last executing test programs: 7.428045648s ago: executing program 2 (id=1703): r0 = socket$unix(0x1, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000240)=0x8000, 0x4) connect$unix(r0, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 7.051206373s ago: executing program 3 (id=1704): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x8, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x11, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xfffffff7, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@map_idx={0x18, 0x9, 0x5, 0x0, 0xb}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0, 0x10, 0x0, @void, @value}, 0x90) 6.942591683s ago: executing program 1 (id=1705): r0 = socket$inet6(0xa, 0x1, 0x0) r1 = dup(r0) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000700)={@in6={{0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, '\x00', 0x38}}}, 0x0, 0x0, 0x43d, 0x0, "49df4ffe5d9c533da378c3ec111d08000000000000009d73660f5d9459f47415f6e029b01d99291517d8a400ed5a20356ce10b0602fe218f3dea0baeaa030000008adda2ddfc936ea8b049d100"}, 0xd8) 6.584938338s ago: executing program 3 (id=1708): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000008c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f0000000e80)={&(0x7f0000000240)={0x2c, r1, 0x1, 0x2, 0x0, {}, [@NL802154_ATTR_SEC_OUT_KEY_ID={0xc, 0x2b, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x2c}, 0x1, 0x0, 0x0, 0x404c401}, 0x0) 6.264940275s ago: executing program 2 (id=1710): syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000080)='./file0\x00', 0x800090, &(0x7f0000000f80)={[{@shortname_winnt}, {@uni_xlate}, {@shortname_win95}, {@numtail}, {@shortname_lower}, {@utf8no}, {@uni_xlate}, {@fat=@uid}, {@fat=@check_strict}, {@uni_xlate}, {@shortname_win95}, {@iocharset={'iocharset', 0x3d, 'cp950'}}, {@fat=@codepage={'codepage', 0x3d, '855'}}, {@shortname_lower}, {@numtail}, {@numtail}, {@uni_xlateno}, {@uni_xlateno}, {@iocharset={'iocharset', 0x3d, 'iso8859-6'}}, {@shortname_lower}, {@nonumtail}, {@shortname_win95}, {@rodir}, {@utf8no}, {@nonumtail}, {@shortname_lower}, {@shortname_mixed}, {@utf8}], [{@appraise}, {@uid_gt}]}, 0x6, 0x2d3, &(0x7f0000000a40)="$eJzs3b1rJGUYAPBnNrMfarFbWInggBZWx+Vamw1yB2Iqjy1OCw3eHUh2ES4Q8QPXq8TOxtK/QBD8Q2zsLAVbwc4IgZGZncl+ZNhsJBvx8vsVyZuZ55n3ed+ZJNPkyQcvTw4fZvH46Re/Ra+XRGvYjThJYhCtqH0VS4bfBgDwf3aS5/FnPtNw+tdv1uT2tlgXALA9F/z+r6TlxwdFxE/XVxsAsB33H7z79t7+/t13sqwX9yZfH4+SiCg+z87vPY6PYhyP4nb04zSifFFoR/m2UAzv5Xk+TbPCIF6bTI9HRebk/Z+r6+/9EVHm70Y/BuWhs7eNMv+t/bu72cxC/rSo4/lq/mGRfyf68eJZ8lL+nYb8GHXi9VcX6r8V/fjlw/g4xvGwLGKe/+Vulr2Zf/fX5+8V5RX5yfR41C3j5vKdevLpNd8jAAAAAAAAAAAAAAAAAAAAAACePbeq3jndKPv3FIeq/js7p8UX7chqg+X+PLP8pL7QvD9QtPI8n+bxfd1f53aWZXkVOM9P46W0aiwIAAAAAAAAAAAAAAAAAAAAN9zRp58dHozHj55cyaDuBpBGxN/3I/7tdYYLR16J9cHdas6D8bhVDZdj0sUjsVPHJBFryygWcUXbctHguXM1V4MffmzMKlZ0lEbTqd7Fk7ab57rk4JP2bB8bY+qn6/Agad7D7lnxveLGxeqN60Tz7O1YOdKp7+dqcP0obracTuOp/qW3pfNCOZiuiYlk3ffFG78vLSeJleBO2XGjMb1dDZp2Y/ZsbPQ8R2+Wfv5nRaJbBwAAAAAAAAAAAAAAAAAAbNX8r38bTj5dm9rKu1srCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACu1fz//28ySJeTN8jqxJOj/2ptAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3Bz/BAAA//8a6VGq") mkdir(&(0x7f0000000300)='./bus\x00', 0x0) open(&(0x7f0000000200)='./bus\x00', 0x1612c2, 0x0) 6.115002483s ago: executing program 3 (id=1711): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x54, r1, 0xfe12482fe0801d67, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xc}, {0x8f}}]}, 0x54}}, 0x0) 5.76468509s ago: executing program 0 (id=1712): sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0xe4, 0x0, 0x2, 0x70bd2c, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0xd0, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffc}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2c0}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xe}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8bd3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}]}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xa1d9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}]}]}]}, 0xe4}, 0x1, 0x0, 0x0, 0x24000011}, 0x201bfe4017e0064a) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="3800000055002f03020000000000000007000000", @ANYRES32, @ANYBLOB="200001"], 0x38}}, 0x0) 5.472183886s ago: executing program 1 (id=1713): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCSMAXCID(r0, 0x40047451, 0x0) 5.095797248s ago: executing program 3 (id=1714): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000100), 0x4) 4.90862949s ago: executing program 0 (id=1715): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x8}, 0x10) write(r0, &(0x7f00000000c0)="240000001e005f0214fffffffffffff8070000001d00000000000000050009000d000000", 0x24) 4.90127129s ago: executing program 2 (id=1716): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb}) ioctl$TCSETA(r0, 0x5406, 0x0) 4.053130724s ago: executing program 1 (id=1717): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) fsopen(0x0, 0x1) 4.003122926s ago: executing program 3 (id=1718): sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, 0x0}, 0x40044) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0xe, 0x4, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000080)}, 0x20) 3.908841113s ago: executing program 2 (id=1719): unshare(0x22020600) r0 = mq_open(&(0x7f0000001380)='\a\x05\x00\x00', 0xa167ad740cb9a351, 0x3c, 0x0) fcntl$setflags(r0, 0x2, 0x0) 3.826359032s ago: executing program 0 (id=1720): r0 = getpgrp(0x0) r1 = syz_pidfd_open(r0, 0x0) ftruncate(r1, 0x0) 3.606367738s ago: executing program 4 (id=1721): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) timer_create(0x0, 0x0, &(0x7f0000000080)) timer_gettime(0x0, &(0x7f0000000000)) 3.432111541s ago: executing program 4 (id=1722): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x38, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_RSS_QUERY_EN={0xc}]}]}, @IFLA_IFALIASn={0x4}]}, 0x38}}, 0x0) 3.236092834s ago: executing program 4 (id=1723): bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000008000ca7480182000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x89f1, &(0x7f0000000900)={'ip6gre0\x00', @random="0600002000"}) 2.995905725s ago: executing program 0 (id=1724): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x6, 0x2e, &(0x7f0000000c40)=ANY=[@ANYBLOB="18000000001000000000000000feffff18110000", @ANYRES8, @ANYBLOB="0000000000000000b702000014000000b703"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f91624fc60100c214002000003050582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 2.94923967s ago: executing program 1 (id=1725): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pwritev2(r0, 0x0, 0x0, 0x0, 0xfffffffd, 0x12) 2.636572219s ago: executing program 3 (id=1726): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_mount_image$ocfs2(&(0x7f0000000000), &(0x7f0000004900)='./file0\x00', 0x0, &(0x7f0000000180)={[{@commit}, {@coherency_buffered}, {@heartbeat_none}, {@acl}, {@usrquota}, {@commit={'commit', 0x3d, 0xfffffffffffffffb}}, {@dir_resv_level={'dir_resv_level', 0x3d, 0x4}}, {@cluster_stack}, {@heartbeat_global}, {@localalloc={'localalloc', 0x3d, 0x7}}, {@coherency_buffered}], [{@smackfstransmute={'smackfstransmute', 0x3d, '!\xea\xb5q\xaf\xa7vm\xf2\f\xaa$\xf8_\xdep\xc1\xa9\x9a\x8dA\xeemJ\x8d\xce#e\x05\x1cF'}}, {@permit_directio}]}, 0x1, 0x48a6, &(0x7f0000009200)="$eJzs3VtsHFfBB/Cza7e5tWmStl/Sy8O26qdWAhm7KmpJX5yr69SJ01x7keqsHTdxuvGmvrQgIRGEykuQENBKRVCpoPqhvAReSqFIRIiLCBJNJZBIKTQvFTRQVFAFKkgx2pu9M97NbDy5oOT3k5LxnJlz5sz+d87Ozno92aqJ/SPjuZHxXH40Vxx6Yvzu3NPFwuTB4ZC9SC719mnNhchJ9pdO/7qN23fdHcKHbd9+anp6ejqUtIeGuup+/tffPztUP63JxuqU2m3cWsUHn/vqhz/NnG2NJI+GEG6Y06+SthDC1h+HsCCEsKZatrY6XRRCWFrt79Ld99yUa3Fr30pY3tu7etOiI5unjt7zzi09t/Udb7piJoQF269ecuKZvt+9Nv3en1rcPAAAAAAAAAAAAAAAAAAAl7mebf07t3Z2hWOZ0D6Vmft93Z7qtPb92O+M/PGxgbbZ5dPnz4KLuNsAAAAAAAAAAAAAAAAAAADwP2X2+/+5zNUNvv+/vjrtrk6/cHLJmcfr7tc9PT3ddhG7y3nWu6V//YbOrur93+feiP2+atH7a9rC8gb3fY/f/31NrH7j+7/Pbuflk0Mrrk3R/1r/attdFjLZjsh8NtvREUJ+XWV+VWZxtlAcn/jYE8XJ0b0pNnyZiOZfuXt/5FnQXpm8v6a9pfzXxtpPuv//J597dMn3s2n24PoQf9aW5vfMfSrTQDT/5kP5y5/PtJT/uli9pPxP//ONl85cnWYPrk9T+YoXzb9ysC+qX6G7cnCW8v9Ke3L+62PtJ+X/85Un331+HsfqzSGEXKbU11xkBCidw5TKu8+9yStSNP+rymWROKoPZLPj/z+x/DfE2k/K/7uv/OH3K1KN1Y3H/8PxFyIaiuZfGYgXRtaYPf6XZ5OP/42x9pPy/9qLz43+MOX4H8+/1P/DXv9bEs2/+ifY2iOrlB/JVsf/nlj7Sfnf+dG9K6fm0e/HstV+Ls1EngFTmUp5bh5tXomi+VeO/Mihs7QyKR//y5LH/wdi7Sfl/73jrx3c0p5mDxqP/y8Z/1sSzb9y5pcm/95Y+0n5/+Sto88+mWoPGuc/540IDUXzXzxn+ez1n2xL7/82xeonXf85ufvaL/35qvn3v9a/2nZr139qh/9dmcr1HxqL5r9kzvJzzf/BWP2k/F/ffCC3O8W5Wq1/te3K/9xE87+m6Xqtnv/1xeoljf+vT937zNspzv+7y+//ma9o/s2vxLea/+ZYvaT8f/2rr9/4iRTnf/JPJ5p/5WQveu1sWfn/VvPfEms/Kf9Tb75x8+l5fIJYviqxsJb/7AvImQWV8j3O/1oSzf+6puu1mn9/rF5S/nes/NmJt4z/l0w0/8qx3ugCcPn9X2Zu7h/F8t8aaz9x/N/55f//zHm+/lcqOJzqM8UrRzT/5ZXCc8j/37H8H4q1n5T/L24//dsd5/nz33L+t6dp88oRzX9F0/VK+b/Zwvu/bbF61fybnuE9ndv3m7+kOv5D6HStf96i+Td/JW01/+2xeknHf9uWX766KtX1X/mnEc3/hqbrlcf/hcn574jVS8r/G9+8/9CrKfK7c/5VmZP/jU3XazX/nbF6Sfn/7R/Pr9iQ4jdI5Z9ONP//K5c1+v2/Vj//2RVrPyn/t5f/9UT/Bfj875jP/1oSzX9luSxN/rtj7Sflv/q9O549mGoPGud/Sv4tiea/qlyWJv+HY+0n5f/K4y+2/eg8v/8vzedc/2tJNP+bymVp8n8k1n5S/iNHXriv7wKM/93yBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhobXW6LGSyHZH5bLajI4R11flVYXFmML93YLBQHHpyPIT11fJcWJHZVygO5gsDI6PFvcMD+UKhOBTChuryG8LCzHihODFwMH9o40xbizL7h/NjE4PD+YkQQk+1/NZwba2twZGJg/lDIYQHZuosyeSfmixO5Dsmx4fHQu9M+TW18n1jxclDm2baui5bHDu0Pz86sHdkbHVnZ2dneLDpsq7QN7M/yzPDn54YHp2o7EmlZgibz7K8K4SwZabtZZm6B6Jcvb/5sq6tdftxoDg5NpovlOs8VC2/K1re1SzH7up0fe+2Hdv65q62JxPN+9Z3fzB46qoQttX1rVAcyhfq+r29+bKuHXWPx8TY5OhQfmJ4oFDcV3u8dp5leal3u+rarsu1XH1382VdD9e1W597bbuPVJd/0GB50wfvMpCUfz6W/xd3fHzowOKL1z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgdcfu/9QLIYT2ylw2hJCr/ZCp/ovo7V29adGRzVNH73nnlp7b+o43WgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPgvu3JswiAYBgH0S0iTGdLEHWzUAeQXncwFXMDaFaxdwlUs1EJwAeE9OLiDAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgSeaqGCLis693RPzP8jpykVLZfPtunPL1V2ftcvcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb27uc1jioOAPh3ZrOJgdBs8dqjkB7q0uIllFZYY/0Buo1ie67Ea8A95dAEKj0UvIj/QJHg2dZbKYLao6CXHnLsyfbSHAIpBX9VZnfGbraliaz4NrufD8y8eflO3vuGF2bm8p0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4N/49JVHc0V75fRsd2ssRMyUsemIWMx6x9utWhyNiMc76yvxnLbSGhh/t7bZ6e/PdvfZP/1b8598c2SI/Kv8qnkbkeXNvv7xLM+bzSEmGFOLr238vDYVkadOhCS2ztxcrUdELXUiJPHkwZ2N4vo+lToRkli4f32uWP966kRIYv7sw2P18hmPybO2fPlE/70/2+f8/eIcLncvXr2XW1QAAAAAAAAAAAAAAICR90NZ/5+V2556cPUhY+vaR+/9+l3qJEjm2ucX3k+dAwAAAAAAAAAAAAAAAAAAsNcL6/8ZW+r/J5v6fwAAAAAAAAAAAAAAAAAAGD2dsv7/yunZ7tZYiJgpY9PF7kjv+OvPsjjaiHi8s75S9Kv297KtvDMw/m5ts/Oi+b/96dZqe2qYv+Dl7nsL+hX9r94YZszx9+dvr7ZvT3nfw6TaOnNztR4RtdSJkMSTB3c2iuv7UJdeDq2F+9fnivWvp06EJObPPjxWr57xmDhry5dP9N/7B5+hB+0X53C5e/HqvdyiAgAAAAAAAAAAAAAAjLwfff9/It344vVH36dOgmR8/x8AAAAAAAAAAAAAAAAAAEaP+v/JpP5/sqn/BwAAAAAAAAAAAAAAAACA0fP2h+cvLJ88FZHFS3/NROzWNjv98XbZXlrqtVu/dLY/yJ7Ga/9nsvzn3m2ff/PcyVPlumfPxBfLH2238m70j531lXhOW/l4ae/vD/4/9Tyd58u3bp+7Mf3sGZeWDpZ/lV81byOyvBkRrTJ+PMvzZvNgYwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwNztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgWMBAAAAAGH+1lH0bQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqQAAAP//LfLpGA==") 2.541486829s ago: executing program 4 (id=1727): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080), 0xa08800, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{r0}, 0x0, 0x0}, 0x20) 2.250463817s ago: executing program 2 (id=1728): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), r0) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x3c, r1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x26}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'sit0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x7, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}]}, 0x3c}, 0x8, 0x3000000000002}, 0x0) 2.142497252s ago: executing program 1 (id=1729): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="240000001a0001000000000000000000020020000000000026"], 0x24}}, 0x0) 1.64864219s ago: executing program 0 (id=1730): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)={0x14, r1, 0x601}, 0x14}}, 0x0) 1.384274938s ago: executing program 4 (id=1731): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a34000000140a0703000000000000000002000000080003400000000a0900010073797a30000000000900020073797a"], 0x5c}}, 0x0) 701.255131ms ago: executing program 1 (id=1732): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x2012, r0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto={0x0, 0x1755aa5670968b55, 0x0, 0xd, 0x0, [{}, {}]}]}}, &(0x7f0000001f80)=""/237, 0x26, 0xed, 0xa, 0x0, 0x0, @void, @value}, 0x20) 684.607825ms ago: executing program 2 (id=1733): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xfffffffe}]}}}]}]}], {0x14}}, 0xd4}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e23, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) 342.356259ms ago: executing program 0 (id=1734): r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000080)={0x2a, 0xffffffff, 0xfffffffe}, 0xc) write$binfmt_misc(r0, 0x0, 0x4d) 0s ago: executing program 4 (id=1735): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x20, 0x19, 0xa, 0x201, 0x0, 0x0, {}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x20}}, 0x100) kernel console output (not intermixed with test programs): T44] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 405.874223][ T44] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 405.886171][ T44] usb 1-1: New USB device found, idVendor=0c70, idProduct=f012, bcdDevice= 0.00 [ 405.895644][ T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 406.256435][ T44] usb 1-1: config 0 descriptor?? [ 406.870029][ T44] aquacomputer_d5next 0003:0C70:F012.0016: unknown main item tag 0x0 [ 406.880912][ T44] aquacomputer_d5next 0003:0C70:F012.0016: unknown main item tag 0x0 [ 406.898552][ T6932] loop2: detected capacity change from 0 to 64 [ 406.925966][ T44] aquacomputer_d5next 0003:0C70:F012.0016: hidraw0: USB HID v0.00 Device [HID 0c70:f012] on usb-dummy_hcd.0-1/input0 [ 407.458919][ T10] usb 1-1: USB disconnect, device number 11 [ 408.151250][ T6947] loop1: detected capacity change from 0 to 128 [ 408.214846][ T6947] VFS: Found a Xenix FS (block size = 512) on device loop1 [ 408.709664][ T6714] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 409.338386][ T5177] sysv_free_block: trying to free block not in datazone [ 409.484207][ T5177] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 409.664118][ T6714] veth0_vlan: entered promiscuous mode [ 409.725676][ T6714] veth1_vlan: entered promiscuous mode [ 409.869183][ T6714] veth0_macvtap: entered promiscuous mode [ 409.902911][ T6714] veth1_macvtap: entered promiscuous mode [ 409.974396][ T6714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 409.985294][ T6714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 409.995566][ T6714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 410.006356][ T6714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 410.019441][ T6714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 410.030971][ T6714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 410.041429][ T6714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 410.056541][ T6714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 410.072679][ T6714] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 410.092588][ T6714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 410.103559][ T6714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 410.116957][ T6714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 410.128415][ T6714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 410.138712][ T6714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 410.149558][ T6714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 410.159784][ T6714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 410.170803][ T6714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 410.194313][ T6714] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 410.256925][ T6714] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.267366][ T6714] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.276649][ T6714] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.285877][ T6714] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.683993][ T6977] loop2: detected capacity change from 0 to 256 [ 410.943167][ T6977] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 412.168207][ T6974] loop1: detected capacity change from 0 to 4096 [ 412.272657][ T6974] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 412.962958][ T6974] ntfs3: loop1: Failed to read $UpCase (-4). [ 413.579911][ T1233] ieee802154 phy0 wpan0: encryption failed: -22 [ 413.586838][ T1233] ieee802154 phy1 wpan1: encryption failed: -22 [ 414.256640][ T7017] netlink: 56 bytes leftover after parsing attributes in process `syz.0.713'. [ 414.875595][ T44] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 415.477751][ T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 415.489428][ T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 415.499804][ T44] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 415.513219][ T44] usb 3-1: New USB device found, idVendor=0c12, idProduct=0030, bcdDevice= 0.00 [ 415.522749][ T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.738914][ T44] usb 3-1: config 0 descriptor?? [ 416.240161][ T44] zeroplus 0003:0C12:0030.0017: unknown main item tag 0x0 [ 416.335022][ T44] zeroplus 0003:0C12:0030.0017: hidraw0: USB HID v0.00 Device [HID 0c12:0030] on usb-dummy_hcd.2-1/input0 [ 416.346878][ T44] zeroplus 0003:0C12:0030.0017: no inputs found [ 416.492768][ T44] usb 3-1: USB disconnect, device number 7 [ 417.331061][ T7054] loop0: detected capacity change from 0 to 2048 [ 417.398866][ T7054] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 417.407980][ T7054] UDF-fs: Scanning with blocksize 512 failed [ 418.261351][ T7054] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 418.901758][ T7080] netlink: 92 bytes leftover after parsing attributes in process `syz.2.723'. [ 418.916909][ T6780] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 418.927670][ T6780] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 418.936519][ T6780] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 418.944796][ T6780] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 419.320999][ T29] audit: type=1326 audit(1727375943.960:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7082 comm="syz.4.725" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff41b97df39 code=0x0 [ 420.380331][ T7095] loop0: detected capacity change from 0 to 4096 [ 420.507718][ T7095] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 420.925815][ T7103] loop3: detected capacity change from 0 to 64 [ 421.979080][ T7095] syz.0.728 (7095) used greatest stack depth: 4992 bytes left [ 422.206278][ T7124] loop3: detected capacity change from 0 to 22 [ 422.423151][ T7124] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 423.700465][ T44] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 424.652632][ T44] usb 2-1: Using ep0 maxpacket: 16 [ 424.814685][ T7157] net_ratelimit: 123 callbacks suppressed [ 424.814773][ T7157] IPv6: addrconf: prefix option has invalid lifetime [ 425.321943][ T7160] loop3: detected capacity change from 0 to 512 [ 425.329006][ T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 425.341587][ T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 425.352901][ T44] usb 2-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 425.363571][ T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.455590][ T44] usb 2-1: config 0 descriptor?? [ 425.677907][ T7165] CIFS: Unable to determine destination address [ 425.760241][ T7160] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters [ 425.859990][ T7160] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.750: invalid indirect mapped block 4278190080 (level 0) [ 425.997220][ T44] bigben 0003:146B:0902.0018: unexpected rdesc, please submit for review [ 426.029258][ T44] bigben 0003:146B:0902.0018: hidraw0: USB HID v0.00 Device [HID 146b:0902] on usb-dummy_hcd.1-1/input0 [ 426.041011][ T44] bigben 0003:146B:0902.0018: missing HID_OUTPUT_REPORT 0 [ 426.048624][ T44] bigben 0003:146B:0902.0018: no output report found [ 426.057338][ T7160] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.750: invalid indirect mapped block 1 (level 1) [ 426.135726][ T7160] EXT4-fs (loop3): 1 truncate cleaned up [ 426.143780][ T7160] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 426.611182][ T7177] loop0: detected capacity change from 0 to 256 [ 426.691912][ T7175] loop4: detected capacity change from 0 to 512 [ 426.711555][ T7177] exfat: Deprecated parameter 'namecase' [ 426.718075][ T7177] exfat: Deprecated parameter 'utf8' [ 426.725797][ T5232] usb 2-1: USB disconnect, device number 7 [ 426.870442][ T6714] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 426.918774][ T7175] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 427.255511][ T7177] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 427.364997][ T7175] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 427.378560][ T7175] ext4 filesystem being mounted at /151/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 428.244326][ T7193] loop1: detected capacity change from 0 to 1024 [ 428.256517][ T7193] hfsplus: unable to parse mount options [ 428.372729][ T5184] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 428.723069][ T7193] No control pipe specified [ 428.757696][ T5232] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 428.990847][ T5232] usb 3-1: Using ep0 maxpacket: 32 [ 429.064437][ T5232] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 429.076071][ T5232] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 429.086442][ T5232] usb 3-1: New USB device found, idVendor=0458, idProduct=4018, bcdDevice= 0.00 [ 429.096042][ T5232] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 429.370372][ T5232] usb 3-1: config 0 descriptor?? [ 429.856458][ T7210] loop4: detected capacity change from 0 to 128 [ 429.996161][ T7202] loop0: detected capacity change from 0 to 2048 [ 430.014727][ T7210] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 430.139084][ T7210] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 430.194334][ T5232] kye 0003:0458:4018.0019: unknown main item tag 0x0 [ 430.202483][ T7213] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 430.367423][ T5232] kye 0003:0458:4018.0019: hidraw0: USB HID v0.00 Device [HID 0458:4018] on usb-dummy_hcd.2-1/input0 [ 430.474496][ T5232] usb 3-1: USB disconnect, device number 8 [ 431.081339][ T7217] loop1: detected capacity change from 0 to 764 [ 431.253766][ T7221] loop3: detected capacity change from 0 to 256 [ 431.869686][ T7225] loop4: detected capacity change from 0 to 512 [ 431.975802][ T7225] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 432.060988][ T7233] loop2: detected capacity change from 0 to 128 [ 432.091427][ T7225] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002] [ 432.113190][ T7225] System zones: 1-12 [ 432.128163][ T7233] EXT4-fs: Ignoring removed mblk_io_submit option [ 432.173805][ T7225] EXT4-fs (loop4): 1 truncate cleaned up [ 432.181813][ T7225] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 432.609822][ T7233] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 432.808091][ T7233] ext4 filesystem being mounted at /157/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 433.027807][ T5184] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 433.584695][ T7248] loop0: detected capacity change from 0 to 512 [ 433.650366][ T7249] loop4: detected capacity change from 0 to 512 [ 433.800826][ T7248] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 433.814508][ T7248] ext4 filesystem being mounted at /170/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 433.843604][ T7249] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 433.857123][ T7249] ext4 filesystem being mounted at /156/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 433.996419][ T7255] ax25_connect(): syz.3.782 uses autobind, please contact jreuter@yaina.de [ 434.349383][ T5174] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 434.412977][ T5184] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 434.990838][ T5172] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 435.227552][ T29] audit: type=1326 audit(1727375959.830:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7265 comm="syz.1.789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4a8b7df39 code=0x7ffc0000 [ 435.250467][ T29] audit: type=1326 audit(1727375959.870:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7265 comm="syz.1.789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4a8b7df39 code=0x7ffc0000 [ 435.364431][ T29] audit: type=1326 audit(1727375959.990:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7265 comm="syz.1.789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fa4a8b7df39 code=0x7ffc0000 [ 435.387393][ T29] audit: type=1326 audit(1727375959.990:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7265 comm="syz.1.789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4a8b7df39 code=0x7ffc0000 [ 435.413526][ T29] audit: type=1326 audit(1727375959.990:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7265 comm="syz.1.789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4a8b7df39 code=0x7ffc0000 [ 435.437509][ T29] audit: type=1326 audit(1727375960.000:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7265 comm="syz.1.789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=30 compat=0 ip=0x7fa4a8b7df39 code=0x7ffc0000 [ 435.460136][ T29] audit: type=1326 audit(1727375960.000:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7265 comm="syz.1.789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4a8b7df39 code=0x7ffc0000 [ 435.747960][ T10] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 436.353115][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 436.384506][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 436.396017][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 436.406287][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 436.419851][ T10] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 436.429451][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 436.547539][ T7278] loop3: detected capacity change from 0 to 512 [ 436.644757][ T5253] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 436.814633][ T10] usb 1-1: config 0 descriptor?? [ 436.845097][ T7278] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 ro without journal. Quota mode: writeback. [ 436.893940][ T5253] usb 3-1: Using ep0 maxpacket: 32 [ 436.930244][ T5253] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 436.939991][ T5253] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 437.062276][ T5253] usb 3-1: config 0 descriptor?? [ 437.171751][ T5253] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 437.426238][ T6714] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 437.691669][ T5253] gspca_nw80x: reg_w err -110 [ 437.697515][ T5253] nw80x 3-1:0.0: probe with driver nw80x failed with error -110 [ 437.777849][ T10] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.001A/input/input16 [ 438.054104][ T10] microsoft 0003:045E:07DA.001A: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 438.237677][ T10] usb 1-1: USB disconnect, device number 12 [ 439.618931][ T7301] loop4: detected capacity change from 0 to 256 [ 439.635603][ T7297] loop3: detected capacity change from 0 to 4096 [ 439.720496][ T7301] exfat: Deprecated parameter 'utf8' [ 439.726401][ T7301] exfat: Deprecated parameter 'utf8' [ 440.353725][ T10] usb 3-1: USB disconnect, device number 9 [ 440.719243][ T7301] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x811ad48d, utbl_chksum : 0xe619d30d) [ 441.612401][ T7319] netlink: 40 bytes leftover after parsing attributes in process `syz.1.810'. [ 441.624798][ T7319] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 442.201936][ T7315] loop0: detected capacity change from 0 to 4096 [ 442.232859][ T7315] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 442.318540][ T7327] loop2: detected capacity change from 0 to 1024 [ 442.339118][ T7327] EXT4-fs: Ignoring removed nomblk_io_submit option [ 442.862690][ T7333] loop1: detected capacity change from 0 to 512 [ 443.052933][ T7333] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 443.062513][ T7333] EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities [ 443.078620][ T7327] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 443.814732][ T29] audit: type=1326 audit(1727375968.460:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7344 comm="syz.4.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff41b97df39 code=0x7ffc0000 [ 443.837805][ T29] audit: type=1326 audit(1727375968.460:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7344 comm="syz.4.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff41b97df39 code=0x7ffc0000 [ 443.860878][ T29] audit: type=1326 audit(1727375968.460:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7344 comm="syz.4.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff41b97df39 code=0x7ffc0000 [ 443.883682][ T29] audit: type=1326 audit(1727375968.460:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7344 comm="syz.4.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff41b97df39 code=0x7ffc0000 [ 443.910572][ T29] audit: type=1326 audit(1727375968.460:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7344 comm="syz.4.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff41b97df39 code=0x7ffc0000 [ 443.934446][ T29] audit: type=1326 audit(1727375968.460:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7344 comm="syz.4.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7ff41b97df39 code=0x7ffc0000 [ 443.957493][ T29] audit: type=1326 audit(1727375968.460:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7344 comm="syz.4.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff41b97df39 code=0x7ffc0000 [ 444.097841][ T7315] ntfs3: loop0: Failed to read $UpCase (-4). [ 444.160607][ T7346] loop1: detected capacity change from 0 to 512 [ 444.238972][ T5172] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 444.366189][ T7346] EXT4-fs error (device loop1): ext4_orphan_get:1414: comm syz.1.820: bad orphan inode 4 [ 444.425865][ T7346] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 445.509742][ T7364] netlink: 68 bytes leftover after parsing attributes in process `syz.3.826'. [ 445.521677][ T7366] netlink: 8 bytes leftover after parsing attributes in process `syz.0.829'. [ 445.874438][ T5177] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 446.018020][ T7373] loop2: detected capacity change from 0 to 16 [ 446.395213][ T7377] raw_sendmsg: syz.4.836 forgot to set AF_INET. Fix it! [ 446.474706][ T7373] erofs: (device loop2): mounted with root inode @ nid 36. [ 449.347648][ T7414] sp0: Synchronizing with TNC [ 449.465511][ T7413] [U] è [ 450.545519][ T7091] coredump: 320(syz.2.727): written to core: VMAs: 34, size 80637952; core: 59937734 bytes, pos 80646144 [ 452.386855][ T7459] loop2: detected capacity change from 0 to 512 [ 452.687534][ T7461] loop0: detected capacity change from 0 to 16 [ 452.858917][ T7463] loop1: detected capacity change from 0 to 64 [ 452.873766][ T7461] erofs: (device loop0): mounted with root inode @ nid 36. [ 453.775371][ T7459] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 453.788786][ T7459] ext4 filesystem being mounted at /170/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 454.254204][ T7459] EXT4-fs: can't change dax mount option while remounting [ 454.345861][ T7481] netlink: 296 bytes leftover after parsing attributes in process `syz.4.883'. [ 454.360399][ T7481] netlink: 296 bytes leftover after parsing attributes in process `syz.4.883'. [ 454.789423][ T7484] loop4: detected capacity change from 0 to 64 [ 454.950881][ T5172] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 455.014204][ T29] audit: type=1800 audit(1727375979.640:31): pid=7484 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.884" name="bus" dev="loop4" ino=21 res=0 errno=0 [ 455.200418][ T7482] loop3: detected capacity change from 0 to 2048 [ 455.216356][ T7482] EXT4-fs: Ignoring removed mblk_io_submit option [ 455.240559][ T7488] loop0: detected capacity change from 0 to 512 [ 455.373019][ T7488] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 455.457269][ T7482] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 455.568496][ T7488] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.896: invalid indirect mapped block 83886080 (level 1) [ 455.660651][ T7482] EXT4-fs error (device loop3): ext4_find_extent:938: inode #2: comm syz.3.882: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 455.671277][ T7488] EXT4-fs (loop0): 1 orphan inode deleted [ 455.687574][ T7488] EXT4-fs (loop0): 1 truncate cleaned up [ 455.696647][ T7488] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 455.935746][ T7497] netlink: 44 bytes leftover