last executing test programs: 10.145190368s ago: executing program 0 (id=552): syz_mount_image$erofs(&(0x7f0000000340), &(0x7f0000000580)='./file2\x00', 0x2000000, &(0x7f00000004c0)=ANY=[], 0x1, 0x218, &(0x7f0000000b40)="$eJzslL9rFEEUx78zu7e5FRFtUthYGDCi2Uv2UNIcGkGwEiHxV6WHWUO8TU4uK5gDwWBjo52FYGPhP2CRIpWFnf+AoIUKgoVXWNiIMDI7s3uTTM491rPK+xTDd/a9N2/eu7kHgiD2LF8+//z05NzswkkA+zGBMf39mwMwpjQ3/D8+v3fiWeP8i9cfXr1dPfBga+d5MkSI7R+qf8nvAngz5yDJM+XRv6SY0JsF8FxfBsdxra+CIdD6JjiuaB2B4brWdwzdlv5BcHs5joJb7XhRimm5zMgllEt95/16GwyLei+EEMywr613W804jjqGcLVtF1MpkSdrjVv9q8BDb46jYdxPdvHa40cbcp/1Ztro32+hkLoOhnn9fRZjWW9US4z6D7v98x2r/l2rzVIUFVlVovFjJM0yxaGpcuGTspyztukgylwD26Mq6JtkJ0dbsvV0UuEWv8Uz+gctkevisFU89QH8p0pNUaqKTIz3tt7Zpq9F4YIVp2DDv5/qsHfO/ojlO+aj2+L/0rFBF3u/qeaHeMlwzJhPrjE/asnK3draendqeaW5FC1Fq2FYP82Ah6fCWjqI1GrNvf589tP5tM84vzLA1+Me7jeTpDOjVo958JEknTDdh8bfZn6z/f2GDktwAcBRtZGz38tPdKwczFM+PPWVatJ2IgiCIAiCIAiCIAiCIAiCKMURMIhiwkup958AAAD//7vAayc=") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$overlay(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000080)='./file0\x00') pivot_root(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file2\x00') mount$fuseblk(0x0, &(0x7f0000005840)='./file3\x00', 0x0, 0x0, 0x0) 10.144305493s ago: executing program 3 (id=555): r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) mmap(&(0x7f00009ff000/0x600000)=nil, 0x600000, 0x0, 0x11, r0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0xfffffeffffff7ffe, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000006180)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)='\r', 0x1}, {&(0x7f0000001300)="e6a77044c694087bcedeae8387c2cc85e9cb78b68beb8154448b7f19e6a1cd9154bc8a90cd786ee5e3f214ed854b9613c81d456c0d63e907bd3dbe3a7f54455c9ab178dcb47589c33899895d9ae8571bdab6142c717e2ddf680b6f431f6d1004bdee8e8e863f25950d5bd29cd48b231d9adc9b30865846143b89ae111d5206a4", 0x80}], 0x2}}, {{0x0, 0x0, &(0x7f0000004640)=[{&(0x7f0000003640)="9b928d1d09722b8314e7286f9cac1a15a476d0234c6e89eb95dea595d5b052ede957aa251ce095ff698ef18a981b59bac8f8dc78752ffe570cb4af2f33561e059cab5756e8442f493038b2a8febd4c19974e37e41cae0d260df838b4d9ff1d798d66f8d03988143547648178c4d41167fc6c5707e486d26899c3e3d62ac768906c9213fb885d0fa0660e654fafc584235ccbb86514417555f2b687974d4f1e4eae16fd2b1b90cf1cf22db9346cc1fb61ef1c51a01e5ff80500aa6f3fef7f72427532991395d353006424bfdb4075a130f39240459bb5f608c08ef3da9c7c6147696509445e7d8892dfd4b4ab5b9629bde1bbc3f5384edce8f9bb2d8b8881b7d94a52736e7704ff8ebde7d8a8ca395b78a7fc9636b0e6c375c0e44a87d4fa3ea58e4ef19dcdcbf5e5d65720616f84976f941bc16059dc3f1d0f04c2005628eb96a99007433c0c6cf5b86954f7b0e6170e7db8220dac769bafd6a8f099ec1c12919ec1dd86685a2f1c889e7f68726c5dccf9f3c439b9825bb67c06f308c129e993e446beca9fbcffe634d013914478a8f2ccb5ab4ddbf6d2451b171a42ce87b7e3a6fea6692ef101ad221e37a82518b71c9a7f1aa59120bd817685a5988d03222bc8da345bb2abe5507be48b84e607daee2bdfca3d8a62e3aff60ba2c267f4fdd99fe10acc7a42c7cad5731705ce9acb340b518e012655178cab6576bcc72c3d2c846d465c31e940e2ca649687fef3ca19773cd0e7ddb9e8dc6d72877c68305ffc42bccbd428901a868d688acf051ea49db6f451616ed0d12de6b088a93891fd98a6a08b0fe3291edf9e5d251f0d817524c4bd142f5241dd66bd19948f62f56ab2a00bd52b7fd8faaf96ff178d460732b7076ee42af5f246c5fa2d345518c5594624a419e11a4e82c4456d908b241be4b18bc1bf34fa9e130c9be40046e7627e449d230c93920b3f037dcdbf18001aa14e31dee3c3183c170ea55ad311a742924582934f542da65505e5f8fd696c9e6a1f971fe219e285137e145fbab64b4e9746813eda529a9a0249bd5b5a5187ec1859a457461f0df098b9815d0b6555ece9794b097da991f57109b9649ae37ec28e2c48d60d65bc29ee408d3aa486067035404c115065ba30ba4d012d4ec7f10a60538e820167891e98db158043274c66650e02bf38b0def763b1019b5ce33f614edf546a96c45dc012189bcbe9aea0c55abf77382b8c3351cf9a4d95c15fc8bd6d12af37418612434eba94e186ec8884acc006f90bb1f5ebd71c1d1b8ea4d9b034ee61e50473bd596c91c9076ee7b40fb18d429304fb406693cc75f0dbb02cff71fcfcbf31b90a2dba16ac6e66ac3513ac3f0f0f644c1d4858a0ad25c3457d050f8c3947cc08d7885dd20cd901bf9355324f6655ea82d5e26b484f27f1ff2ef34064fc2c8cb5496de01e61d79e28d93ecfbf584bc075110f9dbbd8b805317e0c0984f865ae0eca4f77e88f5ffc27e6a1ee57077d32c010a1796a2419be8a8ee15e611f164fdbc79ddfb058a3efb5bcefe3ff35994e7ca951e96d4f2d8611c2179a705f91c05f06f6840e17775723107c8ed34c9bc6c7ad9da2dc7c3253e7a16bded2fc472008461c2d3d0dd5112a8f28b9afce7a0b69162dc9db221eb08b0a2d2163b5585b7a82c718becda5c4c735d649db8fedf4e79cdc390aeeee277c682a34764a57c2563d1dcd50e50a7f3ea697b21207d2ebb09204dd5116c4fcacb368cbb4aef4395a3f640d52cde27bdb0ad74b33305228e657594da2409c6525da7807be112589e420e9ee072d506ed862ad38de8809c01ec089715deb21f09f427a8d019d3c0ed9b1291d4315accaad7410518c1748b9dcb420555de18dc969c651c18576e997154524208dc9dfcf09d92627e09ff969e976cae79d0cb2f577a1d44887577cb95c6c410b6aca5b92dbfeab91e57add3a525478003e72b15bd6e69ea9d7aa5a0082f19bde301621b85957d7ac2ae34cacda3900692e6b5b9d0334f07c4832cfe19587ae08df5c6646fcf26f3b2422ee083972e57819592a89032983b59e4525b151a7aef4d4d6d79dc741c3eaabaf76e3f6a80cb71ae6a76948fc13a961494959fdf3e0be71339cb084316028d1aeb9a52f4516812a6d5c86548c3fc5ad1834c5e640c3ea16aaae8319358b064a511521c94bb3b564f709019bd8d3a9359eb9c2ca4c7b9f1dcc52cd26b2efb99c1002882c2109c9cb69d9f248b2839c8bd3e350916511f26136e24c5dbef9a127da616b6cf7b16d6fb5badefefc1a8a240c2bafb35756e84975aadaceb67193a1d217f1cb6b0afce423d08c10e8072f8a4b29eb05a2cc618f9d6fd94277d4f5b054dc1a11246b05024ad4ac473bb638cb413328747819b0c2d25a115af218f0b1e1814c8be7701c580ce37808148de09bb5e34d0f30f6f38f91b14e9980b75702390ced5eef4a8a710729be3e332095e7f2cf7f2913d64ac5f0f8d2f971b6c377dc55b26f2abdbbe190e328bbb252c3de29093427f65dd54fcf3223bb2bd51a559b0c1c61c279ced805d12bec446a0250a1146c5ee718049b6e7747a7328ae6b007896a54cf2acdb5e2c8ff818e7da36790495cc7902e5c97ade4b5fc1ffeb7cdddfccaa8eab2b432fd9b0727d5c6b7b24c64468c55e5b89ac0249341ab34f8132dcc4a703cc8b4d46a65491d48437231dde0f1a2f4894e1290ed7d00213a9347d205059f25f729421c67d89f93385a6c9aebf1603644f8cfe119dd856d6296d7c5ab1c9e3f60b6bc74c7d2b32e3ba0472d9bddb8cdf2dbe6b39ebe76b3a5735b79ef36a28730346640ec8735372a8e015d3a8fdefacd7ba192bf831615df4b79349eaab82a7c04b5208efb07e9edfef547bdeb3a1e339c1848d6e01b2bee76e6cc3243a60d6e772f7958354c3fe174607b4c5ec410b64ea4b0a2996caf2f15b1c7850b146b9f33ea42d8c043badceb2ff960875d358e9b0052924d30e2b74f51213678a2de1259caf33438413ce5accf02a3e20b6bd4c95fe181b53db3db1009c86d2e913f0b4ab0a3c1bf6b14546996cdf09696ecdce68027388bfc0c02df8233660d12acbe54b7eb82353084bdc5672b23966bb11758602469c49798356035ce0658e911a3b3ae8ac017daa0f887a203745e74f427a92c674e958824c2dc735f1e6649c3cad6ffb740afa77ee330be8464f5d86ee8c0d2d51a2eff0a2ddbe3de784bb349ffd0c5763f06becc4dab8dac5c1322d1db3fd61031e8ee1fda9ee0779449d2ab3a8ca8fbc0def5a80b892cca1941739d00fe09e0c8f2b60497e3ae6c68ab4e0f9b2755ce6fe1cd8d4516078046af1eeab56424e214d131fa7e53c784acd0b11bf1702ce47b4dff83a595785b565e6fffb46129fc17ef6417573a47dc1e05a5853aadce310c6ef9a7b52cb11e34cb15aa44a7b827eb69f1f6fa047120374566c0b991c84926b91a79af6a70cc902e9d410955029ca07f552e3b8ba364f5cb801e654a56fb2c919a5d50e7ac991492aecfca3e73d21d01c20f990bb56e4ee59b3da8fc1491b16cdecb97f3ba5450c15ad211dc66ec3540d0e1112a02c48a041acf982add3aaeb9c238649a75ced0d881f742cfb2df53c5742163257038c9fb52838898b39ee2e41629bf21cc7b554d16c487213f47ba36929a1b67031b01bbc8a4d2673ff568fd2ae0929841e8fc47a51c8b3cba155185f7add8bf4aa62affd99aef6b84b2de1bbb1ff8739b856fe7eee5b809b802c59679edfa8c61ab9efd6bdd77e3db8232642f458bb8b5943be3155bd3df5d71ca791d28bd67f337294836b5dd2ee990e82f23cee12afed2a7957af45cbae45b96579cd1c9018ca645320db09bd34936d5e2bb3ada0b8d4647013755e7c42bd7b06a44756d59b01ac7a5d2b9197ae13592891617792fd8a505e4d1772429234d1dad78e0ab1a262161636d1927c9c8e92265c48ea67955255af5b53128f84f46fe4552f79899687b27b9ea25abf15973f72e656ca90529e5973eef7a2db4ff02336b09d9063380eae29e10e09b86d87ff661b475cbdaeb6710d929b164a43c5924670758bb7577b934af90a5ec51b2f91c10524559656ba7ba4dd1b4dac67cb69acc3b95bed8ea2fce41932871600478e1ba3e857726577bec129a6bdc80c3a474e868c6283a241e4089f3b08329adcd529806633fc5e73ae64733ec190211fe621929a222a9afaba259b06b65889e5fa995db4167415de204b532c112c4d0602639fa137522e7ab4bec867102b6f63745aa11faa21f77e4e5dd501660d1a2cd9e847f111bea500fea6ca58b09ed724a063827284a1ce7b650ffa4766e2a6669687793001949dd4bf1da131b7c7ef37bd799a2a2df45337c0ed588b5631fc47774b93dfe775e7478ca327b98774146b06e1137a0ccc187d1ab3c7122bd01730dc0c742c69fcd9e756c2ba9c2dc41deeb13e7a06cf231444792b6a6d3759e3006be9032b56bc99e35a20cd1594d8d645e9bb1f5fbb68a54407ce5061a49b1a8bfaf73555aec7a425836b5b66cd31b762ba19fc9fa5f69222065e6a57eec3e3fff524946de22896b1239c0e222589eb4ef1a1d392115bd2f1e93913e68751d8b63f52282d5cec8edfbdf7093a9a5ed4703c4557e86cb2bb7228f60485a506027c1b063d3cf619