T6506] syz-executor.0: attempt to access beyond end of device [ 120.979716][ T6506] loop0: rw=2051, sector=13440, nr_sectors = 3200 limit=0 [ 121.019364][ T6506] BTRFS warning (device loop0): failed to trim 3 block group(s), last error -5 [ 121.038500][ T6506] syz-executor.0: attempt to access beyond end of device [ 121.038500][ T6506] loop0: rw=2051, sector=16640, nr_sectors = 16128 limit=0 [ 121.091259][ T6506] BTRFS warning (device loop0): failed to trim 1 device(s), last error -5 [ 121.122428][ T6521] loop4: detected capacity change from 0 to 256 [ 121.132871][ T6521] FAT-fs (loop4): Unrecognized mount option "shortname=winnt" or missing value [ 121.143258][ T5112] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 121.366918][ T6524] loop4: detected capacity change from 0 to 64 [ 121.834013][ T6545] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 121.992423][ T6551] loop0: detected capacity change from 0 to 256 [ 122.035260][ T6551] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d) [ 122.072703][ T6551] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 122.562369][ T6579] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 124.021020][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 124.047851][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 124.056326][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 124.064883][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 124.207810][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 124.328362][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 124.380219][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 124.380236][ T29] audit: type=1800 audit(1717411615.070:137): pid=6605 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.0" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 124.500239][ T6610] loop4: detected capacity change from 0 to 2048 [ 124.529539][ T5167] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 124.557744][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 124.605075][ T6610] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 124.749565][ T5167] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 124.826039][ T29] audit: type=1804 audit(1717411615.510:138): pid=6610 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3224941327/syzkaller.LnIS98/22/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 124.852514][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 124.869792][ T5167] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 124.962155][ T5167] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 125.016393][ T5167] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.029986][ T29] audit: type=1804 audit(1717411615.510:139): pid=6610 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir3224941327/syzkaller.LnIS98/22/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 125.114152][ T5167] usb 2-1: config 0 descriptor?? [ 125.152714][ T29] audit: type=1804 audit(1717411615.510:140): pid=6610 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir3224941327/syzkaller.LnIS98/22/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 125.246955][ T29] audit: type=1804 audit(1717411615.650:141): pid=6623 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3224941327/syzkaller.LnIS98/22/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 125.324315][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 125.339556][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 125.372457][ T6135] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.372615][ T6614] loop3: detected capacity change from 0 to 8192 [ 125.394768][ T29] audit: type=1804 audit(1717411615.650:142): pid=6623 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3224941327/syzkaller.LnIS98/22/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 125.460182][ T29] audit: type=1800 audit(1717411615.750:143): pid=6612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor.3" name="/root/syzkaller-testdir2772605259/syzkaller.yGp06h/13/bus" dev="sda1" ino=1960 res=0 errno=0 [ 125.547697][ T6614] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 125.572691][ T5167] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 125.601788][ T5167] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 125.662332][ T5167] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 125.774079][ T5167] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 125.932675][ T6602] loop1: detected capacity change from 0 to 512 [ 126.027639][ T6602] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 126.093487][ T6602] EXT4-fs (loop1): 1 orphan inode deleted [ 126.101621][ T6602] EXT4-fs (loop1): 1 truncate cleaned up [ 126.109333][ T6602] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.159902][ T29] audit: type=1800 audit(1717411616.850:144): pid=6628 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.4" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 126.228459][ T6634] netlink: 180 bytes leftover after parsing attributes in process `syz-executor.0'. [ 126.240736][ T6634] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 126.592329][ T6652] warning: `syz-executor.2' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 126.712846][ T5163] usb 2-1: USB disconnect, device number 3 [ 126.795537][ T5113] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.823403][ T6661] netlink: 180 bytes leftover after parsing attributes in process `syz-executor.0'. [ 126.858219][ T6661] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 127.303860][ T29] audit: type=1800 audit(1717411617.990:145): pid=6665 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor.3" name="/root/syzkaller-testdir2772605259/syzkaller.yGp06h/16/bus" dev="sda1" ino=1960 res=0 errno=0 [ 127.546487][ T6672] loop3: detected capacity change from 0 to 8192 [ 127.620763][ T6672] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 128.280797][ T5125] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 128.302248][ T5125] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 128.316030][ T5125] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 128.363159][ T5125] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 128.383307][ T5125] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 128.391957][ T5125] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 128.433618][ T51] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.828007][ T51] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.828165][ T6674] loop1: detected capacity change from 0 to 32768 [ 128.900322][ T6674] Mount JFS Failure: -22 [ 128.907644][ T6674] jfs_mount failed w/return code = -22 [ 129.022453][ T51] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.360965][ T51] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.624352][ T5125] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 129.634972][ T5125] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 129.651901][ T5125] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 129.677123][ T5125] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 129.706419][ T5125] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 129.725545][ T5125] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 129.769465][ T6702] netlink: 180 bytes leftover after parsing attributes in process `syz-executor.2'. [ 129.806199][ T6702] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 129.867994][ T51] bridge_slave_1: left allmulticast mode [ 129.874810][ T51] bridge_slave_1: left promiscuous mode [ 129.894778][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.934127][ T51] bridge_slave_0: left allmulticast mode [ 129.947963][ T51] bridge_slave_0: left promiscuous mode [ 129.953774][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.983123][ T29] audit: type=1804 audit(1717411620.670:146): pid=6713 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2896365834/syzkaller.wlcMj1/121/file1" dev="sda1" ino=1953 res=1 errno=0 [ 130.012429][ T29] audit: type=1800 audit(1717411620.670:147): pid=6710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.1" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 130.517787][ T5127] Bluetooth: hci2: command tx timeout [ 130.886443][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 130.909459][ T6724] input: syz1 as /devices/virtual/input/input5 [ 130.924933][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 130.953717][ T51] bond0 (unregistering): Released all slaves [ 131.045527][ T6679] chnl_net:caif_netlink_parms(): no params data found [ 131.161698][ T6729] loop1: detected capacity change from 0 to 256 [ 131.231588][ T29] audit: type=1800 audit(1717411621.920:148): pid=6728 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.4" name="SYSV00000000" dev="hugetlbfs" ino=3 res=0 errno=0 [ 131.778311][ T5165] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 131.798131][ T5127] Bluetooth: hci4: command tx timeout [ 131.852037][ T29] audit: type=1800 audit(1717411622.540:149): pid=6748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor.2" name="/root/syzkaller-testdir2896365834/syzkaller.wlcMj1/126/bus" dev="sda1" ino=1948 res=0 errno=0 [ 131.982699][ T51] hsr_slave_0: left promiscuous mode [ 132.005808][ T6753] loop2: detected capacity change from 0 to 8192 [ 132.013327][ T51] hsr_slave_1: left promiscuous mode [ 132.024958][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 132.037711][ T5165] usb 2-1: Using ep0 maxpacket: 16 [ 132.039071][ T6753] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 132.054394][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 132.056377][ T5165] usb 2-1: config 0 has no interfaces? [ 132.068863][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 132.076330][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 132.095202][ T5165] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 132.111030][ T5165] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.123265][ T51] veth1_macvtap: left promiscuous mode [ 132.129238][ T51] veth0_macvtap: left promiscuous mode [ 132.135098][ T51] veth1_vlan: left promiscuous mode [ 132.143579][ T51] veth0_vlan: left promiscuous mode [ 132.144270][ T5165] usb 2-1: config 0 descriptor?? [ 132.600104][ T5127] Bluetooth: hci2: command tx timeout [ 132.709593][ T6759] loop4: detected capacity change from 0 to 32768 [ 132.725499][ T5162] usb 2-1: USB disconnect, device number 4 [ 132.813431][ T6759] XFS (loop4): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 132.892579][ T6759] XFS (loop4): Ending clean mount [ 132.933520][ T6759] XFS (loop4): Quotacheck needed: Please wait. [ 133.022246][ T6759] XFS (loop4): Quotacheck: Done. [ 133.139260][ T51] team0 (unregistering): Port device team_slave_1 removed [ 133.158280][ T6759] loop4: detected capacity change from 32768 to 0 [ 133.184682][ T6759] syz-executor.4: attempt to access beyond end of device [ 133.184682][ T6759] loop4: rw=432129, sector=160, nr_sectors = 16 limit=0 [ 133.209307][ T100] XFS (loop4): log I/O error -5 [ 133.213072][ T51] team0 (unregistering): Port device team_slave_0 removed [ 133.214564][ T100] XFS (loop4): Filesystem has been shut down due to log error (0x2). [ 133.231101][ T100] XFS (loop4): Please unmount the filesystem and rectify the problem(s). [ 133.252715][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.270641][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.348515][ T6135] XFS (loop4): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 133.371595][ T6772] loop1: detected capacity change from 0 to 256 [ 133.523403][ T29] audit: type=1326 audit(1717411624.210:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6773 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efc54e7cee9 code=0x0 [ 133.853006][ T6679] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.863473][ T6679] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.871802][ T6679] bridge_slave_0: entered allmulticast mode [ 133.881680][ T5127] Bluetooth: hci4: command tx timeout [ 133.895613][ T6679] bridge_slave_0: entered promiscuous mode [ 133.964150][ T6679] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.971812][ T6679] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.979426][ T6679] bridge_slave_1: entered allmulticast mode [ 133.986619][ T6679] bridge_slave_1: entered promiscuous mode [ 134.089753][ T6679] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 134.113648][ T6697] chnl_net:caif_netlink_parms(): no params data found [ 134.136887][ T6679] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 134.472210][ T6679] team0: Port device team_slave_0 added [ 134.571819][ T6679] team0: Port device team_slave_1 added [ 134.688487][ T5127] Bluetooth: hci2: command tx timeout [ 134.776965][ T5125] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 134.788943][ T5125] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 134.804917][ T5125] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 134.820815][ T6778] loop2: detected capacity change from 0 to 32768 [ 134.831828][ T6679] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 134.834554][ T5125] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 134.848205][ T6778] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (6778) [ 134.849697][ T6679] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 134.893566][ T5125] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 134.898877][ T6679] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 134.912193][ T6778] BTRFS info (device loop2): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 134.928949][ T5125] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 134.936703][ T6697] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.942885][ T6778] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 134.954461][ T6778] BTRFS info (device loop2): using free-space-tree [ 134.960164][ T6697] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.984468][ T6697] bridge_slave_0: entered allmulticast mode [ 134.996957][ T6697] bridge_slave_0: entered promiscuous mode [ 135.031334][ T6679] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 135.038479][ T6679] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 135.043130][ T6797] loop1: detected capacity change from 0 to 512 [ 135.064462][ T6679] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 135.101819][ T6797] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 135.116782][ T6797] UDF-fs: Scanning with blocksize 512 failed [ 135.126937][ T6797] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 135.137252][ T51] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.155552][ T6797] UDF-fs: Scanning with blocksize 1024 failed [ 135.164138][ T6797] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 135.171878][ T6697] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.181354][ T6697] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.191698][ T6697] bridge_slave_1: entered allmulticast mode [ 135.193477][ T6797] UDF-fs: Scanning with blocksize 2048 failed [ 135.199377][ T6697] bridge_slave_1: entered promiscuous mode [ 135.208520][ T6797] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 135.242365][ T6797] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 135.311334][ T51] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.315352][ T29] audit: type=1804 audit(1717411626.000:151): pid=6797 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir1044833428/syzkaller.C5WFRw/127/file0/bus" dev="loop1" ino=42 res=1 errno=0 [ 135.351163][ T6697] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 135.378446][ T6697] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 135.383424][ T29] audit: type=1800 audit(1717411626.060:152): pid=6797 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=42 res=0 errno=0 [ 135.446095][ T5111] BTRFS info (device loop2): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 135.475080][ T51] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.629926][ T6679] hsr_slave_0: entered promiscuous mode [ 135.650711][ T6679] hsr_slave_1: entered promiscuous mode [ 135.676603][ T6679] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 135.705422][ T6679] Cannot create hsr debugfs directory [ 135.814712][ T6697] team0: Port device team_slave_0 added [ 135.862133][ T51] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.958259][ T5125] Bluetooth: hci4: command tx timeout [ 135.976113][ T6697] team0: Port device team_slave_1 added [ 136.115659][ T6697] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 136.136094][ T6697] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 136.162856][ T5165] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 136.170630][ T6697] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 136.215624][ T6697] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 136.222792][ T6697] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 136.249102][ T6697] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 136.367990][ T5165] usb 3-1: Using ep0 maxpacket: 16 [ 136.384212][ T5165] usb 3-1: config 0 has no interfaces? [ 136.402522][ T5165] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 136.426178][ T5165] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.458895][ T5165] usb 3-1: config 0 descriptor?? [ 136.476985][ T29] audit: type=1800 audit(1717411627.160:153): pid=6815 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor.1" name="/root/syzkaller-testdir1044833428/syzkaller.C5WFRw/129/bus" dev="sda1" ino=1947 res=0 errno=0 [ 136.520561][ T6697] hsr_slave_0: entered promiscuous mode [ 136.536716][ T6697] hsr_slave_1: entered promiscuous mode [ 136.543587][ T6697] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 136.558008][ T6697] Cannot create hsr debugfs directory [ 136.564142][ T6818] loop1: detected capacity change from 0 to 8192 [ 136.583823][ T6818] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 136.757576][ T5125] Bluetooth: hci2: command tx timeout [ 136.923921][ T5163] usb 3-1: USB disconnect, device number 5 [ 136.928035][ T51] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.997872][ T5125] Bluetooth: hci0: command tx timeout [ 137.045539][ T51] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.145519][ T51] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.224145][ T6787] chnl_net:caif_netlink_parms(): no params data found [ 137.275440][ T51] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.464023][ T6787] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.476279][ T6787] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.489571][ T6787] bridge_slave_0: entered allmulticast mode [ 137.503335][ T6787] bridge_slave_0: entered promiscuous mode [ 137.533522][ T6787] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.552889][ T6787] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.572320][ T6787] bridge_slave_1: entered allmulticast mode [ 137.583815][ T6787] bridge_slave_1: entered promiscuous mode [ 137.589183][ T6833] loop2: detected capacity change from 0 to 256 [ 137.607650][ T5165] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 137.674683][ T51] bridge_slave_1: left allmulticast mode [ 137.680658][ T51] bridge_slave_1: left promiscuous mode [ 137.686533][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.704143][ T51] bridge_slave_0: left allmulticast mode [ 137.709997][ T51] bridge_slave_0: left promiscuous mode [ 137.715773][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.731577][ T51] bridge_slave_1: left allmulticast mode [ 137.737266][ T51] bridge_slave_1: left promiscuous mode [ 137.746764][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.765593][ T51] bridge_slave_0: left allmulticast mode [ 137.772300][ T51] bridge_slave_0: left promiscuous mode [ 137.785607][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.797956][ T5165] usb 2-1: Using ep0 maxpacket: 8 [ 137.807155][ T5165] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 137.819356][ T5165] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 137.828942][ T5165] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 137.837163][ T5165] usb 2-1: SerialNumber: syz [ 137.862635][ T5165] usb 2-1: bad CDC descriptors [ 138.037970][ T5125] Bluetooth: hci4: command tx timeout [ 138.069782][ T5166] usb 2-1: USB disconnect, device number 5 [ 138.642693][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 138.679112][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 138.718828][ T51] bond0 (unregistering): Released all slaves [ 139.047856][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 139.078189][ T5125] Bluetooth: hci0: command tx timeout [ 139.084507][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 139.112803][ T51] bond0 (unregistering): Released all slaves [ 139.185486][ T6787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 139.251095][ T6855] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 139.252175][ T6787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 139.422221][ T6787] team0: Port device team_slave_0 added [ 139.436463][ T6787] team0: Port device team_slave_1 added [ 139.488816][ T5167] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 139.500541][ T6787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 139.508008][ T6787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.535424][ T6787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 139.576579][ T6787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 139.583847][ T6787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.614748][ T6787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 139.691556][ T6787] hsr_slave_0: entered promiscuous mode [ 139.698576][ T6787] hsr_slave_1: entered promiscuous mode [ 139.704633][ T6787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 139.710148][ T5167] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 139.714451][ T6787] Cannot create hsr debugfs directory [ 139.732705][ T5167] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 139.766927][ T5167] usb 3-1: New USB device found, idVendor=056a, idProduct=006b, bcdDevice= 0.40 [ 139.778120][ T5167] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.793996][ T5167] usb 3-1: Product: 췑⍀䐡ꙺᧂ쑬㘠Ʀ㚗뚭ẉဍ챡鿹Ċ履儀彋ր婠掁幺媕蠅褜鋜묿⽱䕌ⶢ姞뗣난㺾コ큮䙫괇貒튈ﴩᄽ밉绁㴣⼍ [ 139.837828][ T5167] usb 3-1: SerialNumber: syz [ 139.868623][ T5167] usbhid 3-1:1.0: couldn't find an input interrupt endpoint [ 139.955296][ T6679] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 140.031235][ T51] hsr_slave_0: left promiscuous mode [ 140.046917][ T51] hsr_slave_1: left promiscuous mode [ 140.057346][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 140.072911][ T5167] usb 3-1: USB disconnect, device number 6 [ 140.079423][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 140.103286][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 140.113398][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 140.139660][ T51] hsr_slave_0: left promiscuous mode [ 140.146256][ T51] hsr_slave_1: left promiscuous mode [ 140.153074][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 140.160962][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 140.170026][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 140.177631][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 140.224863][ T51] veth1_macvtap: left promiscuous mode [ 140.230929][ T51] veth0_macvtap: left promiscuous mode [ 140.236963][ T51] veth1_vlan: left promiscuous mode [ 140.252148][ T51] veth0_vlan: left promiscuous mode [ 140.260385][ T51] veth1_macvtap: left promiscuous mode [ 140.265982][ T51] veth0_macvtap: left promiscuous mode [ 140.283913][ T51] veth1_vlan: left promiscuous mode [ 140.289522][ T51] veth0_vlan: left promiscuous mode [ 140.585338][ T6865] netlink: 'syz-executor.1': attribute type 9 has an invalid length. [ 140.624828][ T6865] netlink: 134780 bytes leftover after parsing attributes in process `syz-executor.1'. [ 140.731596][ T6867] Driver unsupported XDP return value 0 on prog (id 106) dev N/A, expect packet loss! [ 141.166892][ T5125] Bluetooth: hci0: command tx timeout [ 141.187604][ T5167] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 141.312927][ T51] team0 (unregistering): Port device team_slave_1 removed [ 141.382759][ T51] team0 (unregistering): Port device team_slave_0 removed [ 141.390003][ T5167] usb 2-1: Using ep0 maxpacket: 16 [ 141.391783][ T5167] usb 2-1: config 0 has no interfaces? [ 141.403393][ T5167] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 141.417103][ T5167] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.434780][ T5167] usb 2-1: config 0 descriptor?? [ 141.535735][ T6883] Bluetooth: MGMT ver 1.23 [ 141.542488][ T6883] Bluetooth: hci3: too big key_count value 28672 [ 141.927071][ T5166] usb 2-1: USB disconnect, device number 6 [ 142.057669][ T5165] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 142.269678][ T5165] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 142.290869][ T5165] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 142.327095][ T5165] usb 3-1: New USB device found, idVendor=056a, idProduct=006b, bcdDevice= 0.40 [ 142.337775][ T5165] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.345813][ T5165] usb 3-1: Product: 췑⍀䐡ꙺᧂ쑬㘠Ʀ㚗뚭ẉဍ챡鿹Ċ履儀彋ր婠掁幺媕蠅褜鋜묿⽱䕌ⶢ姞뗣난㺾コ큮䙫괇貒튈ﴩᄽ밉绁㴣⼍ [ 142.366453][ T5165] usb 3-1: SerialNumber: syz [ 142.391872][ T5165] usbhid 3-1:1.0: couldn't find an input interrupt endpoint [ 142.547370][ T51] team0 (unregistering): Port device team_slave_1 removed [ 142.671146][ T5162] usb 3-1: USB disconnect, device number 7 [ 142.748432][ T51] team0 (unregistering): Port device team_slave_0 removed [ 142.939207][ T5127] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 142.962587][ T5127] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 142.988880][ T5127] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 143.007375][ T5127] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 143.030100][ T5127] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 143.042516][ T5127] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 143.242927][ T5125] Bluetooth: hci0: command tx timeout [ 143.452643][ T6679] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 143.463950][ T6679] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 143.533440][ T6679] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 143.668691][ T6697] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 143.701350][ T6697] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 143.717277][ T6697] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 143.755814][ T6697] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 144.107212][ T6679] 8021q: adding VLAN 0 to HW filter on device bond0 [ 144.153146][ T6679] 8021q: adding VLAN 0 to HW filter on device team0 [ 144.227384][ T5162] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.234616][ T5162] bridge0: port 1(bridge_slave_0) entered forwarding state [ 144.251072][ T5162] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.258277][ T5162] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.286635][ T6891] chnl_net:caif_netlink_parms(): no params data found [ 144.366515][ T6697] 8021q: adding VLAN 0 to HW filter on device bond0 [ 144.462092][ T6787] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 144.474015][ T6787] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 144.539200][ T6787] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 144.555499][ T6787] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 144.633237][ T6891] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.650312][ T6891] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.659542][ T6891] bridge_slave_0: entered allmulticast mode [ 144.666494][ T6891] bridge_slave_0: entered promiscuous mode [ 144.675179][ T6891] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.682729][ T6891] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.690213][ T6891] bridge_slave_1: entered allmulticast mode [ 144.697963][ T6891] bridge_slave_1: entered promiscuous mode [ 144.734498][ T6891] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 144.766734][ T6891] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 144.796926][ T6697] 8021q: adding VLAN 0 to HW filter on device team0 [ 144.834332][ T6679] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 144.856218][ T6679] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 144.904654][ T5163] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.911863][ T5163] bridge0: port 1(bridge_slave_0) entered forwarding state [ 144.936662][ T5163] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.944254][ T5163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 145.064234][ T6891] team0: Port device team_slave_0 added [ 145.129775][ T6891] team0: Port device team_slave_1 added [ 145.161939][ T5125] Bluetooth: hci5: command tx timeout [ 145.220758][ T51] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.317191][ T6891] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 145.337696][ T6891] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 145.374289][ T6891] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 145.426715][ T51] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.446064][ T6928] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 145.468355][ T6891] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 145.475891][ T6891] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 145.513485][ T6891] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 145.608260][ T51] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.649761][ T6679] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 145.688324][ T6891] hsr_slave_0: entered promiscuous mode [ 145.694873][ T6891] hsr_slave_1: entered promiscuous mode [ 145.726614][ T51] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.793192][ T6697] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 145.944531][ T6787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 146.109992][ T51] bridge_slave_1: left allmulticast mode [ 146.115907][ T51] bridge_slave_1: left promiscuous mode [ 146.122457][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.134808][ T51] bridge_slave_0: left allmulticast mode [ 146.142210][ T51] bridge_slave_0: left promiscuous mode [ 146.152785][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.515543][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 146.532033][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 146.543922][ T51] bond0 (unregistering): Released all slaves [ 146.572753][ T6787] 8021q: adding VLAN 0 to HW filter on device team0 [ 146.590297][ T6679] veth0_vlan: entered promiscuous mode [ 146.663277][ T6697] veth0_vlan: entered promiscuous mode [ 146.684604][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.691779][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.741804][ T6679] veth1_vlan: entered promiscuous mode [ 146.780172][ T6697] veth1_vlan: entered promiscuous mode [ 146.811144][ T5163] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.818369][ T5163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 146.907349][ T29] audit: type=1804 audit(1717411637.590:154): pid=6946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2896365834/syzkaller.wlcMj1/157/.log" dev="sda1" ino=1942 res=1 errno=0 [ 146.909386][ T6946] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 147.040449][ T6948] loop2: detected capacity change from 0 to 128 [ 147.061332][ T6697] veth0_macvtap: entered promiscuous mode [ 147.095738][ T6697] veth1_macvtap: entered promiscuous mode [ 147.139700][ T51] hsr_slave_0: left promiscuous mode [ 147.145964][ T51] hsr_slave_1: left promiscuous mode [ 147.153166][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 147.162384][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 147.171027][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 147.179566][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 147.209261][ T51] veth1_macvtap: left promiscuous mode [ 147.214798][ T51] veth0_macvtap: left promiscuous mode [ 147.221405][ T51] veth1_vlan: left promiscuous mode [ 147.226730][ T51] veth0_vlan: left promiscuous mode [ 147.238339][ T5125] Bluetooth: hci5: command tx timeout [ 147.308283][ T6952] loop2: detected capacity change from 0 to 128 [ 147.387333][ T6952] syz-executor.2: attempt to access beyond end of device [ 147.387333][ T6952] loop2: rw=2049, sector=129, nr_sectors = 9 limit=128 [ 147.666340][ T6960] loop2: detected capacity change from 0 to 1024 [ 147.716611][ T6960] hfsplus: filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. leaving read-only. [ 147.904773][ T51] team0 (unregistering): Port device team_slave_1 removed [ 