after parsing attributes in process `syz.4.888'. [ 456.190351][ T5174] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 456.280934][ T6714] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 457.010528][ T7513] loop3: detected capacity change from 0 to 8 [ 457.022689][ T25] kernel write not supported for file /cpuinfo (pid: 25 comm: kworker/1:0) [ 457.185197][ T7513] netlink: 8 bytes leftover after parsing attributes in process `syz.3.891'. [ 457.614386][ T7519] 9pnet_fd: p9_fd_create_tcp (7519): problem binding to privport [ 457.687059][ T7515] PKCS8: Unsupported PKCS#8 version [ 458.382513][ T7528] loop4: detected capacity change from 0 to 128 [ 458.408739][ T7530] netlink: 'syz.0.903': attribute type 3 has an invalid length. [ 458.418003][ T7530] netlink: 'syz.0.903': attribute type 1 has an invalid length. [ 458.426600][ T7530] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.903'. [ 458.437183][ T7528] VFS: Found a Xenix FS (block size = 1024) on device loop4 [ 458.512809][ T7528] sysv_count_free_blocks: >flc_size entries in free-list block [ 458.844887][ T7528] sysv_count_free_inodes: unable to read inode table [ 459.192535][ T5184] sysv_free_block: flc_count > flc_size [ 459.198364][ T5184] sysv_free_block: flc_count > flc_size [ 459.205140][ T5184] sysv_free_block: flc_count > flc_size [ 459.210923][ T5184] sysv_free_block: flc_count > flc_size [ 459.218213][ T5184] sysv_free_block: flc_count > flc_size [ 459.224219][ T5184] sysv_free_block: flc_count > flc_size [ 459.229983][ T5184] sysv_free_block: flc_count > flc_size [ 459.248002][ T5184] sysv_free_block: flc_count > flc_size [ 459.253977][ T5184] sysv_free_block: flc_count > flc_size [ 459.259751][ T5184] sysv_free_block: flc_count > flc_size [ 459.495617][ T5184] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 460.079651][ T7543] loop4: detected capacity change from 0 to 1024 [ 460.283155][ T7543] hfsplus: bad catalog entry type [ 460.512693][ T5178] Bluetooth: hci3: command tx timeout [ 460.695776][ T2976] hfsplus: b-tree write err: -5, ino 4 [ 461.591004][ T7555] loop1: detected capacity change from 0 to 128 [ 461.787188][ T7568] netlink: 'syz.2.917': attribute type 1 has an invalid length. [ 461.870026][ T7569] FAT-fs (loop1): FAT read failed (blocknr 234) [ 462.262748][ T7565] ALSA: seq fatal error: cannot create timer (-19) [ 462.332644][ T7572] loop4: detected capacity change from 0 to 128 [ 462.418258][ T7572] VFS: Found a Xenix FS (block size = 512) on device loop4 [ 462.955399][ T5184] sysv_free_block: trying to free block not in datazone [ 462.980360][ T5184] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 463.173583][ T25] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 463.275214][ T10] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 463.551768][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 463.786785][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 463.798525][ T10] usb 4-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00 [ 463.808166][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.930290][ T10] usb 4-1: config 0 descriptor?? [ 464.531832][ T7592] loop2: detected capacity change from 0 to 4096 [ 464.559423][ T25] usb 1-1: Using ep0 maxpacket: 16 [ 464.775476][ T10] usbhid 4-1:0.0: can't add hid device: -71 [ 464.782773][ T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 464.938598][ T10] usb 4-1: USB disconnect, device number 7 [ 465.007876][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 465.031818][ T7602] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 465.061217][ T25] usb 1-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=46.8b [ 465.072831][ T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 465.081163][ T25] usb 1-1: Product: syz [ 465.086379][ T25] usb 1-1: Manufacturer: syz [ 465.091272][ T25] usb 1-1: SerialNumber: syz [ 465.114449][ T25] usb 1-1: config 0 descriptor?? [ 465.122883][ T5253] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 465.338080][ T5253] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 465.349741][ T5253] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 465.360217][ T5253] usb 5-1: New USB device found, idVendor=11ff, idProduct=3331, bcdDevice= 0.00 [ 465.369865][ T5253] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 465.632470][ T5253] usb 5-1: config 0 descriptor?? [ 465.829882][ T25] usb 1-1: USB disconnect, device number 13 [ 465.838324][ T25] f81534a_ctrl 1-1:0.0: failed to set register 0x116: -19 [ 465.846003][ T25] f81534a_ctrl 1-1:0.0: failed to enable ports: -19 [ 466.165375][ T5253] gembird 0003:11FF:3331.001B: hidraw0: USB HID v0.00 Device [HID 11ff:3331] on usb-dummy_hcd.4-1/input0 [ 466.441765][ T25] usb 5-1: USB disconnect, device number 8 [ 467.758572][ T7627] tipc: Failed to obtain node identity [ 467.770519][ T7627] tipc: Enabling of bearer rejected, failed to enable media [ 468.335075][ T7637] loop0: detected capacity change from 0 to 256 [ 468.811995][ T7637] FAT-fs (loop0): Directory bread(block 64) failed [ 468.819012][ T7637] FAT-fs (loop0): Directory bread(block 65) failed [ 468.826467][ T7637] FAT-fs (loop0): Directory bread(block 66) failed [ 468.840119][ T7637] FAT-fs (loop0): Directory bread(block 67) failed [ 468.847535][ T7637] FAT-fs (loop0): Directory bread(block 68) failed [ 468.854538][ T7637] FAT-fs (loop0): Directory bread(block 69) failed [ 468.861529][ T7637] FAT-fs (loop0): Directory bread(block 70) failed [ 468.868604][ T7637] FAT-fs (loop0): Directory bread(block 71) failed [ 468.876609][ T7637] FAT-fs (loop0): Directory bread(block 72) failed [ 468.886145][ T7637] FAT-fs (loop0): Directory bread(block 73) failed [ 469.072693][ T7637] syz.0.949: attempt to access beyond end of device [ 469.072693][ T7637] loop0: rw=524288, sector=1768, nr_sectors = 4 limit=256 [ 469.087075][ T7637] syz.0.949: attempt to access beyond end of device [ 469.087075][ T7637] loop0: rw=0, sector=1768, nr_sectors = 4 limit=256 [ 469.152438][ T29] audit: type=1800 audit(1727375993.750:32): pid=7637 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.949" name="file1" dev="loop0" ino=1048754 res=0 errno=0 [ 470.203309][ T5253] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 470.584629][ T5253] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 470.596061][ T5253] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 470.606768][ T5253] usb 1-1: New USB device found, idVendor=12ba, idProduct=0100, bcdDevice= 0.00 [ 470.616332][ T5253] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.703380][ T5253] usb 1-1: config 0 descriptor?? [ 471.320554][ T5253] sony 0003:12BA:0100.001C: hidraw0: USB HID vff.ff Device [HID 12ba:0100] on usb-dummy_hcd.0-1/input0 [ 471.332787][ T5253] sony 0003:12BA:0100.001C: failed to claim input [ 471.565269][ T5253] usb 1-1: USB disconnect, device number 14 [ 471.898614][ T7680] netlink: 'syz.1.968': attribute type 3 has an invalid length. [ 471.906973][ T7680] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.968'. [ 472.461884][ T7689] loop1: detected capacity change from 0 to 256 [ 472.512729][ T1901] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 472.686271][ T1901] usb 4-1: Using ep0 maxpacket: 8 [ 472.743500][ T1901] usb 4-1: config 0 has no interfaces? [ 472.819425][ T1901] usb 4-1: New USB device found, idVendor=0582, idProduct=007a, bcdDevice=c7.3d [ 472.829379][ T1901] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 472.837954][ T1901] usb 4-1: Product: syz [ 472.842565][ T1901] usb 4-1: Manufacturer: syz [ 472.847501][ T1901] usb 4-1: SerialNumber: syz [ 472.930681][ T1901] usb 4-1: config 0 descriptor?? [ 473.799489][ T5253] usb 4-1: USB disconnect, device number 8 [ 474.064215][ T7709] (unnamed net_device) (uninitialized): option miimon: invalid value (18446744073709551615) [ 474.075700][ T7709] (unnamed net_device) (uninitialized): option miimon: allowed values 0 - 2147483647 [ 474.559974][ T7717] loop3: detected capacity change from 0 to 64 [ 475.001021][ T1233] ieee802154 phy0 wpan0: encryption failed: -22 [ 475.008130][ T1233] ieee802154 phy1 wpan1: encryption failed: -22 [ 476.345785][ T7743] loop0: detected capacity change from 0 to 256 [ 476.436548][ T7743] exfat: Deprecated parameter 'namecase' [ 476.497042][ T7751] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1000'. [ 476.510984][ T5253] IPVS: starting estimator thread 0... [ 476.696305][ T7743] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xb59a85fc, utbl_chksum : 0xe619d30d) [ 476.721864][ T7749] IPVS: using max 240 ests per chain, 12000 per kthread [ 476.938495][ T7753] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1001'. [ 477.826744][ T7769] smb3: Bad value for 'uid' [ 477.831581][ T7769] smb3: Bad value for 'uid' [ 479.722585][ T7792] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1019'. [ 479.732393][ T7792] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1019'. [ 481.053356][ T7807] loop2: detected capacity change from 0 to 256 [ 481.084212][ T7807] exfat: Deprecated parameter 'namecase' [ 481.524673][ T7807] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x973db221, utbl_chksum : 0xe619d30d) [ 482.495987][ T7823] loop4: detected capacity change from 0 to 1024 [ 482.625894][ T7823] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 483.173744][ T5184] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 483.363378][ T5232] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 483.407095][ T7838] netlink: 'syz.0.1039': attribute type 30 has an invalid length. [ 483.415981][ T7838] bond0: option arp_missed_max: invalid value (0) [ 483.423035][ T7838] bond0: option arp_missed_max: allowed values 1 - 255 [ 483.522385][ T5232] usb 4-1: Using ep0 maxpacket: 32 [ 483.545393][ T5232] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 483.554503][ T5232] usb 4-1: config 0 has no interface number 0 [ 483.666243][ T5232] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 483.676757][ T5232] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 483.685423][ T5232] usb 4-1: Product: syz [ 483.689884][ T5232] usb 4-1: Manufacturer: syz [ 483.695014][ T5232] usb 4-1: SerialNumber: syz [ 483.699708][ T1901] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 483.761650][ T5232] usb 4-1: config 0 descriptor?? [ 483.815740][ T5232] smsc95xx v2.0.0 [ 483.860734][ T1901] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 483.872928][ T1901] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 483.884676][ T1901] usb 3-1: New USB device found, idVendor=056a, idProduct=0325, bcdDevice= 0.00 [ 483.894412][ T1901] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 484.005882][ T1901] usb 3-1: config 0 descriptor?? [ 484.237139][ T25] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 484.303064][ T5232] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 484.315013][ T5232] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 484.406600][ T5232] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 484.418893][ T5232] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71 [ 484.486617][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 484.498540][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 484.509234][ T25] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 484.518776][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 484.531732][ T5232] usb 4-1: USB disconnect, device number 9 [ 484.590786][ T1901] wacom 0003:056A:0325.001D: unbalanced collection at end of report description [ 484.618443][ T1901] wacom 0003:056A:0325.001D: parse failed [ 484.626175][ T1901] wacom 0003:056A:0325.001D: probe with driver wacom failed with error -22 [ 484.715282][ T25] usb 5-1: config 0 descriptor?? [ 484.745663][ T5232] usb 3-1: USB disconnect, device number 10 [ 485.178768][ T25] cm6533_jd 0003:0D8C:0022.001E: unknown global tag 0xc [ 485.186792][ T25] cm6533_jd 0003:0D8C:0022.001E: item 0 1 1 12 parsing failed [ 485.313856][ T25] cm6533_jd 0003:0D8C:0022.001E: parse failed [ 485.320827][ T25] cm6533_jd 0003:0D8C:0022.001E: probe with driver cm6533_jd failed with error -22 [ 485.443669][ T25] usb 5-1: USB disconnect, device number 9 [ 485.645037][ T7848] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1043'. [ 486.569874][ T7858] netlink: 'syz.4.1049': attribute type 2 has an invalid length. [ 486.578995][ T7858] netlink: 244 bytes leftover after parsing attributes in process `syz.4.1049'. [ 486.769362][ T7860] loop2: detected capacity change from 0 to 512 [ 486.985170][ T7860] EXT4-fs: Ignoring removed oldalloc option [ 487.144057][ T7862] mkiss: ax0: crc mode is auto. [ 487.291118][ T7860] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 487.313124][ T7860] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.1050: invalid indirect mapped block 2683928664 (level 1) [ 487.337669][ T7860] EXT4-fs (loop2): 1 truncate cleaned up [ 487.346307][ T7860] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 487.763799][ T7860] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.1050: Invalid block bitmap block 3 in block_group 0 [ 488.314973][ T7878] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1057'. [ 488.397386][ T5172] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 489.362496][ T25] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 489.545581][ T25] usb 4-1: Using ep0 maxpacket: 8 [ 489.592440][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 489.604084][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 489.614456][ T25] usb 4-1: New USB device found, idVendor=172f, idProduct=0034, bcdDevice= 0.00 [ 489.624127][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.709254][ T7898] loop0: detected capacity change from 0 to 512 [ 489.763769][ T25] usb 4-1: config 0 descriptor?? [ 489.982914][ T7898] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002] [ 490.053394][ T7898] System zones: 0-2, 18-18, 34-34 [ 490.262742][ T7898] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1067: bg 0: block 248: padding at end of block bitmap is not set [ 490.341700][ T7898] Quota error (device loop0): write_blk: dquota write failed [ 490.360268][ T7898] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 490.376665][ T7898] EXT4-fs error (device loop0): ext4_acquire_dquot:6879: comm syz.0.1067: Failed to acquire dquot type 1 [ 490.503474][ T25] waltop 0003:172F:0034.001F: collection stack underflow [ 490.510899][ T25] waltop 0003:172F:0034.001F: item 0 0 0 12 parsing failed [ 490.526655][ T7905] loop1: detected capacity change from 0 to 1024 [ 490.548035][ T25] waltop 0003:172F:0034.001F: probe with driver waltop failed with error -22 [ 490.614787][ T7898] EXT4-fs (loop0): 1 truncate cleaned up [ 490.623901][ T7898] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 490.637233][ T7898] ext4 filesystem being mounted at /223/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 490.694492][ T10] usb 4-1: USB disconnect, device number 10 [ 490.784406][ T7905] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 490.797629][ T7905] ext4 filesystem being mounted at /228/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 491.268850][ T7898] syz.0.1067 (7898) used greatest stack depth: 4056 bytes left [ 491.498408][ T5177] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 491.780011][ T5174] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 491.855934][ T3986] Quota error (device loop0): do_check_range: Getting block 0 out of range 1-5 [ 491.865786][ T3986] EXT4-fs error (device loop0): ext4_release_dquot:6902: comm kworker/u8:21: Failed to release dquot type 1 [ 492.199209][ T7930] loop4: detected capacity change from 0 to 128 [ 492.235579][ T7930] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 492.572430][ T10] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 492.607028][ T7925] loop3: detected capacity change from 0 to 2048 [ 492.801563][ T10] usb 2-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32 [ 492.811385][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.848857][ T5232] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 492.980192][ T10] usb 2-1: config 0 descriptor?? [ 493.003322][ T10] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 493.052454][ T7936] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 493.102541][ T5232] usb 1-1: Using ep0 maxpacket: 32 [ 493.123965][ T5232] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 493.135819][ T5232] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 493.146477][ T5232] usb 1-1: New USB device