556a02d1c922e454a628bfcc252613b1abdf7a564610245ed4808a1a309f02ad7c32ce85eaf3f4ab7603b4c24b26e0ba690244c2830fbe0a756a4e51c0e0ffc8f5ffa22e08fa22f455456018bd1b62e50037a5c9ca9a0c29a8e645ee7f2e2baf3e2e834195698ec86ea95728555e940f5f3f86a215dd2ba2b88dd3065de39055aac6b017cdb51c4ce12273424fcdbbb94af35739287fe0e4d9097caa58afc2e377436de8dc5a1a022319f2064e82035d7e1533260661b110f759b93a9f78470d62357d0f68b91cf9f375b10a58f9f448e3026600a75bce9d4554fbc56b2f7fa00edfe6026bab0c97a966d1e34a7f9fc2643d90e7adc6f2a6991bceb2d1ca7c0f049f7ac8211cc83fe2d7a59b6c7129448d03ce86109ac305749c5a42664740beac6605055d0c68be44df19e7de4713287b9c8e21b20c1041a18877446372890f352db11d39932b1d6de9c4ff716b02f747445d873f7ef74d212f3da809ceca17e60eee60227b28d34e4959d850f3cffa1a933e7d88fc5c352ef530d06856f331e41e4d37e3dd950aea76076d208be7e39d7bb408a313f70894686e172227439300c7a67ef2afe4055fdfea9014557bdb60920734faf83a3132ff266632b88eed34c4d7edc22435df0fa88823415e9b5b51eb50d76c9013000a5f6ec425bfa68e2c4d2333164c2494d32f000b25169814f406ae367400462723945e0738f93743e7e7a8ec5e7af8ba095335bb4287b11e211aedd5101fe0ac2fe80c49f95e99c005b0afcca83614ae54764e2dd487a323a0959f18fbe45e4164743142052b3391f83993875c4c5af4b1dddddf3cc02534715e23c592dea93d9978fff23c677468515a1626ba13d3ad65d0fb52ce2d8075e76055347046ca0d53d8638a7753914c2ce92919618da7c248d3c77c0749115c4428d0c03791d80a7538c7c85e2054e", 0xf7e}, {&(0x7f0000004b80)="e3", 0x1}], 0x2}}], 0x2, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000006480)={&(0x7f0000c2b000/0x4000)=nil, 0xc00, 0x0, 0x0, 0x0, 0x0, 0x300, 0x0, 0x0}, &(0x7f00000064c0)=0x40) 9.958484093s ago: executing program 3 (id=558): r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) bind$llc(r0, &(0x7f0000000040), 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) sendfile(r0, r1, 0x0, 0xffffffff000) listen(r0, 0x0) 9.76743007s ago: executing program 4 (id=560): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 9.536673972s ago: executing program 0 (id=566): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) setsockopt$sock_int(r0, 0x1, 0xa, &(0x7f0000000000)=0x3, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_256={{0x303}, "76f7bc3e4ae1c84c", "af193cff4810ba5ac120d096eb00b40752095b4285514ca312c52e3a08756735", "5d09da4d", "bc3a20b10f4ad11e"}, 0x38) 9.308039214s ago: executing program 4 (id=567): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000080)={0xffffffffffffffff}, 0x4) 9.17603989s ago: executing program 0 (id=568): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x404, &(0x7f0000000200)={[{@nogrpid}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@debug}, {@nombcache}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000740)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2271, &(0x7f0000000040)) 1.452007389s ago: executing program 2 (id=570): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000140)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x8016, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @loopback}}}}, 0xfdef) 1.451539913s ago: executing program 3 (id=571): sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14}, 0x14}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="82000000020000004503"]) 1.451312628s ago: executing program 4 (id=572): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r0, &(0x7f0000000240)={0x1f, 0xfe}, 0xe) listen(r0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r1, &(0x7f0000000980), 0xe) listen(r1, 0x0) 1.244690024s ago: executing program 0 (id=574): r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r1, 0x80045017, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffffd}) 1.20012027s ago: executing program 4 (id=575): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = eventfd2(0xffffffff, 0x0) write$eventfd(r1, &(0x7f0000000080)=0xfffffffffffffffe, 0x8) read$eventfd(r1, &(0x7f0000000040), 0x8) 919.384578ms ago: executing program 3 (id=577): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@nouid32}, {@minixdf}]}, 0x1, 0x504, &(0x7f0000001480)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9sCWE0KoEqJHkNqQuFEUO45ipzShh/TMFYlKnODIH8C5J+5cENy4lAMSPyJQg8TBaMaT1E3tJtokdhR/PtJo3ps3nu97cea9+Dn2C2BoXY2I3YgYi4h7ETGdHc9lW9xqb8l5z/ceLe3vPVrKRat155+5tDw5Fh2PSVzJrlmMiB9+N+InuVfjNrZ31har1cpmlp9t1jZmG9s7N1ZriyuVlcp6ubwwvzD3yc2Py2fW1vdqY1nqq8/+sPutnyXVmsqOdLbjLLWbXjiMkxiNiO+fR7ABGMnaMzboivC55CPi7Yh4P73/p2MkfTYBgMus1ZqO1nRnHgC47PLpHFguX8rmAqYiny+V2nN478RkvlpvNK/fr2+tL7fnymaikL+/Wq3MZXOFM1HIJfn5NP0iXz6SvxkRb0XEL8Yn0nxpqV5dHuQfPgAwxK4cGf//M94e/wGAS6446AoAAH1n/AeA4WP8B4DhY/wHgOHTHv8nBl0NAKCPvP4HgOFj/AeAofKD27eTrbWfff/18oPtrbX6gxvLlcZaqba1VFqqb26UVur1lfQ7e2rHXa9ar2/MfxRbD2e+vdFozja2d+7W6lvrzbvp93rfrRTSs3b70DIAoJe33nv651wyIn86kW7RsZZDYaA1A85bftAVAAZmZNAVAAbGal8wvE7xGt/0AFwSXZbofUmx2weEWq1W6/yqBJyza18y/w/DqmP+338Bw5Ax/w/Dy/w/DK9WK3fSNf/jpCcCABebOX6gx/v/b2f732ZvDvx4+egZT7o+bjfrXs6uggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHABHaz/W8rWAp+KfL5UingjImaikLu/Wq3MRcSbEfGn8cJ4kp8fcJ0BgNPK/y2Xrf91bfrDqZeK3r1ymByLiJ/+6s4vHy42m5t/jBjL/Wv84HjzSXa83P/aAwDHOxin033HC/nne4+WDrZ+1ufv34mIYjv+/t5Y7B/GH43RdF+MQkRM/juX5dtyHXMXp7H7OCK+2K39uZhK50DaK58ejZ/EfqOv8fMvxc+nZe198rP4whnUBYbN06T/udXt/svH1XTf/f4vpj3U6WX9X3Kppf20D3wR/6D/G+nR/109aYyPfv+9dmri1bLHEV8ejTiIvd/R/xzEz/WI/+EJ4//lK+++36us9euIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m85Rz/YeDf7x6fU3e5Ul7Z/sEb94TPu/fsL2/+Z/9370tdfE/+YH3eLn453XxE/GxG+cMP7i5O+KvcqS+Ms92n/c83/9hPGf/XXnlWXDAYDBaWzvrC1Wq5VNCYmLn0h+ZS9ANbomPutXrLHoXvTzD9r39JGiVuv1F/yse1GvHuMsZt2Ai+Dwpo+I/w66MgAAAAAAAAAAAAAAQFf9+MTSoNsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA5fX/AAAA//+YXdZi") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x8008662c, &(0x7f0000000040)) 886.840218ms ago: executing program 1 (id=578): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x20301, 0x0) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000040)) r1 = syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x30c6, 0x0, 0x0, 0x0, 0x0) writev(r0, &(0x7f0000000440)=[{&(0x7f0000000100)="e036bfe9f6080f3c8a4947f18279b10b307f3efdb5a3b3a7851038a2ef75cdeeaeb536598729bf1e948ccfd28db727d49f1959ebbd81a7e52cb5e5afd7", 0x3d}, {&(0x7f0000000280)="b3a5ae96edf445f20e24a5bffbb42edda7fb80f90a380fd1", 0x18}], 0x2) 835.188443ms ago: executing program 1 (id=579): syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x357, &(0x7f0000000180)="$eJzs3c9rI2UYwPEnaTa/lm1yEEVB+qAXvQxt9KwG2QUx4NLdiLuCMLudaMiYlJlQiYitJ6/izX9AcNljbwX1H+jFW7148dZLQdAi4shMZtr8mCRNmpLWfj9Q8kze95mZNzOE5w3M28MPvvm0UXONmtmWZFYlISJyLFKUpEQS4WsyiNPSa0devfnHwYv3Hjx8t1yp3F5XvVO+/1pJVZdXfvzsi1zYbS8j+8WPDo9Kv+8/u//84b/3P6m7Wne12WqrqY9av7XNR7alG3W3YajetS3TtbTedC2n297qttfs1uZmR83mxq38pmO5rprNjjasjrZb2nY6an5s1ptqGIbeysv1kh3Y9hKTc6pP1tfN8owHfDxjHubtb8/zxjQ7TtlcEjFyQy3VJxd6XgAA4FIaqP+/i2qEoiRPCspE31xguP6P4qD+96vO0/r/6Us/t2++v7sc1v976bj6//Vfu/l99b9/9LnX/z8MbA9XRFfe9jSdz1X/43JYSQ+91T/18+v/fDh/D3z14dPVIKD+BwAAAAAAAAAAAAAAAAAAAADgKjj2vILneYXoNfo7fYQg3I62xj1ojCtn1PXPhCsKnNwP+F+69+ChZIMH91LLIvbXW9Wtavc1bI86rkpB/gnuh1B3wYmdoFF9RfnJ3g7zt7eqS0FLWUTFFkvWpCDFvvwgvvNO5faadvXnJ1J5P78m9SC/JAV5Jj6/FJufllde7sk3pCC/PJaW2LIRfo9F+V+uqb79XmUgPxf0i/PmxV8WAAAAAADmylDNhtPn2Pm7YajGtftzeemdnw//PnAyv16NnZ+nCi+kFjt2AAAAAACuCzf9ecO0bctxOyODnEzqkwn3Nn4/8UFqms5+cBAEN8b1WeoZ4Vn3nA7/g8YUJy/TjdS07T8zEvthRku49jVlz/GpmnY0/jN0zk57CRw3Of3YLcdd8c9HZxpOTxD9bDSqj9yddc+jgmjl3Emdn/v2+79mO0QiXLW3t+mN3eyEkQZBYuCdnQk37ZHnTTyfGxf5nQMAAABgMaKiP+dG77y12BMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAamusyaSOCRY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuCz+CwAA//+9m/li") r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000200)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000040)) 768.068723ms ago: executing program 2 (id=580): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r1, 0x0) syz_emit_ethernet(0x5a, &(0x7f0000001640)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x24, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x0, 0x0, 0x0, {[@mptcp=@add_addr={0x1e, 0xa, 0x3, 0x3, 0x0, @loopback}, @mptcp=@ack={0x8, 0x4}]}}}}}}}}, 0x0) 686.353062ms ago: executing program 2 (id=581): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="80050000916872c4d2728e39f30e9ce9bba5354e37498a5c", 0x18) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001640)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r1, &(0x7f0000009040)=[{{0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000001d80)=""/198, 0xc6}], 0x1}}], 0x1, 0x0, 0x0) 642.718277ms ago: executing program 4 (id=582): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd70a5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c707647fa8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa60e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b0a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000f841b35af2e300"/3601], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802) write$evdev(r1, &(0x7f0000000000), 0x100000008) ioctl$EVIOCGBITSW(r1, 0x40044591, &(0x7f0000000300)=""/243) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) 616.38158ms ago: executing program 0 (id=583): r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000040)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpu.stat\x00', 0x275a, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}}, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, 0x48) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x800001, 0x28011, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 571.561415ms ago: executing program 1 (id=584): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x14, &(0x7f00000003c0)=ANY=[@ANYBLOB="1802050000000000080054c41e92000018010000786c6c25000000000700000032f8ff00000000bfa100000000000007010000f8ffffffb700000000000000b70300000000000085000000040000001811"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000000)={{}, 'syz0\x00'}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x11) ioctl$UI_DEV_CREATE(r0, 0x5501) write$input_event(r0, &(0x7f0000000100), 0xff8c) 571.066743ms ago: executing program 2 (id=585): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x1bc, 0x4) sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080), 0x4) recvfrom$inet6(r0, 0x0, 0x0, 0x2100, 0x0, 0x0) read(r0, &(0x7f00000001c0)=""/205, 0xcd) 490.999572ms ago: executing program 2 (id=586): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x98, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x59, 0xe, {{{}, {}, @device_a, @device_b}, 0x0, @default, 0x0, @void, @val, @val={0x3, 0x1}, @val={0x4, 0x6}, @void, @void, @val={0x25, 0x3}, @val={0x2a, 0x1}, @void, @val={0x2d, 0x1a}, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @beacon=[@NL80211_ATTR_PROBE_RESP={0x5, 0x91, 'Z'}]]}, 0x98}}, 0x0) 348.182505ms ago: executing program 3 (id=587): ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00'}) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff) r2 = socket(0x1, 0x1, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r1, 0x701, 0x0, 0x0, {0xb}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x1c}}, 0x0) 317.808015ms ago: executing program 1 (id=588): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x7a, &(0x7f0000000080)={r2, 0x4, "179da51e"}, &(0x7f00000000c0)=0xc) connect$l2tp(r0, &(0x7f0000000040)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) 241.283845ms ago: executing program 4 (id=589): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000010000850000008200000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) close(r3) 172.106008ms ago: executing program 1 (id=590): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f00000000c0)='./file1\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, 0x0) 163.846263ms ago: executing program 0 (id=591): r0 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3) fcntl$addseals(r0, 0x409, 0x8) close_range(r0, 0xffffffffffffffff, 0x2) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) 162.216849ms ago: executing program 2 (id=592): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000001880)={'wg1\x00', 0x0}) r3 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000300)={0x24, r3, 0xa29, 0x0, 0x0, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r2}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e23}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000200)={0x0, 0x61, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[], 0x40}}, 0x4000000) 64.113023ms ago: executing program 1 (id=593): r0 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x0) symlinkat(&(0x7f00000000c0)='.\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00') unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) 0s ago: executing program 3 (id=594): syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000180)={[{@nodiscard}, {}, {@acl}, {@alloc_mode_reuse}, {@errors_continue}, {@disable_roll_forward}, {@background_gc_on}, {@noinline_xattr}, {@noflush_merge}, {@user_xattr}, {@fsync_mode_strict}, {@adaptive_mode}, {@errors_remount}, {@noinline_dentry}]}, 0x1, 0x550e, &(0x7f00000079c0)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfnLTBqI4AD8bXOg/FVXd9yrdwTF6hC67rDhAL8EBuqBXyAU4A9nlCBFEeBwCEZESeWwr0fdJZrBl/3iDYDEz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26rtaL/3++/22bs9u3k6c3AAAAwCXbar2o38zS+cfm+ufm0tfmvIiIMiIujd1H8e4sc9TkVA/3/zu9v3pUw1VEnXD4jElzfIiIH81x+6XrbwEAAADers1yNU+j9fQyG7og+pQmbcpPPzPlFRFRzW5e+NRTczvlIe9bhrJqh9/3OH5nSqsnsKaZwtKU2zhX2rPUf/fjrN30pClSU1587Fhktr4DAAA9Gp01/Y5CAAAA6NOvoQtgGEXcL2UelwInqWmW996fnQEAAACvUDF0AQAAAEDn6vF/T/v/7e3/BwAAAMNI+/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQpW21XmyWq3nbnN2+nTy9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuGN/3lEgBMIgDPau70zm/oeVBk1NTapA+PgbgwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHjzu7/8n5gaZ5K518bS80iydmpsnRp758bRH8bXrwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAi/15SYEQCIIomDP+d9L3P6wk6BlEiICGRxW1aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvuh3v/yfmBpnkrnTxtLxSLJ21di6auw9aBw9GG//BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAi537eY2jigMA/mZmZ2ur4hplDxFR9KAXu93W1t7EgxI8+CcIId3U2K0/2hxsKWIu3iTnXkSPIoISb/0fem4gl3jLYcEInpWZnclOfoCr2JlN8vnAm/fdYZj3fbMQ8p33EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0emcSJ9mhM47j4tyj3XtLWb95oM88WN+az1oWR3UmfTy8WP0QdZtLBAAAgNMjKev7EMJ2urGQ9XEnr//T8pqs5v/u6XFc1vMH6/6yL2v/rP36y87zewN1xuNkN11eGQ4uHE6l9fhmOdue+ccrWvmTz9+9JPkXEr+/9twozZ9n9M3Dh++28/BMHdkCAP/F+bIvgvL3oazvN5kYAKdGq1J4l/V/0mk2JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA6jNbCk2UchRDmW5M4s7l7b+mo/sH61nzZrty/vx6+mtwzu0UaQlheGQ4u1Dqb2Xb7zt0bi8Ph4Fb9wUshhKZGf7uY/o0Pp7g4hEaej+B/CuLiy56VfI5H0OAPJQAATqS0aFldv51uLGTnorkQ/vp+f/3/WiUOU9b/Ox9deVQdq1r/92ub4ezrrd78rHf7zt03Vm4uXh9cH3zy5sX+W/1LVy9fvtrL35X0ln9/pekkAQAAONbaRavW//Hc4fX/c5U4TFn/f/5t/8vqWIn6/0iTRb+mMwEAADjdnn35zz+iI85H7Xb4YnF19VZ/fNz7fHF8bCDVf+1M0ar1fzLXdFYAAABAHUZr0b71/2uVOEy5/v/UDy/8VL1nEkI4W6z/n1/6dHitvunMtDr+nLjpOQIAANCss0Wrrv+n+f7/eG/LQxxCeP3VcVz8G8Cp6v/kva9/rI5V3f9/qb4pzqS4O34eed8NodVtOiMAAABOsieKlhX7v6UbCx//fO6Dtv3/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHX7OwAA//8rCT5J") open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) fallocate(r0, 0x0, 0x1200, 0x2000402) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x2002, 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305839, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x401}) kernel console output (not intermixed with test programs): b4eeb [ 75.229698][ T5722] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 75.259659][ T5756] loop4: detected capacity change from 0 to 512 [ 75.266350][ T5754] loop1: detected capacity change from 0 to 128 [ 75.282509][ T5756] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 75.303276][ T5754] vfat: Unknown parameter '' [ 75.314752][ T5275] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 75.378255][ T5756] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2862: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 75.394034][ T5756] EXT4-fs (loop4): 1 truncate cleaned up [ 75.439424][ T5722] XFS (loop3): Starting recovery (logdev: internal) [ 75.464129][ T5734] loop0: detected capacity change from 0 to 40427 [ 75.482678][ T5734] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 75.485525][ T5756] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.492056][ T5734] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 75.521011][ T5722] XFS (loop3): Ending recovery (logdev: internal) [ 75.545446][ T5734] F2FS-fs (loop0): Found nat_bits in checkpoint [ 75.562253][ T5275] usb 3-1: unable to get BOS descriptor or descriptor too short [ 75.571341][ T5275] usb 3-1: config 5 has an invalid interface number: 47 but max is 0 [ 75.580240][ T5275] usb 3-1: config 5 has no interface number 0 [ 75.586560][ T5275] usb 3-1: config 5 interface 47 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1023 [ 75.599712][ T5275] usb 3-1: New USB device found, idVendor=0bfd, idProduct=0105, bcdDevice=7f.9e [ 75.609005][ T5275] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 75.617623][ T5275] usb 3-1: Product: syz [ 75.621815][ T5275] usb 3-1: Manufacturer: syz [ 75.627029][ T5275] usb 3-1: SerialNumber: syz [ 75.637588][ T5744] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 75.688277][ T5227] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.739161][ T5237] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 75.827823][ T5734] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 75.873999][ T5275] kvaser_usb 3-1:5.47: Cannot get usb endpoint(s) [ 75.880255][ T5734] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 75.887849][ T5275] usb 3-1: USB disconnect, device number 2 [ 75.937801][ T5771] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 75.963264][ T5734] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 76.049299][ T5734] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 76.392175][ T5785] syz.3.136 uses obsolete (PF_INET,SOCK_PACKET) [ 76.496397][ T5275] kernel write not supported for file /67/timerslack_ns (pid: 5275 comm: kworker/0:3) [ 76.711904][ T46] cfg80211: failed to load regulatory.db [ 76.924729][ T5800] loop3: detected capacity change from 0 to 512 [ 77.016316][ T5800] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.038696][ T5800] ext4 filesystem being mounted at /30/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 77.244879][ T5237] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.362445][ T25] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 77.384895][ T5809] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 77.593975][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 77.630969][ T5792] loop2: detected capacity change from 0 to 32768 [ 77.665961][ T5792] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 77.726184][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 77.758226][ T25] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 77.774792][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 77.789067][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 77.792684][ T25] usb 1-1: New USB device found, idVendor=5543, idProduct=0003, bcdDevice= 0.00 [ 77.822712][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 77.831240][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.842644][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 77.872274][ T25] usb 1-1: config 0 descriptor?? [ 77.898417][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 77.907250][ T0] NOHZ tick-stop error: local softirq work is pending, handler #210!!! [ 77.916129][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 77.924773][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 77.971470][ T5792] XFS (loop2): Ending clean mount [ 78.015271][ T5792] XFS (loop2): Quotacheck needed: Please wait. [ 78.057150][ T5792] XFS (loop2): Quotacheck: Done. [ 78.108332][ T5827] loop4: detected capacity change from 0 to 128 [ 78.154838][ T5804] syz.0.138[5804] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 78.154936][ T5804] syz.0.138[5804] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 78.167616][ T5804] syz.0.138[5804] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 78.252501][ T5231] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 78.422142][ T25] uclogic 0003:5543:0003.0002: item fetching failed at offset 5/7 [ 78.431816][ T25] uclogic 0003:5543:0003.0002: parse failed [ 78.439383][ T25] uclogic 0003:5543:0003.0002: probe with driver uclogic failed with error -22 [ 78.489627][ T5839] loop4: detected capacity change from 0 to 256 [ 78.623362][ T5275] usb 1-1: USB disconnect, device number 2 [ 78.779095][ T5845] loop2: detected capacity change from 0 to 2048 [ 78.815460][ T5845] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 78.940601][ T5855] loop3: detected capacity change from 0 to 8 [ 79.237994][ T5864] Bluetooth: MGMT ver 1.23 [ 79.396059][ T5870] loop0: detected capacity change from 0 to 1024 [ 79.414280][ T5874] loop2: detected capacity change from 0 to 64 [ 79.440786][ T5870] EXT4-fs: Ignoring removed nomblk_io_submit option [ 79.506336][ T5870] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 79.622566][ T5239] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 79.647153][ T5885] EXT4-fs error (device loop0): ext4_get_inode_usage:883: inode #2: comm syz.0.166: corrupted in-inode xattr: bad e_name length [ 79.737287][ T5235] EXT4-fs error (device loop0): ext4_expand_extra_isize_ea:2792: inode #2: comm syz-executor: corrupted in-inode xattr: bad e_name length [ 79.801120][ T5235] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 79.824066][ T5239] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 79.835655][ T5892] netlink: 'syz.4.176': attribute type 4 has an invalid length. [ 79.852700][ T5239] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 79.862663][ T5235] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 79.904099][ T5239] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 79.924003][ T5239] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 79.932045][ T5239] usb 4-1: SerialNumber: syz [ 80.170923][ T5239] usb 4-1: 0:2 : does not exist [ 80.181934][ T5898] loop4: detected capacity change from 0 to 512 [ 80.197068][ T5239] usb 4-1: USB disconnect, device number 4 [ 80.214472][ T5898] EXT4-fs error (device loop4): ext4_get_branch:178: inode #11: block 4294967295: comm syz.4.179: invalid block [ 80.275770][ T5235] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.292722][ T5898] EXT4-fs (loop4): Remounting filesystem read-only [ 80.297014][ T5544] udevd[5544]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 80.323729][ T5898] EXT4-fs (loop4): 2 truncates cleaned up [ 80.330589][ T5898] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.417973][ T5889] loop2: detected capacity change from 0 to 40427 [ 80.464765][ T5889] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 80.472756][ T5889] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 80.496735][ T5889] F2FS-fs (loop2): invalid crc value [ 80.559569][ T999] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.575123][ T5227] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.611028][ T5889] F2FS-fs (loop2): Found nat_bits in checkpoint [ 80.733179][ T5889] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 80.744352][ T5889] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 80.756563][ T5901] veth0_to_hsr: entered promiscuous mode [ 80.852457][ T5901] veth0_to_hsr: left promiscuous mode [ 80.903252][ T29] audit: type=1800 audit(1724786992.963:2): pid=5889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.172" name="bus" dev="loop2" ino=10 res=0 errno=0 [ 81.005821][ T999] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.155176][ T999] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.359317][ T999] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.872691][ T999] bridge_slave_1: left allmulticast mode [ 81.879667][ T999] bridge_slave_1: left promiscuous mode [ 81.935213][ T999] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.103132][ T999] bridge_slave_0: left allmulticast mode [ 85.108845][ T999] bridge_slave_0: left promiscuous mode [ 85.123960][ T999] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.804348][ T5242] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.826775][ T5242] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.846592][ T5242] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.882886][ T5242] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.890541][ T5242] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 88.898244][ T5242] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.652944][ T999] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 89.785259][ T999] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 89.875632][ T999] bond0 (unregistering): Released all slaves [ 90.962396][ T5242] Bluetooth: hci2: command 0x0c16 tx timeout [ 90.969361][ T5232] Bluetooth: hci2: Opcode 0x0c16 failed: -110 [ 91.262465][ T5914] Bluetooth: hci2: Opcode 0x0c03 failed: -4 [ 95.752412][ T5913] netlink: 24 bytes leftover after parsing attributes in process `syz.1.185'. [ 97.526277][ T999] hsr_slave_0: left promiscuous mode [ 97.560054][ T999] hsr_slave_1: left promiscuous mode [ 97.584061][ T999] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 97.591575][ T999] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 97.629030][ T999] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 97.650234][ T999] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 97.741989][ T999] veth1_macvtap: left promiscuous mode [ 97.753494][ T5941] 9p: Unknown uid 00000000004294967295 [ 97.779673][ T999] veth0_macvtap: left promiscuous mode [ 97.806227][ T999] veth1_vlan: left promiscuous mode [ 97.836947][ T999] veth0_vlan: left promiscuous mode [ 97.843027][ T5939] loop1: detected capacity change from 0 to 2048 [ 97.905229][ T5939] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 98.228102][ T5954] loop4: detected capacity change from 0 to 256 [ 98.267514][ T5242] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 98.283578][ T5242] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 98.299772][ T5242] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 98.312434][ T5242] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 98.329059][ T5242] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 98.337721][ T5242] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 98.469301][ T5959] loop3: detected capacity change from 0 to 4096 [ 98.552616][ T25] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 98.571075][ T5963] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 98.766121][ T25] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 98.778597][ T25] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 98.801744][ T25] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 98.817960][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 98.830903][ T25] usb 2-1: SerialNumber: syz [ 98.969007][ T999] team0 (unregistering): Port device team_slave_1 removed [ 99.021206][ T999] team0 (unregistering): Port device team_slave_0 removed [ 99.068862][ T25] usb 2-1: 0:2 : does not exist [ 99.122432][ T25] usb 2-1: USB disconnect, device number 5 [ 99.172797][ T5239] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 99.199599][ T5544] udevd[5544]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 99.403280][ T5239] usb 4-1: Using ep0 maxpacket: 32 [ 99.423101][ T5239] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 99.428606][ T5242] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 99.451721][ T5242] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 99.462258][ T5971] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 99.479652][ T5239] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.479724][ T5242] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 99.498214][ T5239] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 99.513781][ T5239] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.523577][ T5242] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 99.539032][ T5242] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 99.539188][ T5239] usb 4-1: config 0 descriptor?? [ 99.551345][ T5242] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 99.593222][ T5239] hub 4-1:0.0: USB hub found [ 99.927449][ T5239] hub 4-1:0.0: 1 port detected [ 99.948815][ T25] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 100.070701][ T5981] loop1: detected capacity change from 0 to 1024 [ 100.296393][ T5981] hfsplus: xattr searching failed [ 100.382882][ T5242] Bluetooth: hci2: command tx timeout [ 100.508413][ T3040] hfsplus: b-tree write err: -5, ino 3 [ 100.530769][ T5236] hfsplus: node 4:3 still has 1 user(s)! [ 100.562168][ T5239] hub 4-1:0.0: activate --> -90 [ 100.800023][ T5969] chnl_net:caif_netlink_parms(): no params data found [ 100.992107][ T5239] usb 4-1-port1: cannot disable (err = -71) [ 101.012691][ T940] usb 4-1: USB disconnect, device number 5 [ 101.018499][ T5239] usb 4-1: Failed to suspend device, error -19 [ 101.110562][ T5956] chnl_net:caif_netlink_parms(): no params data found [ 101.183072][ T5969] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.190211][ T5969] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.245704][ T5969] bridge_slave_0: entered allmulticast mode [ 101.267209][ T5969] bridge_slave_0: entered promiscuous mode [ 101.336311][ T5969] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.349566][ T5969] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.361953][ T5969] bridge_slave_1: entered allmulticast mode [ 101.375866][ T5969] bridge_slave_1: entered promiscuous mode [ 101.601271][ T999] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.637506][ T5969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.661842][ T5969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.672238][ T5242] Bluetooth: hci5: command tx timeout [ 101.727352][ T5992] loop4: detected capacity change from 0 to 32768 [ 101.806709][ T5992] XFS (loop4): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 101.840972][ T999] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.855315][ T940] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 101.891472][ T5992] XFS (loop4): Ending clean mount [ 101.913055][ T5956] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.920490][ T5956] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.939731][ T5956] bridge_slave_0: entered allmulticast mode [ 101.953390][ T5956] bridge_slave_0: entered promiscuous mode [ 101.967578][ T5276] XFS (loop4): Metadata CRC error detected at xfs_agfl_read_verify+0x160/0x230, xfs_agfl block 0x3 [ 101.974982][ T5969] team0: Port device team_slave_0 added [ 101.978988][ T5276] XFS (loop4): Unmount and run xfs_repair [ 101.990249][ T5276] XFS (loop4): First 128 bytes of corrupted metadata buffer: [ 101.994560][ T5969] team0: Port device team_slave_1 added [ 101.997813][ T5276] 00000000: 58 41 46 4c 00 00 00 00 00 00 00 00 00 00 80 86 XAFL............ [ 102.014354][ T5276] 00000010: af d4 a8 f7 47 a7 4b ab 00 00 00 00 00 00 00 00 ....G.K......... [ 102.023541][ T5276] 00000020: 5e fe 9e 73 ff ff ff ff 00 00 02 0a 00 00 02 0b ^..s............ [ 102.034275][ T5276] 00000030: 00 00 02 0c 00 00 02 0d 00 00 02 0e 00 00 02 0f ................ [ 102.043328][ T5276] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 102.052855][ T5276] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 102.061761][ T5276] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 102.071621][ T5276] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 102.080920][ T5992] XFS (loop4): metadata I/O error in "xfs_alloc_read_agfl+0x273/0x4c0" at daddr 0x3 len 1 error 74 [ 102.124894][ T999] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.128172][ T5992] XFS (loop4): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 102.154506][ T5992] XFS (loop4): Please unmount the filesystem and rectify the problem(s) [ 102.183036][ T29] audit: type=1800 audit(1724787014.273:3): pid=6040 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.209" name="file2" dev="loop4" ino=1063 res=0 errno=0 [ 102.212513][ T5956] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.213789][ T940] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 102.229013][ T5956] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.229208][ T5956] bridge_slave_1: entered allmulticast mode [ 102.252646][ T5956] bridge_slave_1: entered promiscuous mode [ 102.256669][ T940] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.263459][ T5969] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.275757][ T5227] XFS (loop4): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 102.276302][ T940] usb 4-1: config 0 descriptor?? [ 102.317466][ T5969] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.344033][ T5969] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.462970][ T5242] Bluetooth: hci2: command tx timeout [ 102.485266][ T999] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.539946][ T5969] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.547780][ T5969] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.578106][ T5969] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.607225][ T5956] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.701681][ T5956] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.757902][ T5969] hsr_slave_0: entered promiscuous mode [ 102.765819][ T5969] hsr_slave_1: entered promiscuous mode [ 102.774130][ T5969] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 102.781717][ T5969] Cannot create hsr debugfs directory [ 102.840611][ T999] bridge_slave_1: left allmulticast mode [ 102.847493][ T999] bridge_slave_1: left promiscuous mode [ 102.860307][ T999] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.869768][ T999] bridge_slave_0: left allmulticast mode [ 102.885272][ T999] bridge_slave_0: left promiscuous mode [ 102.891046][ T999] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.299001][ T999] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 103.310576][ T999] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 103.321892][ T999] bond0 (unregistering): Released all slaves [ 103.331500][ T940] pegasus 