147.953208][ T51] team0 (unregistering): Port device team_slave_0 removed [ 148.415123][ T6697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 148.434128][ T6697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.459951][ T6697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 148.471688][ T6697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.486035][ T6697] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 148.514589][ T6697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 148.526086][ T6697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.536309][ T6697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 148.547111][ T6697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.566267][ T6697] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 148.579412][ T6679] veth0_macvtap: entered promiscuous mode [ 148.622418][ T6697] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.647647][ T6697] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.656383][ T6697] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.679209][ T6697] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.701760][ T6966] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.2'. [ 148.743028][ T6679] veth1_macvtap: entered promiscuous mode [ 148.830133][ T6891] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 148.896066][ T6891] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 148.959077][ T6891] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 148.971081][ T6891] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 148.992423][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.017553][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.027399][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.037956][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.057634][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.068296][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.081340][ T6679] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 149.130870][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.143393][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.153284][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.166409][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.182893][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.195014][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.213545][ T6679] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 149.235039][ T6787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 149.267160][ T6679] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.297606][ T6679] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.306362][ T6679] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.326274][ T5125] Bluetooth: hci5: command tx timeout [ 149.340470][ T6679] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.401507][ T2791] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 149.417908][ T2791] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 149.540418][ T2791] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 149.570026][ T2791] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 149.728361][ T2873] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 149.736202][ T2873] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 149.915643][ T2873] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 149.924208][ T2873] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 149.955571][ T6891] 8021q: adding VLAN 0 to HW filter on device bond0 [ 150.046420][ T6891] 8021q: adding VLAN 0 to HW filter on device team0 [ 150.068000][ T6787] veth0_vlan: entered promiscuous mode [ 150.089829][ T5164] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.097000][ T5164] bridge0: port 1(bridge_slave_0) entered forwarding state [ 150.141581][ T6787] veth1_vlan: entered promiscuous mode [ 150.181044][ T5164] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.188265][ T5164] bridge0: port 2(bridge_slave_1) entered forwarding state [ 150.226661][ T6992] loop2: detected capacity change from 0 to 1024 [ 150.234188][ T6994] loop0: detected capacity change from 0 to 1024 [ 150.299253][ T6994] hfsplus: filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. leaving read-only. [ 150.405713][ T6787] veth0_macvtap: entered promiscuous mode [ 150.462665][ T6787] veth1_macvtap: entered promiscuous mode [ 150.593743][ T6787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.627952][ T6787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.666022][ T6787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.689941][ T6787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.707226][ T6787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.723783][ T6787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.749136][ T6787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.767308][ T6787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.801302][ T6787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 150.839398][ T6787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 150.882462][ T6787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.912010][ T6787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 150.937586][ T6787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.959628][ T6787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 150.971567][ T6787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.985567][ T6787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 150.996238][ T6787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.038665][ T6787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 151.066691][ T7011] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'. [ 151.085478][ T6787] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.105510][ T6787] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.133285][ T6787] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.160069][ T6787] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.323891][ T6891] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 151.397973][ T5125] Bluetooth: hci5: command tx timeout [ 151.418993][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 151.426843][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 151.561448][ T2778] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 151.586861][ T2778] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 151.728311][ T6891] veth0_vlan: entered promiscuous mode [ 151.764688][ T6891] veth1_vlan: entered promiscuous mode [ 151.942110][ T6891] veth0_macvtap: entered promiscuous mode [ 151.956702][ T7013] loop3: detected capacity change from 0 to 40427 [ 151.982346][ T6891] veth1_macvtap: entered promiscuous mode [ 152.026187][ T7013] F2FS-fs (loop3): Found nat_bits in checkpoint [ 152.046153][ T6891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 152.068143][ T6891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.098923][ T6891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 152.127764][ T6891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.164672][ T6891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 152.201956][ T7013] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 152.203163][ T6891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.257891][ T6891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 152.278402][ T6891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.301095][ T6891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 152.314502][ T6891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.340570][ T6891] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 152.354110][ T6697] syz-executor.3: attempt to access beyond end of device [ 152.354110][ T6697] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 152.384332][ T6891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 152.403097][ T6697] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 152.432625][ T6891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.457659][ T6891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 152.477529][ T6891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.480611][ T7025] loop2: detected capacity change from 