found, idVendor=0c70, idProduct=f003, bcdDevice= 0.00 [ 493.156678][ T5232] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 493.278436][ T10] gp8psk: usb in 128 operation failed. [ 493.362608][ T5232] usb 1-1: config 0 descriptor?? [ 493.512755][ T10] gp8psk: usb in 146 operation failed. [ 493.518692][ T10] gp8psk: failed to get FW version [ 493.526475][ T10] gp8psk: usb in 149 operation failed. [ 493.533130][ T10] gp8psk: failed to get FPGA version [ 493.540181][ T10] gp8psk: usb in 138 operation failed. [ 493.551589][ T10] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 493.564334][ T10] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 493.755286][ T10] usb 2-1: USB disconnect, device number 8 [ 494.255480][ T5232] aquacomputer_d5next 0003:0C70:F003.0020: unknown main item tag 0x0 [ 494.264130][ T5232] aquacomputer_d5next 0003:0C70:F003.0020: unknown main item tag 0x0 [ 494.272899][ T5232] aquacomputer_d5next 0003:0C70:F003.0020: unknown main item tag 0x0 [ 494.281375][ T5232] aquacomputer_d5next 0003:0C70:F003.0020: unknown main item tag 0x0 [ 494.297512][ T5232] aquacomputer_d5next 0003:0C70:F003.0020: unknown main item tag 0x0 [ 494.422558][ T5232] aquacomputer_d5next 0003:0C70:F003.0020: hidraw0: USB HID v0.00 Device [HID 0c70:f003] on usb-dummy_hcd.0-1/input0 [ 494.636677][ T7949] loop3: detected capacity change from 0 to 64 [ 494.791270][ T44] usb 1-1: USB disconnect, device number 15 [ 495.402616][ T5232] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 495.558774][ T7960] loop3: detected capacity change from 0 to 512 [ 495.698800][ T5232] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 495.710439][ T5232] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 495.724633][ T5232] usb 5-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00 [ 495.735413][ T5232] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.760729][ T5232] usb 5-1: config 0 descriptor?? [ 495.766525][ T7960] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.1092: corrupted in-inode xattr: invalid ea_ino [ 495.840847][ T7960] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.1092: couldn't read orphan inode 15 (err -117) [ 495.880997][ T7965] loop2: detected capacity change from 0 to 64 [ 495.918758][ T7960] EXT4-fs (loop3): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 496.576393][ T7972] loop1: detected capacity change from 0 to 256 [ 496.598975][ T5232] logitech-djreceiver 0003:046D:C534.0021: hidraw0: USB HID v0.00 Device [HID 046d:c534] on usb-dummy_hcd.4-1/input0 [ 496.639387][ T6714] EXT4-fs (loop3): unmounting filesystem 00000007-0000-0000-0000-000000000000. [ 496.870452][ T5232] usb 5-1: USB disconnect, device number 10 [ 497.307223][ T7981] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 497.744081][ T10] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 498.261513][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 498.273789][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 498.288102][ T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 498.302875][ T10] usb 2-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00 [ 498.314034][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 498.405506][ T10] usb 2-1: config 0 descriptor?? [ 499.126679][ T10] wacom 0003:056A:0094.0022: unknown main item tag 0x0 [ 499.134229][ T10] wacom 0003:056A:0094.0022: unknown main item tag 0x0 [ 499.141465][ T10] wacom 0003:056A:0094.0022: unknown main item tag 0x0 [ 499.148989][ T10] wacom 0003:056A:0094.0022: unknown main item tag 0x0 [ 499.156417][ T10] wacom 0003:056A:0094.0022: unknown main item tag 0x0 [ 499.164356][ T10] wacom 0003:056A:0094.0022: unknown main item tag 0x0 [ 499.171590][ T10] wacom 0003:056A:0094.0022: unknown main item tag 0x0 [ 499.547664][ T10] wacom 0003:056A:0094.0022: Using device in hidraw-only mode [ 499.620924][ T10] wacom 0003:056A:0094.0022: hidraw0: USB HID v0.00 Device [HID 056a:0094] on usb-dummy_hcd.1-1/input0 [ 499.693824][ T10] usb 2-1: USB disconnect, device number 9 [ 501.639156][ T8032] IPVS: sync thread started: state = BACKUP, mcast_ifn = netdevsim0, syncid = 0, id = 0 [ 501.675839][ T8031] IPVS: stopping backup sync thread 8032 ... [ 503.747493][ T8029] loop1: detected capacity change from 0 to 32768 [ 504.606073][ T8038] loop3: detected capacity change from 0 to 32768 [ 504.805832][ T8038] JBD2: Ignoring recovery information on journal [ 505.180742][ T8038] JBD2: journal reset failed [ 505.185839][ T8038] (syz.3.1126,8038,0):ocfs2_journal_load:1145 ERROR: Failed to load journal! [ 505.195353][ T8038] (syz.3.1126,8038,0):ocfs2_check_volume:2423 ERROR: ocfs2 journal load failed! -4 [ 509.278133][ T8099] nftables ruleset with unbound chain [ 509.678076][ T8106] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1157'. [ 509.826632][ T8100] loop1: detected capacity change from 0 to 512 [ 509.961599][ T8100] EXT4-fs: Ignoring removed nomblk_io_submit option [ 509.995074][ T8114] loop4: detected capacity change from 0 to 64 [ 510.047464][ T8100] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 510.060638][ T8100] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2 [ 510.079149][ T8100] EXT4-fs (loop1): 1 truncate cleaned up [ 510.126858][ T8100] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 510.621564][ T5177] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 511.076964][ T8127] loop1: detected capacity change from 0 to 16 [ 511.172669][ T8127] erofs: (device loop1): mounted with root inode @ nid 36. [ 511.774280][ T8133] loop0: detected capacity change from 0 to 64 [ 511.968462][ T8129] loop4: detected capacity change from 0 to 2048 [ 512.204617][ T8139] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 513.291569][ T8152] loop0: detected capacity change from 0 to 128 [ 513.637213][ T8152] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 513.725193][ T8152] ext4 filesystem being mounted at /242/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 513.750209][ T10] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 513.869192][ T8152] EXT4-fs error (device loop0): swap_inode_boot_loader:384: inode #5: comm syz.0.1172: iget: checksum invalid [ 513.913713][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 514.005457][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 514.017416][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 514.027869][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 514.041438][ T10] usb 5-1: New USB device found, idVendor=2179, idProduct=0053, bcdDevice= 0.00 [ 514.055052][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 514.133178][ T10] usb 5-1: config 0 descriptor?? [ 514.404649][ T8162] loop2: detected capacity change from 0 to 1764 [ 514.531284][ T5174] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 514.608467][ T8165] atomic_op ffff888017919128 conn xmit_atomic 0000000000000000 [ 514.663159][ T10] uclogic 0003:2179:0053.0023: interface is invalid, ignoring [ 514.888641][ T25] usb 5-1: USB disconnect, device number 11 [ 515.302653][ T5232] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 515.370924][ T8169] loop0: detected capacity change from 0 to 2048 [ 515.408878][ T8169] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 515.511096][ T5232] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 515.521993][ T5232] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 515.598332][ T8174] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 515.638952][ T5232] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 515.648719][ T5232] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 515.657955][ T5232] usb 4-1: SerialNumber: syz [ 515.932400][ T5232] usb 4-1: 0:2 : does not exist [ 516.120527][ T5232] usb 4-1: USB disconnect, device number 11 [ 516.891614][ T5352] udevd[5352]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 516.960650][ T8185] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1189'. [ 517.206330][ T8186] loop1: detected capacity change from 0 to 1024 [ 517.269738][ T8186] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only. [ 517.438845][ T8186] hfsplus: filesystem is marked journaled, leaving read-only. [ 518.344557][ T8203] netlink: 'syz.4.1198': attribute type 29 has an invalid length. [ 518.399604][ T8202] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1199'. [ 518.476541][ T8203] netlink: 'syz.4.1198': attribute type 29 has an invalid length. [ 518.492577][ T25] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 518.677773][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 518.689367][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 518.699714][ T25] usb 1-1: New USB device found, idVendor=172f, idProduct=0032, bcdDevice= 0.00 [ 518.709236][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 518.792820][ T25] usb 1-1: config 0 descriptor?? [ 518.793432][ T8208] loop3: detected capacity change from 0 to 256 [ 519.036473][ T8208] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xff532d92, utbl_chksum : 0xe619d30d) [ 519.153108][ T44] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 519.316073][ T25] waltop 0003:172F:0032.0024: hidraw0: USB HID v0.00 Device [HID 172f:0032] on usb-dummy_hcd.0-1/input0 [ 519.397423][ T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 519.409117][ T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 519.419464][ T44] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 519.432908][ T44] usb 2-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00 [ 519.442417][ T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 519.491121][ T25] usb 1-1: USB disconnect, device number 16 [ 519.560708][ T44] usb 2-1: config 0 descriptor?? [ 520.053943][ T44] hid-udraw 0003:20D6:CB17.0025: unbalanced delimiter at end of report description [ 520.069933][ T44] hid-udraw 0003:20D6:CB17.0025: parse failed [ 520.077981][ T44] hid-udraw 0003:20D6:CB17.0025: probe with driver hid-udraw failed with error -22 [ 520.564373][ T44] usb 2-1: USB disconnect, device number 10 [ 520.850299][ T8226] loop0: detected capacity change from 0 to 512 [ 520.893474][ T8228] loop3: detected capacity change from 0 to 8 [ 521.253268][ T8228] unable to read xattr id index table [ 521.469599][ T8226] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 521.515365][ T8226] System zones: 0-2, 18-18, 34-35 [ 521.621300][ T8228] loop3: detected capacity change from 0 to 512 [ 521.636381][ T8226] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 521.649916][ T8226] ext4 filesystem being mounted at /247/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 521.813971][ T8228] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.1210: corrupted in-inode xattr: invalid ea_ino [ 521.920764][ T8228] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.1210: couldn't read orphan inode 15 (err -117) [ 522.015457][ T8228] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 522.264202][ T5174] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 522.609353][ T6714] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 522.859899][ T8249] loop1: detected capacity change from 0 to 2048 [ 523.188347][ T8249] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 523.264162][ T8249] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 523.823077][ T1901] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 523.973093][ T5253] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 524.029610][ T1901] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 524.040532][ T1901] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 524.115725][ T1901] usb 5-1: config 0 descriptor?? [ 524.157634][ T1901] cp210x 5-1:0.0: cp210x converter detected [ 524.192864][ T5253] usb 1-1: Using ep0 maxpacket: 16 [ 524.274436][ T5253] usb 1-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 524.284302][ T5253] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 524.296996][ T5253] usb 1-1: Product: syz [ 524.301474][ T5253] usb 1-1: Manufacturer: syz [ 524.307784][ T5253] usb 1-1: SerialNumber: syz [ 524.481228][ T5253] usb 1-1: config 0 descriptor?? [ 524.533076][ T5253] visor 1-1:0.0: Sony Clie 3.5 converter detected [ 524.654876][ T1901] usb 5-1: cp210x converter now attached to ttyUSB0 [ 524.964238][ T5232] usb 5-1: USB disconnect, device number 12 [ 525.128373][ T5253] usb 1-1: clie_3_5_startup: get interface number bad return length: 0 [ 525.137868][ T5253] visor 1-1:0.0: probe with driver visor failed with error -5 [ 525.154861][ T5232] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 525.264339][ T5232] cp210x 5-1:0.0: device disconnected [ 525.411881][ T44] usb 1-1: USB disconnect, device number 17 [ 525.642739][ T1901] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 525.943316][ T1901] usb 4-1: Using ep0 maxpacket: 32 [ 526.164514][ T1901] usb 4-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 526.174844][ T1901] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 526.305174][ T1901] usb 4-1: config 0 descriptor?? [ 526.354862][ T8278] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1232'. [ 526.391893][ T1901] gspca_main: sq930x-2.14.0 probing 041e:403c [ 527.256685][ T1901] gspca_sq930x: reg_w 0305 fd00 failed -71 [ 527.269812][ T1901] sq930x 4-1:0.0: probe with driver sq930x failed with error -71 [ 527.418468][ T1901] usb 4-1: USB disconnect, device number 12 [ 527.491713][ T8293] futex_wake_op: syz.4.1236 tries to shift op by 32; fix this program [ 527.963467][ T8299] loop1: detected capacity change from 0 to 24 [ 527.994126][ T8301] xt_CT: You must specify a L4 protocol and not use inversions on it [ 528.340903][ T8307] loop0: detected capacity change from 0 to 64 [ 529.607250][ T8313] loop2: detected capacity change from 0 to 4096 [ 530.365644][ T8330] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 531.661064][ T8350] loop3: detected capacity change from 0 to 164 [ 531.674771][ T8346] loop1: detected capacity change from 0 to 256 [ 531.703286][ T8346] exfat: Deprecated parameter 'namecase' [ 531.709611][ T8346] exfat: Deprecated parameter 'utf8' [ 531.716234][ T8346] exfat: Deprecated parameter 'namecase' [ 531.815192][ T8346] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 531.977450][ T8353] netpci0: renamed from team0 (while UP) [ 532.008113][ T8353] netpci0: Cannot enslave team device to itself [ 532.014893][ T8353] A link change request failed with some changes committed already. Interface netpci0 may have been left with an inconsistent configuration, please check. [ 532.896743][ T8361] loop2: detected capacity change from 0 to 256 [ 532.985050][ T8361] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 532.999874][ T8361] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 533.354036][ T8361] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 534.257843][ T8379] loop3: detected capacity change from 0 to 256 [ 534.509926][ T8379] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 534.524092][ T8379] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 534.623588][ T8377] loop2: detected capacity change from 0 to 2048 [ 534.682644][ T8377] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 534.788171][ T8386] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 536.361226][ T8407] loop3: detected capacity change from 0 to 1024 [ 536.474753][ T8410] loop2: detected capacity change from 0 to 1024 [ 536.536852][ T8410] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 536.654381][ T1233] ieee802154 phy0 wpan0: encryption failed: -22 [ 536.661314][ T1233] ieee802154 phy1 wpan1: encryption failed: -22 [ 536.794697][ T8410] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 536.891301][ T8407] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 536.905943][ T8407] ext4 filesystem being mounted at /110/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 537.006474][ T8419] xt_ecn: cannot match TCP bits for non-tcp packets [ 537.245994][ T8421] loop1: detected capacity change from 0 to 64 [ 537.419655][ T29] audit: type=1800 audit(1727376062.060:33): pid=8421 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1295" name="file1" dev="loop1" ino=18 res=0 errno=0 [ 537.518754][ T6714] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 537.529494][ T5172] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 537.765134][ T8423] loop0: detected capacity change from 0 to 64 [ 538.103627][ T5253] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 538.472491][ T5253] usb 2-1: Using ep0 maxpacket: 8 [ 538.652800][ T5253] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 538.664444][ T5253] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 538.674790][ T5253] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 538.688141][ T5253] usb 2-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 538.697744][ T5253] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 539.000776][ T8443] loop0: detected capacity change from 0 to 1764 [ 539.005031][ T5253] usb 2-1: config 0 descriptor?? [ 539.307340][ T8445] netlink: 'syz.3.1308': attribute type 29 has an invalid length. [ 539.319726][ T8445] netlink: 'syz.3.1308': attribute type 29 has an invalid length. [ 539.389177][ T8443] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 540.329491][ T1901] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 540.415979][ T5253] kye 0003:0458:5013.0026: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 540.462354][ T25] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 540.510545][ T1901] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 540.522888][ T1901] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 540.533367][ T1901] usb 5-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00 [ 540.542950][ T1901] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 540.554947][ T5253] kye 0003:0458:5013.0026: unknown main item tag 0x0 [ 540.564421][ T5253] kye 0003:0458:5013.0026: unknown main item tag 0x0 [ 540.577960][ T5253] kye 0003:0458:5013.0026: unknown main item tag 0x0 [ 540.587090][ T5253] kye 0003:0458:5013.0026: unknown main item tag 0x0 [ 540.594491][ T5253] kye 0003:0458:5013.0026: unknown main item tag 0x0 [ 540.601072][ T1901] usb 5-1: config 0 descriptor?? [ 540.601444][ T5253] kye 0003:0458:5013.0026: unknown main item tag 0x0 [ 540.613772][ T5253] kye 0003:0458:5013.0026: unknown main item tag 0x0 [ 540.695140][ T25] usb 1-1: Using ep0 maxpacket: 16 [ 540.792593][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 540.804556][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 540.815755][ T25] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00 [ 540.825527][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 540.899572][ T25] usb 1-1: config 0 descriptor?? [ 541.225442][ T5253] kye 0003:0458:5013.0026: hidraw0: USB HID v0.00 Device [HID 0458:5013] on usb-dummy_hcd.1-1/input0 [ 541.238168][ T5253] kye 0003:0458:5013.0026: tablet-enabling feature report not found [ 541.246739][ T5253] kye 0003:0458:5013.0026: tablet enabling failed [ 541.384595][ T8462] program syz.2.1314 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 541.508644][ T25] konepure 0003:1E7D:2DB4.0028: unknown main item tag 0x0 [ 541.640224][ T1901] magicmouse 0003:05AC:0269.0027: hidraw1: USB HID v0.00 Device [HID 05ac:0269] on usb-dummy_hcd.4-1/input0 [ 541.894553][ T1901] usb 5-1: USB disconnect, device number 13 [ 541.914038][ T25] konepure 0003:1E7D:2DB4.0028: hidraw0: USB HID v0.00 Device [HID 1e7d:2db4] on usb-dummy_hcd.0-1/input0 [ 541.941617][ T8466] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1316'. [ 542.021771][ T5253] usb 2-1: USB disconnect, device number 11 [ 542.076356][ T25] usb 1-1: USB disconnect, device number 18 [ 542.351202][ T8470] loop2: detected capacity change from 0 to 64 [ 542.455643][ T8468] loop3: detected capacity change from 0 to 1024 [ 542.465776][ T8468] EXT4-fs: Ignoring removed orlov option [ 542.472268][ T8468] EXT4-fs: Ignoring removed bh option [ 543.229866][ T8478] loop0: detected capacity change from 0 to 16 [ 543.405393][ T8468] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 543.443249][ T8478] erofs: (device loop0): mounted with root inode @ nid 36. [ 543.907332][ T8478] erofs: (device loop0): z_erofs_do_map_blocks: inconsistent algorithmtype 1 for nid 36 [ 544.111189][ T8495] netlink: 'syz.2.1329': attribute type 32 has an invalid length. [ 544.119622][ T8495] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1329'. [ 544.129482][ T8495] (unnamed net_device) (uninitialized): option coupled_control: invalid value (127) [ 544.329931][ T6714] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 544.857683][ T8502] loop3: detected capacity change from 0 to 22 [ 545.096508][ T8502] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 545.997458][ T1901] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 546.324019][ T1901] usb 5-1: Using ep0 maxpacket: 32 [ 546.346549][ T1901] usb 5-1: config 0 has an invalid interface number: 182 but max is 0 [ 546.355370][ T1901] usb 5-1: config 0 has an invalid descriptor of length 10, skipping remainder of the config [ 546.366222][ T1901] usb 5-1: config 0 has no interface number 0 [ 546.375154][ T1901] usb 5-1: config 0 interface 182 has no altsetting 0 [ 546.519176][ T1901] usb 5-1: New USB device found, idVendor=07cf, idProduct=1001, bcdDevice=8d.fa [ 546.530681][ T1901] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 546.539268][ T1901] usb 5-1: Product: syz [ 546.543946][ T1901] usb 5-1: Manufacturer: syz [ 546.548930][ T1901] usb 5-1: SerialNumber: syz [ 546.739678][ T1901] usb 5-1: config 0 descriptor?? [ 546.785042][ T1901] usb-storage 5-1:0.182: USB Mass Storage device detected [ 546.948464][ T1901] usb-storage 5-1:0.182: Quirks match for vid 07cf pid 1001: a [ 547.801329][ T1901] usb 5-1: USB disconnect, device number 14 [ 548.240349][ T8524] loop0: detected capacity change from 0 to 4096 [ 548.309839][ T8524] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 549.009918][ T8550] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1352'. [ 549.027998][ T8524] ntfs3: loop0: Failed to initialize $Extend/$Reparse. [ 549.752818][ T29] audit: type=1400 audit(1727376074.390:34): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=8553 comm="syz.2.1354" [ 549.842735][ T8556] netlink: 'syz.3.1355': attribute type 1 has an invalid length. [ 549.850868][ T8556] netlink: 9388 bytes leftover after parsing attributes in process `syz.3.1355'. [ 550.583794][ T5253] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 550.849745][ T5253] usb 1-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 550.860069][ T5253] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 550.868800][ T5253] usb 1-1: Product: syz [ 550.873424][ T5253] usb 1-1: Manufacturer: syz [ 550.878305][ T5253] usb 1-1: SerialNumber: syz [ 551.153545][ T5253] usb 1-1: config 0 descriptor?? [ 551.225739][ T5253] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 551.876488][ T5253] gspca_sunplus: reg_r err -71 [ 551.882447][ T5253] sunplus 1-1:0.0: probe with driver sunplus failed with error -71 [ 552.065591][ T5253] usb 1-1: USB disconnect, device number 19 [ 556.427614][ T8587] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1369'. [ 559.151620][ T5179] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 559.161549][ T5179] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 559.171324][ T5179] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 559.397211][ T5179] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 559.409552][ T5179] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 559.593602][ T5179] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 563.737683][ T5178] Bluetooth: hci5: command tx timeout [ 565.792746][ T5178] Bluetooth: hci5: command tx timeout [ 569.249819][ T5178] Bluetooth: hci5: command tx timeout [ 569.495094][ T5179] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 569.968860][ T5179] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 569.980381][ T5179] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 569.996088][ T5179] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 570.008660][ T5179] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 570.030952][ T5179] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 570.258538][ T8630] loop0: detected capacity change from 0 to 512 [ 570.641760][ T8630] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 570.655404][ T8630] ext4 filesystem being mounted at /279/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 570.846742][ T8638] program syz.2.1389 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 570.975556][ T29] audit: type=1800 audit(1727376095.590:35): pid=8630 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1386" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 571.204380][ T8640] tipc: Started in network mode [ 571.210756][ T8640] tipc: Node identity aaaaaaaaaa35, cluster identity 4711 [ 571.222531][ T8640] tipc: Enabled bearer , priority 0 [ 571.634631][ T5178] Bluetooth: hci5: command tx timeout [ 571.657390][ T2976] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 571.960592][ T8597] chnl_net:caif_netlink_parms(): no params data found [ 571.971342][ T5178] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 571.996973][ T5178] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 572.066468][ T5174] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 572.126426][ T5178] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 572.184209][ T2976] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 572.248602][ T5178] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 572.274773][ T5178] Bluetooth: hci6: command tx timeout [ 572.293036][ T5178] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 572.330289][ T5178] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 572.342547][ T8648] tipc: Node number set to 10463914 [ 572.909158][ T8653] loop2: detected capacity change from 0 to 24 [ 572.924066][ T2976] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 573.248877][ T2976] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 574.237608][ T2976] bridge_slave_1: left allmulticast mode [ 574.243803][ T2976] bridge_slave_1: left promiscuous mode [ 574.250575][ T2976] bridge0: port 2(bridge_slave_1) entered disabled state [ 574.353683][ T5178] Bluetooth: hci6: command tx timeout [ 574.378951][ T2976] bridge_slave_0: left allmulticast mode [ 574.385101][ T2976] bridge_slave_0: left promiscuous mode [ 574.391867][ T2976] bridge0: port 1(bridge_slave_0) entered disabled state [ 574.596811][ T5178] Bluetooth: hci2: command tx timeout [ 575.174463][ T2976] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 575.239601][ T2976] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 575.283071][ T2976] bond0 (unregistering): Released all slaves [ 575.426295][ T8624] chnl_net:caif_netlink_parms(): no params data found [ 576.010074][ T8683] loop0: detected capacity change from 0 to 128 [ 576.066858][ T29] audit: type=1800 audit(1727376100.710:36): pid=8683 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1405" name="file1" dev="loop0" ino=1048786 res=0 errno=0 [ 576.092707][ T8683] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 578, start c7000005) [ 576.103545][ T8683] FAT-fs (loop0): Filesystem has been set read-only [ 576.330296][ T8597] bridge0: port 1(bridge_slave_0) entered blocking state [ 576.338368][ T8597] bridge0: port 1(bridge_slave_0) entered disabled state [ 576.346374][ T8597] bridge_slave_0: entered allmulticast mode [ 576.355820][ T8597] bridge_slave_0: entered promiscuous mode [ 576.509690][ T5178] Bluetooth: hci6: command tx timeout [ 576.662848][ T5178] Bluetooth: hci2: command tx timeout [ 576.961361][ T8597] bridge0: port 2(bridge_slave_1) entered blocking state [ 576.969466][ T8597] bridge0: port 2(bridge_slave_1) entered disabled state [ 576.977713][ T8597] bridge_slave_1: entered allmulticast mode [ 576.987499][ T8597] bridge_slave_1: entered promiscuous mode [ 577.221512][ T2976] hsr_slave_0: left promiscuous mode [ 577.313596][ T2976] hsr_slave_1: left promiscuous mode [ 577.373074][ T2976] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 577.380965][ T2976] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 578.582926][ T5178] Bluetooth: hci6: command tx timeout [ 578.742649][ T5178] Bluetooth: hci2: command tx timeout [ 580.675341][ T2976] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 580.683751][ T2976] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 580.750708][ T2976] veth1_macvtap: left promiscuous mode [ 580.756729][ T2976] veth0_macvtap: left promiscuous mode [ 580.763035][ T2976] veth1_vlan: left promiscuous mode [ 580.768699][ T2976] veth0_vlan: left promiscuous mode [ 580.838280][ T5178] Bluetooth: hci2: command tx timeout [ 581.700555][ T2976] team0 (unregistering): Port device team_slave_1 removed [ 581.801037][ T2976] team0 (unregistering): Port device team_slave_0 removed [ 582.183938][ T8712] loop0: detected capacity change from 0 to 2048 [ 582.391321][ T8715] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 582.580356][ T8643] chnl_net:caif_netlink_parms(): no params data found [ 582.669256][ T8597] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 582.844820][ T8597] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 583.413480][ T8597] team0: Port device team_slave_0 added [ 583.431528][ T8597] team0: Port device team_slave_1 added [ 583.913205][ T8597] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 583.920567][ T8597] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 583.947244][ T8597] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 584.011333][ T2976] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 584.086802][ T8624] bridge0: port 1(bridge_slave_0) entered blocking state [ 584.097493][ T8624] bridge0: port 1(bridge_slave_0) entered disabled state [ 584.105683][ T8624] bridge_slave_0: entered allmulticast mode [ 584.115395][ T8624] bridge_slave_0: entered promiscuous mode [ 584.131059][ T8597] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 584.138453][ T8597] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 584.164994][ T8597] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 584.200817][ T8624] bridge0: port 2(bridge_slave_1) entered blocking state [ 584.208850][ T8624] bridge0: port 2(bridge_slave_1) entered disabled state [ 584.217097][ T8624] bridge_slave_1: entered allmulticast mode [ 584.226746][ T8624] bridge_slave_1: entered promiscuous mode [ 584.477900][ T2976] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 584.652480][ T2976] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 584.902806][ T2976] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 584.960354][ T8624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 585.038548][ T5247] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 585.068502][ T8643] bridge0: port 1(bridge_slave_0) entered blocking state [ 585.077000][ T8643] bridge0: port 1(bridge_slave_0) entered disabled state [ 585.085186][ T8643] bridge_slave_0: entered allmulticast mode [ 585.094671][ T8643] bridge_slave_0: entered promiscuous mode [ 585.125390][ T8624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 585.139768][ T8643] bridge0: port 2(bridge_slave_1) entered blocking state [ 585.148189][ T8643] bridge0: port 2(bridge_slave_1) entered disabled state [ 585.156185][ T8643] bridge_slave_1: entered allmulticast mode [ 585.165766][ T8643] bridge_slave_1: entered promiscuous mode [ 585.244884][ T5247] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 585.256559][ T5247] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 585.266992][ T5247] usb 1-1: New USB device found, idVendor=056a, idProduct=0084, bcdDevice= 0.00 [ 585.276583][ T5247] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 585.370519][ T5247] usb 1-1: config 0 descriptor?? [ 585.901914][ T5247] wacom 0003:056A:0084.0029: unknown main item tag 0x0 [ 585.952337][ T8597] hsr_slave_0: entered promiscuous mode [ 585.975856][ T5247] wacom 0003:056A:0084.0029: hidraw0: USB HID v0.00 Device [HID 056a:0084] on usb-dummy_hcd.0-1/input0 [ 586.004263][ T8597] hsr_slave_1: entered promiscuous mode [ 586.028356][ T8597] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 586.036664][ T8597] Cannot create hsr debugfs directory [ 586.060457][ T8624] team0: Port device team_slave_0 added [ 586.081178][ T5247] usb 1-1: USB disconnect, device number 20 [ 586.089967][ T8643] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 586.264691][ T8624] team0: Port device team_slave_1 added [ 586.350952][ T8745] loop2: detected capacity change from 0 to 64 [ 586.439688][ T8643] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 586.898375][ T2976] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 587.388835][ T8643] team0: Port device team_slave_0 added [ 587.487815][ T2976] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 587.586084][ T8624] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 587.593588][ T8624] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 587.620159][ T8624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 587.681892][ T8643] team0: Port device team_slave_1 added [ 587.898396][ T2976] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 588.009271][ T8624] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 588.016873][ T8624] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 588.043932][ T8624] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 588.116369][ T8643] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 588.123920][ T8643] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 588.150476][ T8643] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 588.240764][ T2976] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 588.507303][ T8643] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 588.514735][ T8643] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 588.541402][ T8643] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 588.799324][ T8624] hsr_slave_0: entered promiscuous mode [ 588.865005][ T8624] hsr_slave_1: entered promiscuous mode [ 588.883570][ T8624] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 588.891535][ T8624] Cannot create hsr debugfs directory [ 589.036180][ T8767] loop0: detected capacity change from 0 to 1024 [ 589.056233][ T8767] EXT4-fs: inline encryption not supported [ 589.130732][ T8767] EXT4-fs (loop0): stripe (6) is not aligned with cluster size (16), stripe is disabled [ 589.220158][ T2976] bridge_slave_1: left allmulticast mode [ 589.228642][ T2976] bridge_slave_1: left promiscuous mode [ 589.235655][ T2976] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.349156][ T8767] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 589.366962][ T2976] bridge_slave_0: left allmulticast mode [ 589.373263][ T2976] bridge_slave_0: left promiscuous mode [ 589.379955][ T2976] bridge0: port 1(bridge_slave_0) entered disabled state [ 589.516068][ T2976] bridge_slave_1: left allmulticast mode [ 589.526546][ T2976] bridge_slave_1: left promiscuous mode [ 589.533754][ T2976] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.679503][ T2976] bridge_slave_0: left allmulticast mode [ 589.685658][ T2976] bridge_slave_0: left promiscuous mode [ 589.692542][ T2976] bridge0: port 1(bridge_slave_0) entered disabled state [ 589.754828][ T5174] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 589.912452][ T8775] loop2: detected capacity change from 0 to 1024 [ 590.388234][ T6780] hfsplus: b-tree write err: -5, ino 4 [ 590.976912][ T2976] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 590.997485][ T2976] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 591.020923][ T2976] bond0 (unregistering): Released all slaves [ 591.052487][ T2976] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 591.117438][ T2976] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 591.135684][ T2976] bond0 (unregistering): Released all slaves [ 591.374657][ T8779] netlink: 'syz.0.1432': attribute type 29 has an invalid length. [ 591.385053][ T8781] IPv6: NLM_F_REPLACE set, but no existing node found! [ 591.565563][ T8643] hsr_slave_0: entered promiscuous mode [ 591.647525][ T8643] hsr_slave_1: entered promiscuous mode [ 591.707428][ T8643] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 591.715489][ T8643] Cannot create hsr debugfs directory [ 591.747398][ T8782] netlink: 'syz.0.1432': attribute type 29 has an invalid length. [ 593.643339][ T5253] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 593.975577][ T8796] syz.2.1437 (8796): drop_caches: 2 [ 593.992743][ T5253] usb 1-1: Using ep0 maxpacket: 16 [ 594.027891][ T5253] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 594.039414][ T5253] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 594.049748][ T5253] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 594.063212][ T5253] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 594.072746][ T5253] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 594.269307][ T5253] usb 1-1: config 0 descriptor?? [ 594.462555][ T2976] hsr_slave_0: left promiscuous mode [ 594.477214][ T2976] hsr_slave_1: left promiscuous mode [ 594.520135][ T2976] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 594.529098][ T2976] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 594.593610][ T2976] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 594.601436][ T2976] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 594.678371][ T2976] hsr_slave_0: left promiscuous mode [ 594.691445][ T2976] hsr_slave_1: left promiscuous mode [ 594.703232][ T2976] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 594.711240][ T2976] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 594.753141][ T5253] microsoft 0003:045E:07DA.002A: unknown main item tag 0x0 [ 594.760904][ T5253] microsoft 0003:045E:07DA.002A: ignoring exceeding usage max [ 594.794657][ T5253] microsoft 0003:045E:07DA.002A: unknown main item tag 0x0 [ 594.802469][ T5253] microsoft 0003:045E:07DA.002A: unknown main item tag 0x0 [ 594.810067][ T5253] microsoft 0003:045E:07DA.002A: unknown main item tag 0x0 [ 594.817892][ T5253] microsoft 0003:045E:07DA.002A: unknown main item tag 0x0 [ 594.825779][ T5253] microsoft 0003:045E:07DA.002A: unknown main item tag 0x0 [ 594.833531][ T5253] microsoft 0003:045E:07DA.002A: unknown main item tag 0x0 [ 594.841094][ T5253] microsoft 0003:045E:07DA.002A: unknown main item tag 0x0 [ 594.851881][ T5253] microsoft 0003:045E:07DA.002A: unknown main item tag 0x0 [ 594.860402][ T5253] microsoft 0003:045E:07DA.002A: unknown main item tag 0x0 [ 594.868144][ T5253] microsoft 0003:045E:07DA.002A: unknown main item tag 0x0 [ 594.875846][ T5253] microsoft 0003:045E:07DA.002A: unknown main item tag 0x0 [ 594.905058][ T2976] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 594.913280][ T2976] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 594.940047][ T2976] veth1_macvtap: left promiscuous mode [ 594.948580][ T2976] veth0_macvtap: left promiscuous mode [ 594.955127][ T2976] veth1_vlan: left promiscuous mode [ 594.960749][ T2976] veth0_vlan: left promiscuous mode [ 594.992764][ T2976] veth1_macvtap: left promiscuous mode [ 594.998600][ T2976] veth0_macvtap: left promiscuous mode [ 595.004926][ T2976] veth1_vlan: left promiscuous mode [ 595.010551][ T2976] veth0_vlan: left promiscuous mode [ 595.053971][ T5253] microsoft 0003:045E:07DA.002A: No inputs registered, leaving [ 595.265861][ T5253] microsoft 0003:045E:07DA.002A: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 595.281280][ T5253] microsoft 0003:045E:07DA.002A: no inputs found [ 595.290931][ T5253] microsoft 0003:045E:07DA.002A: could not initialize ff, continuing anyway [ 595.326936][ T5253] usb 1-1: USB disconnect, device number 21 [ 596.511129][ T2976] team0 (unregistering): Port device team_slave_1 removed [ 596.551818][ T2976] team0 (unregistering): Port device team_slave_0 removed [ 597.370810][ T2976] team0 (unregistering): Port device team_slave_1 removed [ 597.480119][ T2976] team0 (unregistering): Port device team_slave_0 removed [ 597.774899][ T8597] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 597.819815][ T8597] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 598.031482][ T1233] ieee802154 phy0 wpan0: encryption failed: -22 [ 598.034712][ T8597] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 598.039399][ T1233] ieee802154 phy1 wpan1: encryption failed: -22 [ 598.235140][ T8597] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 598.640697][ T8825] loop2: detected capacity change from 0 to 512 [ 598.857353][ T8825] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters [ 598.880278][ T8825] EXT4-fs (loop2): Remounting filesystem read-only [ 598.887680][ T8825] EXT4-fs (loop2): 1 truncate cleaned up [ 598.987054][ T2976] IPVS: stop unused estimator thread 0... [ 599.197429][ T8825] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 599.542449][ T8597] 8021q: adding VLAN 0 to HW filter on device bond0 [ 599.596898][ T8597] 8021q: adding VLAN 0 to HW filter on device team0 [ 599.646284][ T3047] bridge0: port 1(bridge_slave_0) entered blocking state [ 599.654171][ T3047] bridge0: port 1(bridge_slave_0) entered forwarding state [ 599.678566][ T3047] bridge0: port 2(bridge_slave_1) entered blocking state [ 599.686469][ T3047] bridge0: port 2(bridge_slave_1) entered forwarding state [ 599.790144][ T5172] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 601.001696][ T8624] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 601.174679][ T8624] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 601.289298][ T8624] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 601.363598][ T8643] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 601.414137][ T8624] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 601.470336][ T8643] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 601.560865][ T8643] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 601.655719][ T8643] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 602.277173][ T8597] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 602.602184][ T8643] 8021q: adding VLAN 0 to HW filter on device bond0 [ 602.806807][ T8643] 8021q: adding VLAN 0 to HW filter on device team0 [ 602.928772][ T3598] bridge0: port 1(bridge_slave_0) entered blocking state [ 602.936688][ T3598] bridge0: port 1(bridge_slave_0) entered forwarding state [ 603.230095][ T3598] bridge0: port 2(bridge_slave_1) entered blocking state [ 603.238029][ T3598] bridge0: port 2(bridge_slave_1) entered forwarding state [ 603.436015][ T8624] 8021q: adding VLAN 0 to HW filter on device bond0 [ 603.448247][ T8643] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 603.485787][ T8597] veth0_vlan: entered promiscuous mode [ 603.636653][ T8597] veth1_vlan: entered promiscuous mode [ 603.823786][ T8624] 8021q: adding VLAN 0 to HW filter on device team0 [ 604.003169][ T3986] bridge0: port 1(bridge_slave_0) entered blocking state [ 604.010966][ T3986] bridge0: port 1(bridge_slave_0) entered forwarding state [ 604.085447][ T8860] loop0: detected capacity change from 0 to 1764 [ 604.093130][ T8597] veth0_macvtap: entered promiscuous mode [ 604.155117][ T3986] bridge0: port 2(bridge_slave_1) entered blocking state [ 604.163031][ T3986] bridge0: port 2(bridge_slave_1) entered forwarding state [ 604.227466][ T8860] iso9660: Unknown parameter 'nÕëÏŸEŸs' [ 604.260728][ T8597] veth1_macvtap: entered promiscuous mode [ 604.606487][ T8597] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 604.619504][ T8597] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 604.629864][ T8597] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 604.640773][ T8597] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 604.656482][ T8597] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 604.691617][ T8624] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 604.921719][ T8858] loop2: detected capacity change from 0 to 4096 [ 605.088245][ T8597] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 605.099274][ T8597] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 605.109552][ T8597] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 605.120378][ T8597] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 605.132470][ T8858] NILFS (loop2): invalid segment: Checksum error in segment payload [ 605.136201][ T8597] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 605.140825][ T8858] NILFS (loop2): trying rollback from an earlier position [ 605.161414][ T8597] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 605.171012][ T8597] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 605.180264][ T8597] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 605.190152][ T8597] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 605.735277][ T8858] NILFS (loop2): recovery complete [ 605.819369][ T8643] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 606.249171][ T8873] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 606.603332][ T8884] pimreg: entered allmulticast mode [ 607.263479][ T8624] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 607.981861][ T8624] veth0_vlan: entered promiscuous mode [ 608.164354][ T8624] veth1_vlan: entered promiscuous mode [ 608.352861][ T8643] veth0_vlan: entered promiscuous mode [ 608.569996][ T8643] veth1_vlan: entered promiscuous mode [ 608.665236][ T5247] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 608.711961][ T8624] veth0_macvtap: entered promiscuous mode [ 608.827526][ T8624] veth1_macvtap: entered promiscuous mode [ 608.935221][ T5247] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 608.946770][ T5247] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 608.959346][ T5247] usb 1-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00 [ 608.969053][ T5247] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 609.105463][ T8624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 609.116464][ T8624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.126836][ T8624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 609.137806][ T8624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.150259][ T8624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 609.161602][ T8624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.177463][ T8624] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 609.200068][ T8643] veth0_macvtap: entered promiscuous mode [ 609.232850][ T5247] usb 1-1: config 0 descriptor?? [ 609.417005][ T8643] veth1_macvtap: entered promiscuous mode [ 609.537491][ T8624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 609.550040][ T8624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.560645][ T8624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 609.571635][ T8624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.582142][ T8624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 609.595253][ T8624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.611640][ T8624] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 609.730992][ T5247] cypress 0003:04B4:DE61.002B: item fetching failed at offset 5/7 [ 609.788076][ T5247] cypress 0003:04B4:DE61.002B: parse failed [ 609.797902][ T5247] cypress 0003:04B4:DE61.002B: probe with driver cypress failed with error -22 [ 609.854097][ T8643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 609.868130][ T8643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.880863][ T8643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 609.891771][ T8643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.904234][ T8643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 609.916023][ T8643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.926282][ T8643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 609.937948][ T8643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.954968][ T8643] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 610.017137][ T8624] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.029688][ T8624] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.041130][ T8624] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.051855][ T8624] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.119403][ T8648] usb 1-1: USB disconnect, device number 22 [ 610.207391][ T8643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 610.219119][ T8643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 610.229449][ T8643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 610.240361][ T8643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 610.250711][ T8643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 610.261602][ T8643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 610.273112][ T8643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 610.284685][ T8643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 610.300341][ T8643] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 610.584091][ T8643] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.593967][ T8643] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.603278][ T8643] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.613471][ T8643] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.289920][ T8956] loop2: detected capacity change from 0 to 4096 [ 613.939506][ T8956] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 614.344421][ T3986] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 614.352672][ T3986] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 614.545393][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 614.554241][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 