4-1:0.0: probe with driver pegasus failed with error -32 [ 103.353987][ T940] usb 4-1: USB disconnect, device number 6 [ 103.369019][ T5956] team0: Port device team_slave_0 added [ 103.455389][ T5956] team0: Port device team_slave_1 added [ 103.507088][ T5956] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.521595][ T5956] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.553176][ T5956] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.565985][ T5956] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.573577][ T5956] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.601318][ T5956] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.691079][ T5956] hsr_slave_0: entered promiscuous mode [ 103.699165][ T5956] hsr_slave_1: entered promiscuous mode [ 103.706287][ T5956] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 103.714216][ T5956] Cannot create hsr debugfs directory [ 103.743529][ T5242] Bluetooth: hci5: command tx timeout [ 103.776885][ T999] hsr_slave_0: left promiscuous mode [ 103.785440][ T999] hsr_slave_1: left promiscuous mode [ 103.791442][ T999] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 103.799598][ T999] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 103.807748][ T999] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 103.815862][ T999] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 103.835168][ T999] veth1_macvtap: left promiscuous mode [ 103.840694][ T999] veth0_macvtap: left promiscuous mode [ 103.846573][ T999] veth1_vlan: left promiscuous mode [ 103.851857][ T999] veth0_vlan: left promiscuous mode [ 104.201058][ T999] team0 (unregistering): Port device team_slave_1 removed [ 104.236799][ T999] team0 (unregistering): Port device team_slave_0 removed [ 104.542727][ T5242] Bluetooth: hci2: command tx timeout [ 105.053073][ T5969] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 105.071019][ T5969] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 105.086142][ T5969] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 105.100251][ T5969] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 105.411968][ T5969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.464300][ T5969] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.492003][ T999] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.499171][ T999] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.529958][ T5956] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 105.541959][ T999] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.549119][ T999] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.575816][ T5956] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 105.586960][ T5956] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 105.609653][ T5956] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 105.751031][ T5956] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.802226][ T5956] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.822562][ T5242] Bluetooth: hci5: command tx timeout [ 105.823466][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.835069][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.853665][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.860783][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.889750][ T5969] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.975128][ T5969] veth0_vlan: entered promiscuous mode [ 105.988117][ T5969] veth1_vlan: entered promiscuous mode [ 106.030811][ T5969] veth0_macvtap: entered promiscuous mode [ 106.041874][ T5969] veth1_macvtap: entered promiscuous mode [ 106.086071][ T5969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 106.109101][ T5969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.132417][ T5969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 106.152151][ T5969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.169053][ T5969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 106.183048][ T5969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.195279][ T5969] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.209028][ T5969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 106.228730][ T5969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.241418][ T5969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 106.259480][ T5969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.269874][ T5969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 106.282456][ T5969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.293830][ T5969] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.321716][ T5969] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.338363][ T5969] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.347277][ T5969] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.362983][ T5969] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.404338][ T5956] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.535600][ T5956] veth0_vlan: entered promiscuous mode [ 106.550182][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.573106][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.587576][ T5956] veth1_vlan: entered promiscuous mode [ 106.618119][ T3040] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.635572][ T3040] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.635922][ T5242] Bluetooth: hci2: command tx timeout [ 106.679094][ T5956] veth0_macvtap: entered promiscuous mode [ 106.695511][ T5956] veth1_macvtap: entered promiscuous mode [ 106.769947][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 106.819907][ T6128] loop2: detected capacity change from 0 to 1024 [ 106.854277][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.873971][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 106.884670][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.894638][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 106.905283][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.915340][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 106.926054][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.939313][ T5956] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.954227][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 106.971434][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.983438][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 106.994176][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.004609][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.005406][ T6128] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.015552][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.037315][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.048667][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.060546][ T5956] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.071958][ T5956] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.103253][ T5956] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.112078][ T5956] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.132429][ T5956] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.289285][ T5969] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.323939][ T2514] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.331804][ T2514] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.418333][ T2514] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.439474][ T2514] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.843171][ T5276] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 107.898992][ T6168] loop3: detected capacity change from 0 to 512 [ 107.913460][ T5242] Bluetooth: hci5: command tx timeout [ 107.924528][ T6168] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #15: comm syz.3.223: casefold flag without casefold feature [ 107.949045][ T6168] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.223: couldn't read orphan inode 15 (err -117) [ 107.968542][ T6172] loop4: detected capacity change from 0 to 512 [ 107.980881][ T6168] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.985669][ T6172] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 108.019243][ T6175] loop0: detected capacity change from 0 to 128 [ 108.034861][ T6172] EXT4-fs (loop4): 1 truncate cleaned up [ 108.041085][ T6172] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.063651][ T6175] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 108.081124][ T5276] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 108.100996][ T6175] ext4 filesystem being mounted at /2/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 108.101570][ T5276] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 