0 to 32768 [ 152.499857][ T6891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 152.510429][ T7025] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (7025) [ 152.531020][ T7025] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 152.541588][ T7025] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 152.550564][ T7025] BTRFS info (device loop2): using free-space-tree [ 152.550664][ T6891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.576212][ T6891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 152.613503][ T6891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.624904][ T6891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 152.644056][ T6891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.656032][ T6891] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 152.702176][ T29] audit: type=1326 audit(1717411643.390:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7038 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0dcc7cee9 code=0x7fc00000 [ 152.740065][ T7025] BTRFS info (device loop2): rebuilding free space tree [ 152.744157][ T6891] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.769659][ T6891] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.780520][ T6891] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.790660][ T6891] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.947686][ T29] audit: type=1804 audit(1717411643.620:156): pid=7058 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2896365834/syzkaller.wlcMj1/174/bus/bus" dev="loop2" ino=263 res=1 errno=0 [ 153.098943][ T2873] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 153.118930][ T2873] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 153.157118][ T5111] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 153.174500][ T2778] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 153.184924][ T2778] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 153.277178][ T29] audit: type=1326 audit(1717411643.960:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7038 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc0dcc7cee9 code=0x7fc00000 [ 153.492053][ T29] audit: type=1326 audit(1717411644.180:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7066 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b0847cee9 code=0x7ffc0000 [ 153.571130][ T29] audit: type=1326 audit(1717411644.210:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7066 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b0847cee9 code=0x7ffc0000 [ 153.661742][ T7064] loop4: detected capacity change from 0 to 512 [ 153.664371][ T29] audit: type=1326 audit(1717411644.230:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7066 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f1b0847cee9 code=0x7ffc0000 [ 153.741401][ T7064] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 153.762106][ T29] audit: type=1326 audit(1717411644.230:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7066 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b0847cee9 code=0x7ffc0000 [ 153.769428][ T7064] EXT4-fs (loop4): warning: maximal mount count reached, running e2fsck is recommended [ 153.822940][ T7064] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz-executor.4: inode #15: comm syz-executor.4: iget: illegal inode # [ 153.836689][ T29] audit: type=1326 audit(1717411644.230:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7066 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b0847cee9 code=0x7ffc0000 [ 153.860154][ T29] audit: type=1326 audit(1717411644.250:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7066 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f1b0847cee9 code=0x7ffc0000 [ 153.867615][ T7064] EXT4-fs (loop4): Remounting filesystem read-only [ 153.883861][ T29] audit: type=1326 audit(1717411644.250:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7066 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b0847cee9 code=0x7ffc0000 [ 153.964892][ T7064] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 154.172320][ T6787] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.680568][ T7100] netlink: get zone limit has 8 unknown bytes [ 155.794785][ T7116] loop2: detected capacity change from 0 to 1024 [ 155.819689][ T7115] loop4: detected capacity change from 0 to 512 [ 155.830710][ T7115] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 155.863380][ T7115] EXT4-fs (loop4): warning: maximal mount count reached, running e2fsck is recommended [ 155.884516][ T7116] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 155.899192][ T7116] ext4 filesystem being mounted at /root/syzkaller-testdir2896365834/syzkaller.wlcMj1/176/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 155.923983][ T7115] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz-executor.4: inode #15: comm syz-executor.4: iget: illegal inode # [ 155.949900][ T7115] EXT4-fs (loop4): Remounting filesystem read-only [ 155.976939][ T7115] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 156.081865][ T5111] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.186422][ T6787] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.569811][ T7138] netlink: get zone limit has 8 unknown bytes [ 156.600460][ T7140] PKCS7: Unknown OID: [5] (bad) [ 156.621452][ T7140] PKCS7: Only support pkcs7_signedData type [ 157.509953][ T7145] loop4: detected capacity change from 0 to 128 [ 157.533705][ T7145] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 157.605290][ T7145] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 157.833476][ T7155] loop1: detected capacity change from 0 to 512 [ 157.858080][ T7155] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 157.886269][ T7161] loop0: detected capacity change from 0 to 1024 [ 157.918671][ T7155] EXT4-fs (loop1): warning: maximal mount count reached, running e2fsck is recommended [ 157.953150][ T7155] EXT4-fs error (device loop1): ext4_orphan_get:1394: comm syz-executor.1: inode #15: comm syz-executor.1: iget: illegal inode # [ 158.031771][ T7155] EXT4-fs (loop1): Remounting filesystem read-only [ 158.071710][ T7155] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 158.088564][ T7171] loop2: detected capacity change from 0 to 1024 [ 158.166031][ T7171] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 158.179638][ T7171] ext4 filesystem being mounted at /root/syzkaller-testdir2896365834/syzkaller.wlcMj1/181/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 158.282935][ T29] kauditd_printk_skb: 44 callbacks suppressed [ 158.282954][ T29] audit: type=1804 audit(1717411648.970:209): pid=7181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir4224567273/syzkaller.MoJc2i/12/bus" dev="sda1" ino=1962 res=1 errno=0 [ 158.315746][ T6891] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.347519][ T29] audit: type=1804 audit(1717411649.020:210): pid=7181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir4224567273/syzkaller.MoJc2i/12/bus" dev="sda1" ino=1962 res=1 errno=0 [ 158.387688][ T7183] PKCS7: Unknown OID: [5] (bad) [ 158.392597][ T7183] PKCS7: Only support pkcs7_signedData type [ 158.395126][ T5111] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.414105][ T29] audit: type=1804 audit(1717411649.020:211): pid=7179 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir2247612238/syzkaller.rluzLD/11/bus" dev="sda1" ino=1951 res=1 errno=0 [ 158.461937][ T29] audit: type=1804 audit(1717411649.020:212): pid=7179 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir2247612238/syzkaller.rluzLD/11/bus" dev="sda1" ino=1951 res=1 errno=0 [ 158.768612][ T7196] loop0: detected capacity change from 0 to 512 [ 158.822832][ T7196] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 158.858844][ T7196] ext4 filesystem being mounted at /root/syzkaller-testdir1601661424/syzkaller.dQ3bEI/20/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 159.048391][ T5227] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 159.126245][ T7209] loop3: detected capacity change from 0 to 256 [ 159.216750][ T7209] FAT-fs (loop3): Directory bread(block 64) failed [ 159.229368][ T7209] FAT-fs (loop3): Directory bread(block 65) failed [ 159.238273][ T7209] FAT-fs (loop3): Directory bread(block 66) failed [ 159.245502][ T7209] FAT-fs (loop3): Directory bread(block 67) failed [ 159.255131][ T7209] FAT-fs (loop3): Directory bread(block 68) failed [ 159.262708][ T7209] FAT-fs (loop3): Directory bread(block 69) failed [ 159.265028][ T7211] loop4: detected capacity change from 0 to 512 [ 159.276169][ T7209] FAT-fs (loop3): Directory bread(block 70) failed [ 159.283356][ T7209] FAT-fs (loop3): Directory bread(block 71) failed [ 159.289604][ T5227] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 159.299757][ T7209] FAT-fs (loop3): Directory bread(block 72) failed [ 159.312643][ T5227] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 159.320348][ T7209] FAT-fs (loop3): Directory bread(block 73) failed [ 159.337749][ T5227] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 159.346914][ T5227] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.389546][ T5227] usb 3-1: config 0 descriptor?? [ 159.402979][ T7211] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 159.416099][ T7211] ext4 filesystem being mounted at /root/syzkaller-testdir2247612238/syzkaller.rluzLD/15/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 159.629293][ T5227] usbhid 3-1:0.0: can't add hid device: -71 [ 159.635392][ T5227] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 159.667992][ T5227] usb 3-1: USB disconnect, device number 8 [ 159.706652][ T7217] loop1: detected capacity change from 0 to 256 [ 159.779909][ T6787] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.930903][ T7219] loop3: detected capacity change from 0 to 2048 [ 159.979025][ T7219] loop3: p1 < > p3 [ 159.995722][ T7219] loop3: p3 size 134217728 extends beyond EOD, truncated [ 160.036712][ T7219] vxfs: unable to read disk superblock at 1 [ 160.057298][ T6679] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.068665][ T7219] vxfs: unable to read disk superblock at 8 [ 160.074853][ T7219] vxfs: can't find superblock. [ 160.200671][ T29] audit: type=1804 audit(1717411650.890:213): pid=7227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir3321909430/syzkaller.9ymrYa/18/bus" dev="sda1" ino=1948 res=1 errno=0 [ 160.260815][ T29] audit: type=1804 audit(1717411650.890:214): pid=7227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir3321909430/syzkaller.9ymrYa/18/bus" dev="sda1" ino=1948 res=1 errno=0 [ 160.488093][ T7240] loop0: detected capacity change from 0 to 256 [ 160.596564][ T7240] FAT-fs (loop0): Directory bread(block 64) failed [ 160.624842][ T7240] FAT-fs (loop0): Directory bread(block 65) failed [ 160.653323][ T7240] FAT-fs (loop0): Directory bread(block 66) failed [ 160.666758][ T7240] FAT-fs (loop0): Directory bread(block 67) failed [ 160.701839][ T7240] FAT-fs (loop0): Directory bread(block 68) failed [ 160.722740][ T7249] loop3: detected capacity change from 0 to 256 [ 160.729648][ T7240] FAT-fs (loop0): Directory bread(block 69) failed [ 160.736302][ T7240] FAT-fs (loop0): Directory bread(block 70) failed [ 160.752381][ T7240] FAT-fs (loop0): Directory bread(block 71) failed [ 160.771763][ T7240] FAT-fs (loop0): Directory bread(block 72) failed [ 160.790391][ T7240] FAT-fs (loop0): Directory bread(block 73) failed [ 160.939776][ T5163] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 161.004329][ T7223] loop4: detected capacity change from 0 to 32768 [ 161.074188][ T7223] ERROR: (device loop4): dtReadFirst: btstack overrun [ 161.074188][ T7223] [ 161.123480][ T7223] ERROR: (device loop4): remounting filesystem as read-only [ 161.144060][ T5163] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 161.149105][ T7223] btstack dump: [ 161.171645][ T7255] loop3: detected capacity change from 0 to 2048 [ 161.171682][ T5163] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 161.182825][ T7223] bn = 0, index = 0 [ 161.216938][ T7223] bn = 0, index = 0 [ 161.224978][ T7257] loop0: detected capacity change from 0 to 512 [ 161.231521][ T7223] bn = 0, index = 0 [ 161.231541][ T7223] bn = 0, index = 0 [ 161.231552][ T7223] bn = 0, index = 0 [ 161.231562][ T7223] bn = 0, index = 0 [ 161.231572][ T7223] bn = 0, index = 0 [ 161.231582][ T7223] bn = 0, index = 0 [ 161.234869][ T7259] ERROR: (device loop4): dtSearch: stack overrun! [ 161.234869][ T7259] [ 161.237835][ T5163] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 161.247663][ T7259] btstack dump: [ 161.267636][ T5163] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.292660][ T7255] loop3: p1 < > p3 [ 161.304554][ T7255] loop3: p3 size 134217728 extends beyond EOD, truncated [ 161.331607][ T5163] usb 3-1: config 0 descriptor?? [ 161.338880][ T7255] vxfs: unable to read disk superblock at 1 [ 161.351656][ T7259] bn = 0, index = 4 [ 161.357278][ T7255] vxfs: unable to read disk superblock at 8 [ 161.358891][ T7257] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 161.363765][ T7259] bn = 0, index = 4 [ 161.380145][ T7255] vxfs: can't find superblock. [ 161.389245][ T7259] bn = 0, index = 4 [ 161.395709][ T7259] bn = 0, index = 4 [ 161.406777][ T7257] ext4 filesystem being mounted at /root/syzkaller-testdir1601661424/syzkaller.dQ3bEI/23/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 161.438469][ T7259] bn = 0, index = 4 [ 161.443928][ T7259] bn = 0, index = 4 [ 161.492965][ T7259] bn = 0, index = 4 [ 161.497078][ T7259] bn = 0, index = 0 [ 161.508777][ T7259] jfs_lookup: dtSearch returned -5 [ 161.597187][ T5163] usbhid 3-1:0.0: can't add hid device: -71 [ 161.621105][ T5163] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 161.636505][ T5163] usb 3-1: USB disconnect, device number 9 [ 161.903852][ T29] audit: type=1804 audit(1717411652.590:215): pid=7275 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir4224567273/syzkaller.MoJc2i/23/bus" dev="sda1" ino=1956 res=1 errno=0 [ 161.987658][ T29] audit: type=1804 audit(1717411652.620:216): pid=7275 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir4224567273/syzkaller.MoJc2i/23/bus" dev="sda1" ino=1956 res=1 errno=0 [ 162.794838][ T6679] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.954321][ T7287] loop4: detected capacity change from 0 to 32768 [ 162.963975][ T7287] btrfs: Deprecated parameter 'usebackuproot' [ 162.978065][ T5162] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 162.980503][ T7287] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 162.995998][ T7287] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (7287) [ 163.040100][ T7287] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 163.040197][ T7302] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 163.055722][ T7287] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 163.103813][ T7304] loop3: detected capacity change from 0 to 512 [ 163.154268][ T7304] EXT4-fs: Ignoring removed mblk_io_submit option [ 163.165263][ T7311] ALSA: mixer_oss: invalid OSS volume '#!' [ 163.169145][ T7304] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 163.171673][ T7311] ALSA: mixer_oss: invalid OSS volume '' [ 163.186853][ T7311] ALSA: mixer_oss: invalid OSS volume '4i*_' [ 163.193840][ T7311] ALSA: mixer_oss: invalid OSS volume '圌GN6sm$Uh~K' [ 163.194903][ T5162] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 163.202342][ T7311] ALSA: mixer_oss: invalid OSS volume 'd' [ 163.202366][ T7311] ALSA: mixer_oss: invalid OSS volume 'o1C|=adhdԛw' [ 163.244886][ T7304] EXT4-fs (loop3): 1 truncate cleaned up [ 163.254648][ T7287] BTRFS info (device loop4): rebuilding free space tree [ 163.258823][ T7304] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 163.296039][ T7287] BTRFS info (device loop4): disabling free space tree [ 163.303489][ T5162] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.312190][ T7287] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 163.331758][ T7287] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 163.344750][ T5162] usb 3-1: config 0 descriptor?? [ 163.353274][ T5162] cp210x 3-1:0.0: cp210x converter detected [ 163.364284][ T6697] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.618414][ T5227] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 163.737986][ T6787] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 163.780128][ T5162] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 163.844159][ T5227] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 163.874820][ T5227] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 163.886610][ T5162] usb 3-1: cp210x converter now attached to ttyUSB0 [ 163.918828][ T5227] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 163.930911][ T7335] Bluetooth: MGMT ver 1.23 [ 163.943597][ T5227] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.962350][ T5227] usb 2-1: config 0 descriptor?? [ 164.090839][ T5162] usb 3-1: USB disconnect, device number 10 [ 164.122629][ T5162] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 164.191338][ T5162] cp210x 3-1:0.0: device disconnected [ 164.205274][ T7344] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 164.236489][ T5227] usbhid 2-1:0.0: can't add hid device: -71 [ 164.248006][ T5227] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 164.259030][ T5227] usb 2-1: USB disconnect, device number 7 [ 165.337129][ T7357] loop4: detected capacity change from 0 to 512 [ 165.353042][ T7357] EXT4-fs: Ignoring removed mblk_io_submit option [ 165.372792][ T7357] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 165.406455][ T7357] EXT4-fs (loop4): 1 truncate cleaned up [ 165.415171][ T7357] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 165.560748][ T6787] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.681702][ T7371] loop0: detected capacity change from 0 to 512 [ 165.750706][ T7371] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e01c, mo2=0002] [ 165.781933][ T7371] System zones: 1-12 [ 165.811653][ T7371] EXT4-fs error (device loop0): ext4_orphan_get:1394: inode #11: comm syz-executor.0: iget: bogus i_mode (0) [ 166.445749][ T7371] EXT4-fs error (device loop0): ext4_orphan_get:1399: comm syz-executor.0: couldn't read orphan inode 11 (err -117) [ 166.678884][ T7371] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 166.719867][ T7375] loop4: detected capacity change from 0 to 256 [ 166.893600][ T7371] input: syz0 as /devices/virtual/input/input6 [ 167.074281][ T6679] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.127612][ T7367] loop3: detected capacity change from 0 to 32768 [ 167.136849][ T7367] btrfs: Deprecated parameter 'usebackuproot' [ 167.143170][ T7367] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 167.155193][ T7367] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (7367) [ 167.190191][ T7402] loop0: detected capacity change from 0 to 64 [ 167.218779][ T7367] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 167.242762][ T7367] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 167.325647][ T7367] BTRFS info (device loop3): rebuilding free space tree [ 167.346282][ T7367] BTRFS info (device loop3): disabling free space tree [ 167.354196][ T7367] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 167.357665][ T50] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 167.374981][ T7367] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 167.549302][ T6697] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 194.687237][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 272.807453][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 272.807479][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P7425/1:b..l [ 272.807514][ C1] rcu: (detected by 1, t=10502 jiffies, g=24345, q=664 ncpus=2) [ 272.807536][ C1] task:syz-executor.0 state:R running task stack:24672 pid:7425 tgid:7425 ppid:6679 flags:0x00000002 [ 272.807581][ C1] Call Trace: [ 272.807591][ C1] [ 272.807604][ C1] __schedule+0x17e8/0x4a20 [ 272.807656][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 272.807684][ C1] ? __pfx___schedule+0x10/0x10 [ 272.807719][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 272.807748][ C1] ? _raw_spin_unlock_irq+0x2e/0x50 [ 272.807781][ C1] ? preempt_schedule_irq+0xf0/0x1c0 [ 272.807805][ C1] preempt_schedule_irq+0xfb/0x1c0 [ 272.807826][ C1] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 272.807862][ C1] irqentry_exit+0x5e/0x90 [ 272.807881][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 272.807913][ C1] RIP: 0010:lock_acquire+0x264/0x550 [ 272.807944][ C1] Code: 2b 00 74 08 4c 89 f7 e8 7a f1 89 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25 [ 272.807966][ C1] RSP: 0018:ffffc90013c37d60 EFLAGS: 00000206 [ 272.807984][ C1] RAX: 0000000000000001 RBX: 1ffff92002786fb8 RCX: 03512c3acc8adc00 [ 272.807999][ C1] RDX: dffffc0000000000 RSI: ffffffff8bcacfc0 RDI: ffffffff8c200dc0 [ 272.808016][ C1] RBP: ffffc90013c37eb8 R08: ffffffff92fc36c7 R09: 1ffffffff25f86d8 [ 272.808032][ C1] R10: dffffc0000000000 R11: fffffbfff25f86d9 R12: 1ffff92002786fb4 [ 272.808048][ C1] R13: dffffc0000000000 R14: ffffc90013c37dc0 R15: 0000000000000246 [ 272.808091][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 272.808113][ C1] ? arch_do_signal_or_restart+0x51f/0x860 [ 272.808151][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 272.808179][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 272.808206][ C1] ? __task_pid_nr_ns+0x28/0x450 [ 272.808229][ C1] __task_pid_nr_ns+0x45/0x450 [ 272.808242][ C1] ? __task_pid_nr_ns+0x28/0x450 [ 272.808257][ C1] __do_sys_getpid+0x1e/0x30 [ 272.808268][ C1] do_syscall_64+0xf3/0x230 [ 272.808282][ C1] ? clear_bhb_loop+0x35/0x90 [ 272.808297][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.808311][ C1] RIP: 0033:0x7fc0dcc7a667 [ 272.808331][ C1] RSP: 002b:00007ffcf32b5e88 EFLAGS: 00000206 ORIG_RAX: 0000000000000027 [ 272.808342][ C1] RAX: ffffffffffffffda RBX: 00007ffcf32b5ff0 RCX: 00007fc0dcc7a667 [ 272.808350][ C1] RDX: 00007ffcf32b5ec0 RSI: 00007ffcf32b5ff0 RDI: 0000000000000021 [ 272.808357][ C1] RBP: 0000000000000000 R08: 00000000815cde44 R09: 000000000000002c [ 272.808364][ C1] R10: 00000000815cde48 R11: 0000000000000206 R12: 0000000000000001 [ 272.808370][ C1] R13: 00007fc0dcda0000 R14: 00000000000140a2 R15: 00007fc0dcdb4038 [ 272.808387][ C1] [ 273.086571][ C1] rcu: rcu_preempt kthread starved for 10329 jiffies! g24345 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 273.086588][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 273.086594][ C1] rcu: RCU grace-period kthread stack dump: [ 273.086598][ C1] task:rcu_preempt state:R running task stack:26008 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 273.086625][ C1] Call Trace: [ 273.086629][ C1] [ 273.086638][ C1] __schedule+0x17e8/0x4a20 [ 273.086666][ C1] ? __pfx___schedule+0x10/0x10 [ 273.086684][ C1] ? __pfx_lock_release+0x10/0x10 [ 273.086696][ C1] ? __asan_memset+0x23/0x50 [ 273.086713][ C1] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 273.086726][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 273.086740][ C1] ? schedule+0x90/0x320 [ 273.086749][ C1] schedule+0x14b/0x320 [ 273.086760][ C1] schedule_timeout+0x1be/0x310 [ 273.086775][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 273.086790][ C1] ? __pfx_process_timeout+0x10/0x10 [ 273.086807][ C1] ? prepare_to_swait_event+0x32e/0x350 [ 273.086823][ C1] rcu_gp_fqs_loop+0x2df/0x1330 [ 273.086835][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 273.086855][ C1] ? __pfx_rcu_implicit_dynticks_qs+0x10/0x10 [ 273.086868][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 273.086879][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 273.086897][ C1] ? finish_swait+0xd4/0x1e0 [ 273.086910][ C1] rcu_gp_kthread+0xa7/0x3b0 [ 273.086924][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 273.086935][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 273.086952][ C1] ? __kthread_parkme+0x169/0x1d0 [ 273.086966][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 273.086978][ C1] kthread+0x2f0/0x390 [ 273.086991][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 273.087003][ C1] ? __pfx_kthread+0x10/0x10 [ 273.087015][ C1] ret_from_fork+0x4b/0x80 [ 273.087030][ C1] ? __pfx_kthread+0x10/0x10 [ 273.087043][ C1] ret_from_fork_asm+0x1a/0x30 [ 273.087065][ C1] [ 273.087070][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 273.087079][ C1] Sending NMI from CPU 1 to CPUs 0: [ 273.087120][ C0] NMI backtrace for cpu 0 skipped: idling at acpi_safe_halt+0x21/0x30