617.477938][ T9011] mkiss: ax0: crc mode is auto. [ 618.535031][ T3860] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 618.543275][ T3860] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 618.794140][ T3860] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 618.802396][ T3860] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 619.002956][ T3860] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 619.015220][ T3860] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 619.326109][ T3860] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 619.334404][ T3860] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 621.414128][ T9063] netlink: 'syz.2.1497': attribute type 3 has an invalid length. [ 621.911429][ T9072] loop4: detected capacity change from 0 to 1024 [ 622.243297][ T10] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 622.519605][ T10] usb 3-1: config 0 has an invalid interface number: 117 but max is 0 [ 622.528589][ T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 622.539311][ T10] usb 3-1: config 0 has no interface number 0 [ 622.545897][ T10] usb 3-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 622.556418][ T10] usb 3-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 622.766969][ T3860] hfsplus: b-tree write err: -5, ino 4 [ 623.101835][ T10] usb 3-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 623.123764][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 623.133474][ T10] usb 3-1: Product: syz [ 623.137950][ T10] usb 3-1: Manufacturer: syz [ 623.143614][ T10] usb 3-1: SerialNumber: syz [ 623.154344][ T10] usb 3-1: config 0 descriptor?? [ 623.433474][ T9089] loop3: detected capacity change from 0 to 256 [ 623.846732][ T10] usbtouchscreen 3-1:0.117: probe with driver usbtouchscreen failed with error -71 [ 623.849183][ T9092] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1507'. [ 623.902596][ T10] usb 3-1: USB disconnect, device number 11 [ 624.889033][ T9089] FAT-fs (loop3): Directory bread(block 64) failed [ 624.896143][ T9089] FAT-fs (loop3): Directory bread(block 65) failed [ 624.903599][ T9089] FAT-fs (loop3): Directory bread(block 66) failed [ 624.910439][ T9089] FAT-fs (loop3): Directory bread(block 67) failed [ 624.917595][ T9089] FAT-fs (loop3): Directory bread(block 68) failed [ 624.924700][ T9089] FAT-fs (loop3): Directory bread(block 69) failed [ 624.931683][ T9089] FAT-fs (loop3): Directory bread(block 70) failed [ 624.938764][ T9089] FAT-fs (loop3): Directory bread(block 71) failed [ 624.945879][ T9089] FAT-fs (loop3): Directory bread(block 72) failed [ 624.958557][ T9089] FAT-fs (loop3): Directory bread(block 73) failed [ 625.688261][ T9115] loop2: detected capacity change from 0 to 2048 [ 625.990297][ T9119] netlink: 17 bytes leftover after parsing attributes in process `syz.1.1517'. [ 627.190272][ T9140] kernel profiling enabled (shift: 63) [ 627.196337][ T9140] profiling shift: 63 too large [ 627.405503][ T9115] NILFS error (device loop2): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 627.425989][ T9138] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 627.479536][ T9146] loop1: detected capacity change from 0 to 512 [ 627.494635][ T9115] Remounting filesystem read-only [ 627.673165][ T9146] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 627.893559][ T9146] EXT4-fs (loop1): 1 truncate cleaned up [ 627.901306][ T9146] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 628.459364][ T8597] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 628.772213][ T9164] loop3: detected capacity change from 0 to 128 [ 629.329510][ T9171] loop4: detected capacity change from 0 to 512 [ 629.387081][ T9160] sctp: failed to load transform for md5: -2 [ 629.418572][ T9171] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 629.635096][ T9171] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #16: comm syz.4.1538: invalid indirect mapped block 83886080 (level 1) [ 629.725772][ T9171] EXT4-fs (loop4): Remounting filesystem read-only [ 629.773581][ T9171] EXT4-fs (loop4): 1 orphan inode deleted [ 629.779657][ T9171] EXT4-fs (loop4): 1 truncate cleaned up [ 629.787623][ T9171] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 630.073864][ T9182] loop1: detected capacity change from 0 to 128 [ 630.183420][ T9182] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 630.262795][ T8643] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 630.270897][ T9182] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 630.299262][ T9181] loop0: detected capacity change from 0 to 1024 [ 630.380745][ T9186] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1545'. [ 630.414048][ T9181] hfsplus: walked past end of dir [ 631.798482][ T9203] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1551'. [ 632.335428][ T8648] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 632.517799][ T8648] usb 1-1: Using ep0 maxpacket: 32 [ 632.649561][ T8648] usb 1-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 632.659334][ T8648] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 632.667830][ T8648] usb 1-1: Product: syz [ 632.672468][ T8648] usb 1-1: Manufacturer: syz [ 632.677356][ T8648] usb 1-1: SerialNumber: syz [ 632.806192][ T8648] usb 1-1: config 0 descriptor?? [ 633.272423][ T8648] airspy 1-1:0.0: Board ID: 00 [ 633.277656][ T8648] airspy 1-1:0.0: Firmware version: [ 633.695562][ T9229] loop2: detected capacity change from 0 to 64 [ 633.819926][ T8648] airspy 1-1:0.0: usb_control_msg() failed -71 request 11 [ 634.008341][ T9231] loop4: detected capacity change from 0 to 2048 [ 634.028770][ T8648] airspy 1-1:0.0: Registered as swradio16 [ 634.036115][ T8648] airspy 1-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 634.106881][ T9231] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 634.113651][ T8648] usb 1-1: USB disconnect, device number 23 [ 634.337005][ T9231] cifs: Unknown parameter 'anchor' [ 635.597772][ T9244] loop3: detected capacity change from 0 to 1024 [ 636.082720][ T5247] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 636.199093][ T9252] loop1: detected capacity change from 0 to 2048 [ 636.322719][ T5247] usb 3-1: Using ep0 maxpacket: 16 [ 636.347272][ T9252] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 636.362684][ T5247] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 636.371253][ T5247] usb 3-1: config 0 has no interface number 0 [ 636.378001][ T5247] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 636.395429][ T5247] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 636.405952][ T5247] usb 3-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 636.424582][ T5247] usb 3-1: New USB device found, idVendor=04d9, idProduct=a072, bcdDevice= 0.00 [ 636.436143][ T5247] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 636.444708][ T3598] hfsplus: b-tree write err: -5, ino 4 [ 636.674067][ T5247] usb 3-1: config 0 descriptor?? [ 636.704050][ T5234] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 636.919547][ T5234] usb 5-1: config 0 has an invalid interface number: 4 but max is 0 [ 636.928307][ T5234] usb 5-1: config 0 has no interface number 0 [ 636.938059][ T5234] usb 5-1: config 0 interface 4 has no altsetting 0 [ 636.946061][ T5234] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 636.955614][ T5234] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 637.079043][ T5234] usb 5-1: config 0 descriptor?? [ 637.244454][ T5234] cp210x 5-1:0.4: cp210x converter detected [ 637.412791][ T5247] holtek_mouse 0003:04D9:A072.002C: unknown main item tag 0x0 [ 637.540123][ T5247] holtek_mouse 0003:04D9:A072.002C: hidraw0: USB HID v0.00 Device [HID 04d9:a072] on usb-dummy_hcd.2-1/input1 [ 637.651425][ T5234] cp210x 5-1:0.4: failed to get vendor val 0x000e size 3: -71 [ 637.664815][ T5247] usb 3-1: USB disconnect, device number 12 [ 637.667014][ T5234] usb 5-1: cp210x converter now attached to ttyUSB0 [ 637.807800][ T5234] usb 5-1: USB disconnect, device number 15 [ 637.820684][ T9267] loop3: detected capacity change from 0 to 256 [ 637.861317][ T5234] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 637.905984][ T9267] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 637.917578][ T9267] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 637.934381][ T5234] cp210x 5-1:0.4: device disconnected [ 637.990792][ T9267] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 638.066223][ T9271] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 639.581284][ T9285] syz.3.1590: attempt to access beyond end of device [ 639.581284][ T9285] loop3: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 639.598366][ T9285] XFS (loop3): SB validate failed with error -5. [ 639.754138][ T43] I/O error, dev loop3, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 0 prio class 0 [ 640.055249][ T9293] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/loop3": -EINTR [ 640.061656][ T43] I/O error, dev loop3, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 0 prio class 0 [ 641.266067][ T9321] loop1: detected capacity change from 0 to 128 [ 641.753070][ T9321] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 642.086057][ T9335] loop2: detected capacity change from 0 to 16 [ 642.106734][ T9321] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 642.126824][ T9335] erofs: (device loop2): mounted with root inode @ nid 36. [ 642.307935][ T9335] erofs: (device loop2): erofs_map_blocks_flatmode: inline data across blocks @ nid 36 [ 642.337523][ T9339] loop0: detected capacity change from 0 to 512 [ 642.573607][ T9339] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 642.587172][ T9339] ext4 filesystem being mounted at /356/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 642.817640][ T9339] EXT4-fs error (device loop0): ext4_readdir:261: inode #2: block 3: comm syz.0.1606: path /356/file1: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 642.912328][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 642.920121][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 642.928189][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 642.936180][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 642.944098][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 642.951861][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 642.959812][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 642.967822][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 642.979105][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 642.988187][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 642.996115][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.004059][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.011810][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.019685][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.025005][ T9339] EXT4-fs (loop0): Remounting filesystem read-only [ 643.027533][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.041732][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.049806][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.057709][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.065682][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.077137][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.085940][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.093872][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.101625][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.109762][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.117696][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.125625][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.133541][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.141285][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.149219][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.157112][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.165405][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.173277][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.184412][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.193515][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.201272][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.209200][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.217145][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.225091][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.232985][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.240733][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.248629][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.257220][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.265182][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.273136][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.284775][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.293898][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.301689][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.312816][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.320589][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.330507][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.338541][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.346461][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.354517][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.362441][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.370202][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.378127][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.389350][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.398306][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.406386][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.414672][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.422555][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.430324][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.438309][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.446637][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.454575][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.462472][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.470234][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.478636][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.490002][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.498966][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.507035][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.514996][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.522923][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.530688][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.538654][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.546617][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.554531][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.562552][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.570310][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.578262][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.589438][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.598499][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.606443][ T5234] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 643.651667][ T9352] ALSA: seq fatal error: cannot create timer (-22) [ 643.708252][ T5234] hid-generic 0000:0000:0000.002D: hidraw0: HID v0.00 Device [syz1] on syz0 [ 643.991815][ T9360] nbd: couldn't find a device at index 63488 [ 644.415055][ T5174] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 646.051458][ T9389] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1623'. [ 646.369222][ T9391] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1624'. [ 647.109795][ T9399] loop0: detected capacity change from 0 to 1024 [ 647.833908][ T9399] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 647.847137][ T9399] ext4 filesystem being mounted at /358/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 648.484857][ T9419] loop4: detected capacity change from 0 to 512 [ 648.820389][ T9419] Quota error (device loop4): do_check_range: Getting dqdh_entries 1536 out of range 0-14 [ 648.834329][ T9419] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 648.845385][ T9419] EXT4-fs error (device loop4): ext4_acquire_dquot:6879: comm syz.4.1633: Failed to acquire dquot type 1 [ 649.019686][ T5174] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 649.313096][ T9419] EXT4-fs (loop4): 1 truncate cleaned up [ 649.324707][ T9419] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 649.339751][ T9419] ext4 filesystem being mounted at /29/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 649.709947][ T9410] loop3: detected capacity change from 0 to 32768 [ 649.720373][ T9410] XFS (loop3): stripe width (6) must be a multiple of the stripe unit (255) [ 650.454409][ T8643] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 650.888218][ T9440] loop2: detected capacity change from 0 to 128 [ 651.040368][ T9440] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 651.107251][ T9440] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 651.639965][ T9457] loop4: detected capacity change from 0 to 256 [ 651.712587][ T9457] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 651.724728][ T9457] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 651.774750][ T9455] loop1: detected capacity change from 0 to 1024 [ 651.935170][ T9457] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe563dbae, utbl_chksum : 0xe619d30d) [ 652.373049][ T9455] hfsplus: bad catalog entry type [ 652.728642][ T9470] fuse: Invalid rootmode [ 652.869497][ T3986] hfsplus: b-tree write err: -5, ino 4 [ 654.163654][ T5234] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 654.362688][ T5234] usb 2-1: Using ep0 maxpacket: 8 [ 654.401835][ T5234] usb 2-1: config 0 has an invalid interface number: 52 but max is 0 [ 654.410839][ T5234] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 654.421519][ T5234] usb 2-1: config 0 has no interface number 0 [ 654.428201][ T5234] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 654.443178][ T5234] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 654.454412][ T5234] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 654.468338][ T5234] usb 2-1: config 0 interface 52 has no altsetting 0 [ 654.782379][ T5234] usb 2-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 654.791909][ T5234] usb 2-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 654.800772][ T5234] usb 2-1: Manufacturer: syz [ 654.915395][ T5234] usb 2-1: config 0 descriptor?? [ 655.239217][ T5234] synaptics_usb 2-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 655.250505][ T5234] synaptics_usb 2-1:0.52: probe with driver synaptics_usb failed with error -5 [ 655.972741][ T8648] usb 2-1: USB disconnect, device number 12 [ 656.047141][ T9500] loop0: detected capacity change from 0 to 2048 [ 656.400067][ T9517] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 656.647024][ T29] audit: type=1800 audit(1727376181.230:37): pid=9500 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1663" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 657.429090][ T9517] NILFS (loop0): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 657.440355][ T9517] NILFS error (device loop0): nilfs_bmap_propagate: broken bmap (inode number=4) [ 657.527984][ T9517] Remounting filesystem read-only [ 657.553140][ T9529] syz.2.1673: attempt to access beyond end of device [ 657.553140][ T9529] loop2: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 657.567051][ T9529] XFS (loop2): SB validate failed with error -5. [ 657.727377][ T5174] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer [ 657.775270][ T56] I/O error, dev loop2, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 0 prio class 0 [ 658.074481][ T9532] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/loop2": -EINTR [ 658.075612][ T56] I/O error, dev loop2, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 0 prio class 0 [ 659.365077][ T1233] ieee802154 phy0 wpan0: encryption failed: -22 [ 659.371844][ T1233] ieee802154 phy1 wpan1: encryption failed: -22 [ 659.963268][ T8648] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 660.223557][ T9573] netlink: 180 bytes leftover after parsing attributes in process `syz.4.1689'. [ 660.377602][ T8648] usb 3-1: Using ep0 maxpacket: 8 [ 660.415069][ T8648] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 660.426627][ T8648] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 660.437000][ T8648] usb 3-1: New USB device found, idVendor=17ef, idProduct=60a3, bcdDevice= 0.00 [ 660.446669][ T8648] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 660.517811][ T8648] usb 3-1: config 0 descriptor?? [ 661.263133][ T8648] lenovo 0003:17EF:60A3.002E: unknown main item tag 0x0 [ 661.270610][ T8648] lenovo 0003:17EF:60A3.002E: unknown main item tag 0x0 [ 661.279505][ T8648] lenovo 0003:17EF:60A3.002E: unknown main item tag 0x0 [ 661.287185][ T8648] lenovo 0003:17EF:60A3.002E: unknown main item tag 0x0 [ 661.294619][ T8648] lenovo 0003:17EF:60A3.002E: unknown main item tag 0x0 [ 661.366533][ T8648] lenovo 0003:17EF:60A3.002E: hidraw0: USB HID v0.00 Device [HID 17ef:60a3] on usb-dummy_hcd.2-1/input0 [ 661.707581][ T5234] usb 3-1: USB disconnect, device number 13 [ 662.236133][ T9599] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1697'. [ 662.484470][ T9601] loop1: detected capacity change from 0 to 2048 [ 662.698373][ T9603] loop3: detected capacity change from 0 to 512 [ 662.944877][ T9606] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 664.672368][ T10] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 664.697802][ T9630] loop2: detected capacity change from 0 to 256 [ 664.920744][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 664.932692][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 664.944477][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 664.957980][ T10] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 664.965258][ T9634] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1711'. [ 664.967523][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 665.252177][ T10] usb 5-1: config 0 descriptor?? [ 665.259802][ T9628] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 665.907995][ T10] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0 [ 665.921332][ T10] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0 [ 665.930860][ T10] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0 [ 665.938835][ T10] plantronics 0003:047F:FFFF.002F: unknown main item tag 0xd [ 666.096304][ T10] plantronics 0003:047F:FFFF.002F: No inputs registered, leaving [ 666.190073][ T10] plantronics 0003:047F:FFFF.002F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 666.327288][ T10] usb 5-1: USB disconnect, device number 16 [ 667.184390][ T9661] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 668.015947][ T9670] netlink: 'syz.0.1724': attribute type 33 has an invalid length. [ 668.024555][ T9670] netlink: 'syz.0.1724': attribute type 3 has an invalid length. [ 668.032789][ T9670] netlink: 152988 bytes leftover after parsing attributes in process `syz.0.1724'. [ 670.411727][ T9673] loop3: detected capacity change from 0 to 32768 [ 670.427063][ T9673] (syz.3.1726,9673,1):ocfs2_fill_super:1178 ERROR: status = -22 [ 670.575532][ T9690] ===================================================== [ 670.583112][ T9690] BUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 [ 670.591429][ T9690] nf_reject_ip6_tcphdr_put+0x688/0x6c0 [ 670.597582][ T9690] nf_send_reset6+0xd84/0x15b0 [ 670.602881][ T9690] nft_reject_inet_eval+0x3c1/0x880 [ 670.608368][ T9690] nft_do_chain+0x426/0x2290 [ 670.613393][ T9690] nft_do_chain_inet+0x41a/0x4f0 [ 670.618618][ T9690] nf_hook_slow+0xf4/0x400 [ 670.623583][ T9690] ipv6_rcv+0x29b/0x390 [ 670.627988][ T9690] __netif_receive_skb+0x1da/0xa00 [ 670.633537][ T9690] netif_receive_skb+0x58/0x660 [ 670.638688][ T9690] tun_rx_batched+0x3ee/0x980 [ 670.643797][ T9690] tun_get_user+0x5783/0x6c60 [ 670.648739][ T9690] tun_chr_write_iter+0x3ac/0x5d0 [ 670.654180][ T9690] vfs_write+0xb28/0x1540 [ 670.658749][ T9690] ksys_write+0x24f/0x4c0 [ 670.663519][ T9690] __x64_sys_write+0x93/0xe0 [ 670.668349][ T9690] x64_sys_call+0x306a/0x3ba0 [ 670.673464][ T9690] do_syscall_64+0xcd/0x1e0 [ 670.678189][ T9690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 670.684527][ T9690] [ 670.687051][ T9690] Uninit was stored to memory at: [ 670.692558][ T9690] nf_reject_ip6_tcphdr_put+0x60c/0x6c0 [ 670.698384][ T9690] nf_send_reset6+0xd84/0x15b0 [ 670.703585][ T9690] nft_reject_inet_eval+0x3c1/0x880 [ 670.709126][ T9690] nft_do_chain+0x426/0x2290 [ 670.714222][ T9690] nft_do_chain_inet+0x41a/0x4f0 [ 670.719412][ T9690] nf_hook_slow+0xf4/0x400 [ 670.724215][ T9690] ipv6_rcv+0x29b/0x390 [ 670.728610][ T9690] __netif_receive_skb+0x1da/0xa00 [ 670.734184][ T9690] netif_receive_skb+0x58/0x660 [ 670.739315][ T9690] tun_rx_batched+0x3ee/0x980 [ 670.744414][ T9690] tun_get_user+0x5783/0x6c60 [ 670.749340][ T9690] tun_chr_write_iter+0x3ac/0x5d0 [ 670.754785][ T9690] vfs_write+0xb28/0x1540 [ 670.759359][ T9690] ksys_write+0x24f/0x4c0 [ 670.764100][ T9690] __x64_sys_write+0x93/0xe0 [ 670.768964][ T9690] x64_sys_call+0x306a/0x3ba0 [ 670.774071][ T9690] do_syscall_64+0xcd/0x1e0 [ 670.778781][ T9690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 670.785113][ T9690] [ 670.787562][ T9690] Uninit was stored to memory at: [ 670.793072][ T9690] nf_reject_ip6_tcphdr_put+0x2ca/0x6c0 [ 670.798900][ T9690] nf_send_reset6+0xd84/0x15b0 [ 670.804084][ T9690] nft_reject_inet_eval+0x3c1/0x880 [ 670.809559][ T9690] nft_do_chain+0x426/0x2290 [ 670.814571][ T9690] nft_do_chain_inet+0x41a/0x4f0 [ 670.819761][ T9690] nf_hook_slow+0xf4/0x400 [ 670.824598][ T9690] ipv6_rcv+0x29b/0x390 [ 670.828991][ T9690] __netif_receive_skb+0x1da/0xa00 [ 670.834579][ T9690] netif_receive_skb+0x58/0x660 [ 670.839715][ T9690] tun_rx_batched+0x3ee/0x980 [ 670.844864][ T9690] tun_get_user+0x5783/0x6c60 [ 670.849794][ T9690] tun_chr_write_iter+0x3ac/0x5d0 [ 670.855231][ T9690] vfs_write+0xb28/0x1540 [ 670.859791][ T9690] ksys_write+0x24f/0x4c0 [ 670.864530][ T9690] __x64_sys_write+0x93/0xe0 [ 670.869361][ T9690] x64_sys_call+0x306a/0x3ba0 [ 670.874449][ T9690] do_syscall_64+0xcd/0x1e0 [ 670.879154][ T9690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 670.885458][ T9690] [ 670.887910][ T9690] Uninit was created at: [ 670.892598][ T9690] kmem_cache_alloc_node_noprof+0x6bf/0xb80 [ 670.898758][ T9690] kmalloc_reserve+0x13d/0x4a0 [ 670.904040][ T9690] __alloc_skb+0x363/0x7b0 [ 670.908706][ T9690] nf_send_reset6+0x98d/0x15b0 [ 670.913877][ T9690] nft_reject_inet_eval+0x3c1/0x880 [ 670.919348][ T9690] nft_do_chain+0x426/0x2290 [ 670.924342][ T9690] nft_do_chain_inet+0x41a/0x4f0 [ 670.929536][ T9690] nf_hook_slow+0xf4/0x400 [ 670.934341][ T9690] ipv6_rcv+0x29b/0x390 [ 670.938744][ T9690] __netif_receive_skb+0x1da/0xa00 [ 670.944281][ T9690] netif_receive_skb+0x58/0x660 [ 670.949393][ T9690] tun_rx_batched+0x3ee/0x980 [ 670.954458][ T9690] tun_get_user+0x5783/0x6c60 [ 670.959384][ T9690] tun_chr_write_iter+0x3ac/0x5d0 [ 670.964815][ T9690] vfs_write+0xb28/0x1540 [ 670.969384][ T9690] ksys_write+0x24f/0x4c0 [ 670.974081][ T9690] __x64_sys_write+0x93/0xe0 [ 670.978921][ T9690] x64_sys_call+0x306a/0x3ba0 [ 670.984046][ T9690] do_syscall_64+0xcd/0x1e0 [ 670.988793][ T9690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 670.995101][ T9690] [ 670.997569][ T9690] CPU: 0 UID: 0 PID: 9690 Comm: syz.2.1733 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 671.008328][ T9690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 671.018804][ T9690] ===================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 671.026074][ T9690] Disabling lock debugging due to kernel taint [ 671.032553][ T9690] Kernel panic - not syncing: kmsan.panic set ... [ 671.039167][ T9690] CPU: 0 UID: 0 PID: 9690 Comm: syz.2.1733 Tainted: G B 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 671.051271][ T9690] Tainted: [B]=BAD_PAGE [ 671.055673][ T9690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 671.065957][ T9690] Call Trace: [ 671.069398][ T9690] [ 671.072478][ T9690] dump_stack_lvl+0x216/0x2d0 [ 671.077449][ T9690] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 671.083575][ T9690] dump_stack+0x1e/0x30 [ 671.088003][ T9690] panic+0x4e2/0xcf0 [ 671.092141][ T9690] ? kmsan_get_metadata+0xd1/0x1c0 [ 671.097544][ T9690] kmsan_report+0x2c7/0x2d0 [ 671.102295][ T9690] ? kmsan_internal_chain_origin+0x20/0xd0 [ 671.108337][ T9690] ? __msan_warning+0x95/0x120 [ 671.113319][ T9690] ? nf_reject_ip6_tcphdr_put+0x688/0x6c0 [ 671.119277][ T9690] ? nf_send_reset6+0xd84/0x15b0 [ 671.124438][ T9690] ? nft_reject_inet_eval+0x3c1/0x880 [ 671.130047][ T9690] ? nft_do_chain+0x426/0x2290 [ 671.135039][ T9690] ? nft_do_chain_inet+0x41a/0x4f0 [ 671.140400][ T9690] ? nf_hook_slow+0xf4/0x400 [ 671.145205][ T9690] ? ipv6_rcv+0x29b/0x390 [ 671.149745][ T9690] ? __netif_receive_skb+0x1da/0xa00 [ 671.155278][ T9690] ? netif_receive_skb+0x58/0x660 [ 671.160536][ T9690] ? tun_rx_batched+0x3ee/0x980 [ 671.165616][ T9690] ? tun_get_user+0x5783/0x6c60 [ 671.170686][ T9690] ? tun_chr_write_iter+0x3ac/0x5d0 [ 671.176110][ T9690] ? vfs_write+0xb28/0x1540 [ 671.180821][ T9690] ? ksys_write+0x24f/0x4c0 [ 671.185519][ T9690] ? __x64_sys_write+0x93/0xe0 [ 671.190498][ T9690] ? x64_sys_call+0x306a/0x3ba0 [ 671.195562][ T9690] ? do_syscall_64+0xcd/0x1e0 [ 671.200411][ T9690] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 671.206697][ T9690] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 671.213008][ T9690] ? kmsan_get_metadata+0x13e/0x1c0 [ 671.218455][ T9690] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 671.224516][ T9690] ? kmem_cache_alloc_node_noprof+0x6df/0xb80 [ 671.230824][ T9690] ? kmsan_get_metadata+0x13e/0x1c0 [ 671.236276][ T9690] ? kmsan_get_metadata+0x13e/0x1c0 [ 671.241746][ T9690] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 671.248261][ T9690] ? csum_partial+0x45e/0x4b0 [ 671.253175][ T9690] __msan_warning+0x95/0x120 [ 671.258005][ T9690] nf_reject_ip6_tcphdr_put+0x688/0x6c0 [ 671.263837][ T9690] nf_send_reset6+0xd84/0x15b0 [ 671.268872][ T9690] nft_reject_inet_eval+0x3c1/0x880 [ 671.274315][ T9690] ? kmsan_get_metadata+0x13e/0x1c0 [ 671.279779][ T9690] ? __pfx_nft_reject_inet_eval+0x10/0x10 [ 671.285771][ T9690] nft_do_chain+0x426/0x2290 [ 671.290599][ T9690] ? kmsan_get_metadata+0x13e/0x1c0 [ 671.296053][ T9690] ? kmsan_get_metadata+0x13e/0x1c0 [ 671.301537][ T9690] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 671.308105][ T9690] ? kmsan_get_metadata+0x13e/0x1c0 [ 671.313574][ T9690] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 671.319643][ T9690] nft_do_chain_inet+0x41a/0x4f0 [ 671.324835][ T9690] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 671.330522][ T9690] nf_hook_slow+0xf4/0x400 [ 671.335159][ T9690] ipv6_rcv+0x29b/0x390 [ 671.339534][ T9690] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 671.345005][ T9690] __netif_receive_skb+0x1da/0xa00 [ 671.350378][ T9690] ? kmsan_get_metadata+0x13e/0x1c0 [ 671.355815][ T9690] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 671.361919][ T9690] netif_receive_skb+0x58/0x660 [ 671.367012][ T9690] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 671.373074][ T9690] ? tun_rx_batched+0x37c/0x980 [ 671.378176][ T9690] tun_rx_batched+0x3ee/0x980 [ 671.383077][ T9690] ? kmsan_get_metadata+0x13e/0x1c0 [ 671.388520][ T9690] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 671.394672][ T9690] tun_get_user+0x5783/0x6c60 [ 671.399583][ T9690] ? kmsan_get_metadata+0x13e/0x1c0 [ 671.405046][ T9690] ? kmsan_get_metadata+0x13e/0x1c0 [ 671.410487][ T9690] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 671.417065][ T9690] ? ref_tracker_alloc+0x470/0x7e0 [ 671.422415][ T9690] tun_chr_write_iter+0x3ac/0x5d0 [ 671.427870][ T9690] vfs_write+0xb28/0x1540 [ 671.432463][ T9690] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 671.438271][ T9690] ksys_write+0x24f/0x4c0 [ 671.442838][ T9690] __x64_sys_write+0x93/0xe0 [ 671.447685][ T9690] x64_sys_call+0x306a/0x3ba0 [ 671.452654][ T9690] do_syscall_64+0xcd/0x1e0 [ 671.457371][ T9690] ? clear_bhb_loop+0x25/0x80 [ 671.462271][ T9690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 671.468398][ T9690] RIP: 0033:0x7f84cd77ca1f [ 671.472973][ T9690] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 671.492825][ T9690] RSP: 002b:00007f84ce606000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 671.501460][ T9690] RAX: ffffffffffffffda RBX: 00007f84cd935f80 RCX: 00007f84cd77ca1f [ 671.509611][ T9690] RDX: 000000000000004a RSI: 0000000020000240 RDI: 00000000000000c8 [ 671.517745][ T9690] RBP: 00007f84cd7f0216 R08: 0000000000000000 R09: 0000000000000000 [ 671.525879][ T9690] R10: 000000000000004a R11: 0000000000000293 R12: 0000000000000000 [ 671.534007][ T9690] R13: 0000000000000000 R14: 00007f84cd935f80 R15: 00007ffd89587fd8 [ 671.542194][ T9690] [ 671.545667][ T9690] Kernel Offset: disabled [ 671.550083][ T9690] Rebooting in 86400 seconds..