108.138601][ T5276] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 108.148373][ T5276] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 108.160169][ T5276] usb 3-1: SerialNumber: syz [ 108.217900][ T5956] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 108.248906][ T5227] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.335298][ T5237] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.394755][ T5276] usb 3-1: 0:2 : does not exist [ 108.479121][ T5276] usb 3-1: USB disconnect, device number 3 [ 108.508016][ T6187] syzkaller0: tun_chr_ioctl cmd 21731 [ 108.596152][ T5544] udevd[5544]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 108.630325][ T6186] loop0: detected capacity change from 0 to 4096 [ 108.703156][ T6186] NILFS (loop0): invalid segment: Checksum error in segment payload [ 108.743970][ T6186] NILFS (loop0): trying rollback from an earlier position [ 108.829014][ T6186] NILFS (loop0): recovery complete [ 108.846835][ T6199] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 108.925043][ T6186] overlayfs: upper fs does not support tmpfile. [ 108.945752][ T6186] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 108.972692][ T6186] overlayfs: failed to set xattr on upper [ 108.992481][ T6202] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 109.035306][ T6186] overlayfs: ...falling back to redirect_dir=nofollow. [ 109.067387][ T6186] overlayfs: ...falling back to index=off. [ 109.104738][ T6186] overlayfs: ...falling back to uuid=null. [ 109.525770][ T6190] loop3: detected capacity change from 0 to 32768 [ 109.607388][ T6190] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.232 (6190) [ 109.756788][ T6190] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 109.769751][ T6198] loop4: detected capacity change from 0 to 40427 [ 109.787815][ T6190] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 109.847661][ T6190] BTRFS info (device loop3): using free-space-tree [ 110.073130][ T6198] F2FS-fs (loop4): Found nat_bits in checkpoint [ 110.142099][ T6239] futex_wake_op: syz.1.239 tries to shift op by 144; fix this program [ 110.219758][ T6198] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 110.339999][ T5227] syz-executor: attempt to access beyond end of device [ 110.339999][ T5227] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 110.362061][ T5227] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 110.747290][ T5237] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 111.149182][ T6215] loop2: detected capacity change from 0 to 65536 [ 111.238153][ T6287] loop4: detected capacity change from 0 to 8 [ 111.252783][ T6215] XFS (loop2): Mounting V5 Filesystem 6653b971-41ab-480a-bd7b-5ff79b9409b5 [ 111.260823][ T6287] SQUASHFS error: Failed to read block 0x62b: -5 [ 111.294541][ T6287] SQUASHFS error: Unable to read metadata cache entry [629] [ 111.324308][ T6287] SQUASHFS error: Unable to read inode 0x11f [ 111.478784][ T6215] XFS (loop2): Ending clean mount [ 111.573385][ T5239] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 111.603243][ T46] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 111.612211][ T6290] loop3: detected capacity change from 0 to 4096 [ 111.627933][ T6290] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 111.669987][ T5969] XFS (loop2): Unmounting Filesystem 6653b971-41ab-480a-bd7b-5ff79b9409b5 [ 111.707370][ T6290] ntfs3: loop3: Failed to initialize $Extend/$Reparse. [ 111.802698][ T6290] loop3: detected capacity change from 4096 to 0 [ 111.816554][ T5239] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 111.832469][ T46] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 111.854852][ T5239] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 111.871955][ T6308] ntfs3: loop3: ino=1a, ntfs_sync_fs failed, -22. [ 111.879388][ T46] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 111.890641][ T6308] syz.3.247: attempt to access beyond end of device [ 111.890641][ T6308] loop3: rw=0, sector=40, nr_sectors = 8 limit=0 [ 111.904566][ T5239] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 111.915559][ T5239] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.924360][ T46] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 111.938638][ T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 111.949626][ T6286] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 111.966363][ T5239] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 111.985269][ T46] usb 1-1: SerialNumber: syz [ 112.028872][ T5237] syz-executor: attempt to access beyond end of device [ 112.028872][ T5237] loop3: rw=0, sector=552, nr_sectors = 8 limit=0 [ 112.048969][ T5237] ntfs3: loop3: failed to read volume at offset 0x45000 [ 112.083115][ T5237] ntfs3: loop3: ino=1a, ntfs_sync_fs failed, -22. [ 112.105338][ T5237] syz-executor: attempt to access beyond end of device [ 112.105338][ T5237] loop3: rw=0, sector=40, nr_sectors = 8 limit=0 [ 112.129005][ T5237] syz-executor: attempt to access beyond end of device [ 112.129005][ T5237] loop3: rw=2049, sector=56, nr_sectors = 8 limit=0 [ 112.171287][ T5237] Buffer I/O error on dev loop3, logical block 7, lost sync page write [ 112.193435][ T5239] usb 2-1: USB disconnect, device number 6 [ 112.193958][ T5237] ntfs3: loop3: ino=3, ntfs_set_state failed, -5. [ 112.208600][ T46] usb 1-1: 0:2 : does not exist [ 112.224512][ T5237] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 112.242873][ T5237] syz-executor: attempt to access beyond end of device [ 112.242873][ T5237] loop3: rw=2049, sector=56, nr_sectors = 8 limit=0 [ 112.247048][ T46] usb 1-1: USB disconnect, device number 3 [ 112.260793][ T5237] Buffer I/O error on dev loop3, logical block 7, lost sync page write [ 112.270697][ T5237] ntfs3: loop3: ino=3, ntfs_set_state failed, -5. [ 112.285006][ T5237] syz-executor: attempt to access beyond end of device [ 112.285006][ T5237] loop3: rw=2049, sector=56, nr_sectors = 8 limit=0 [ 112.338647][ T5237] Buffer I/O error on dev loop3, logical block 7, lost sync page write [ 112.364938][ T5237] ntfs3: loop3: ino=3, ntfs3_write_inode failed, -5. [ 112.382547][ T5237] syz-executor: attempt to access beyond end of device [ 112.382547][ T5237] loop3: rw=0, sector=40, nr_sectors = 8 limit=0 [ 112.734613][ T3985] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.078360][ T3985] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.273355][ T6325] loop4: detected capacity change from 0 to 32768 [ 113.295564][ T3985] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.341741][ T6325] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.259 (6325) [ 113.442642][ T6325] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 113.481429][ T6325] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 113.510042][ T6325] BTRFS info (device loop4): using free-space-tree [ 113.531528][ T6339] loop2: detected capacity change from 0 to 256 [ 113.587315][ T3985] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.601700][ T6339] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d) [ 113.683507][ T5232] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 113.722667][ T5232] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 113.733394][ T5232] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 113.741304][ T5232] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 113.749013][ T5232] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 113.756431][ T5232] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 113.842518][ T46] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 113.988033][ T5227] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 114.077905][ T46] usb 2-1: config index 0 descriptor too short (expected 45, got 36) [ 114.109081][ T46] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 114.173092][ T46] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 114.187259][ T3985] bridge_slave_1: left allmulticast mode [ 114.193080][ T3985] bridge_slave_1: left promiscuous mode [ 114.198814][ T3985] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.199163][ T46] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 114.273595][ T46] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 114.333288][ T46] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.350231][ T3985] bridge_slave_0: left allmulticast mode [ 114.363129][ T3985] bridge_slave_0: left promiscuous mode [ 114.388107][ T3985] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.422392][ T46] usb 2-1: config 0 descriptor?? [ 114.453584][ T6344] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 114.489649][ T6377] loop4: detected capacity change from 0 to 64 [ 114.765864][ T6337] loop0: detected capacity change from 0 to 32768 [ 114.784605][ T6337] btrfs: Deprecated parameter 'usebackuproot' [ 114.797836][ T6337] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 114.816947][ T6337] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.266 (6337) [ 114.841804][ T6337] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 114.859477][ T6337] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 114.869547][ T6337] BTRFS info (device loop0): using free-space-tree [ 114.889007][ T46] plantronics 0003:047F:FFFF.0003: unknown main item tag 0xd [ 114.902480][ T25] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 114.939896][ T46] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 115.018175][ T46] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 115.018330][ T11] BTRFS warning (device loop0): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 115.047361][ T6337] BTRFS error (device loop0): failed to load root extent [ 115.058035][ T6337] BTRFS warning (device loop0): try to load backup roots slot 1 [ 115.066670][ T2565] BTRFS warning (device loop0): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 115.093508][ T6337] BTRFS warning (device loop0): couldn't read tree root [ 115.100731][ T6337] BTRFS warning (device loop0): try to load backup roots slot 2 [ 115.115701][ T25] usb 3-1: Using ep0 maxpacket: 32 [ 115.124169][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 115.133486][ T62] BTRFS error (device loop0): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 115.137038][ T25] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=a6.13 [ 115.172125][ T46] usb 2-1: USB disconnect, device number 7 [ 115.178718][ T6337] BTRFS warning (device loop0): couldn't read tree root [ 115.182932][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.195178][ T25] usb 3-1: Product: syz [ 115.209730][ T25] usb 3-1: Manufacturer: syz [ 115.219949][ T25] usb 3-1: SerialNumber: syz [ 115.224371][ T6337] BTRFS warning (device loop0): try to load backup roots slot 3 [ 115.245817][ T25] usb 3-1: config 0 descriptor?? [ 115.255519][ T25] pvrusb2: Hardware description: Terratec Grabster AV400 [ 115.265491][ T25] pvrusb2: ********** [ 115.269515][ T25] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 115.280399][ T6337] BTRFS info (device loop0): rebuilding free space tree [ 115.280967][ T25] pvrusb2: Important functionality might not be entirely working. [ 115.295757][ T25] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 115.307684][ T25] pvrusb2: ********** [ 115.398026][ T6337] BTRFS info (device loop0): checking UUID tree [ 115.461167][ T2028] pvrusb2: Invalid write control endpoint [ 115.480002][ T25] usb 3-1: USB disconnect, device number 4 [ 115.537366][ T3985] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 115.566590][ T2028] pvrusb2: Invalid write control endpoint [ 115.586591][ T3985] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 115.592912][ T2028] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 115.617712][ T5956] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 115.622436][ T2028] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 115.629232][ T3985] bond0 (unregistering): Released all slaves [ 115.642991][ T2028] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 115.660771][ T2028] pvrusb2: Device being rendered inoperable [ 115.720328][ T2028] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 115.778234][ T2028] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 115.840439][ T5232] Bluetooth: hci1: command tx timeout [ 115.882786][ T2028] pvrusb2: Attached sub-driver cx25840 [ 115.888615][ T2028] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 115.908108][ T2028] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 116.483377][ T6417] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 116.953326][ T6411] loop1: detected capacity change from 0 to 131072 [ 116.983303][ T940] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 116.995761][ T6351] chnl_net:caif_netlink_parms(): no params data found [ 117.060704][ T6411] F2FS-fs (loop1): Found nat_bits in checkpoint [ 117.110989][ T6411] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 117.167882][ T6438] loop4: detected capacity change from 0 to 256 [ 117.229718][ T6438] exfat: Deprecated parameter 'utf8' [ 117.246441][ T940] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 117.247679][ T6438] exfat: Deprecated parameter 'utf8' [ 117.286130][ T3985] hsr_slave_0: left promiscuous mode [ 117.291837][ T940] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 117.307386][ T3985] hsr_slave_1: left promiscuous mode [ 117.325146][ T940] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 117.328125][ T6438] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 117.344140][ T940] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 117.362413][ T940] usb 1-1: SerialNumber: syz [ 117.381725][ T3985] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 117.400603][ T3985] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 117.424716][ T3985] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 117.442075][ T3985] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 117.504072][ T3985] veth1_macvtap: left promiscuous mode [ 117.509636][ T3985] veth0_macvtap: left promiscuous mode [ 117.534670][ T3985] veth1_vlan: left promiscuous mode [ 117.540159][ T3985] veth0_vlan: left promiscuous mode [ 117.589072][ T940] usb 1-1: 0:2 : does not exist [ 117.610149][ T940] usb 1-1: USB disconnect, device number 4 [ 117.646656][ T5544] udevd[5544]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 117.902930][ T5232] Bluetooth: hci1: command tx timeout [ 118.021285][ T6451] loop2: detected capacity change from 0 to 512 [ 118.095409][ T6451] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 118.138476][ T6451] ext4 filesystem being mounted at /11/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 118.298818][ T5969] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.394439][ T6458] loop0: detected capacity change from 0 to 128 [ 118.481388][ T6458] VFS: Found a Xenix FS (block size = 512) on device loop0 [ 118.525216][ T6458] sysv_count_free_blocks: free block count was -2041545935, correcting to 3 [ 118.588232][ T6458] sysv_count_free_inodes: unable to read inode table [ 118.603053][ T6458] sysv_count_free_inodes: unable to read inode table [ 118.614803][ T6463] sysv_count_free_inodes: unable to read inode table [ 118.678280][ T5956] sysv_free_block: trying to free block not in datazone [ 118.691256][ T5956] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 118.701095][ T3985] team0 (unregistering): Port device team_slave_1 removed [ 118.769184][ T5276] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 118.790470][ T3985] team0 (unregistering): Port device team_slave_0 removed [ 118.968092][ T5276] usb 2-1: config 0 has an invalid interface number: 16 but max is 0 [ 118.979922][ T5276] usb 2-1: config 0 has no interface number 0 [ 118.994375][ T5276] usb 2-1: config 0 interface 16 has no altsetting 0 [ 119.014721][ T5276] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=30.4b [ 119.031306][ T5276] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.047490][ T5276] usb 2-1: Product: syz [ 119.063592][ T5276] usb 2-1: Manufacturer: syz [ 119.068309][ T5276] usb 2-1: SerialNumber: syz [ 119.096798][ T5276] usb 2-1: config 0 descriptor?? [ 119.319493][ T5276] usbtest 2-1:0.16: couldn't get endpoints, -71 [ 119.354583][ T5276] usbtest 2-1:0.16: probe with driver usbtest failed with error -71 [ 119.404861][ T5276] usb 2-1: USB disconnect, device number 8 [ 119.563515][ T6351] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.612578][ T6351] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.662615][ T6351] bridge_slave_0: entered allmulticast mode [ 119.692550][ T6351] bridge_slave_0: entered promiscuous mode [ 119.721318][ T6351] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.749716][ T6351] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.782600][ T6351] bridge_slave_1: entered allmulticast mode [ 119.799815][ T6351] bridge_slave_1: entered promiscuous mode [ 119.896327][ T6351] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 119.943172][ T6351] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 119.981200][ T5276] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 119.989090][ T5232] Bluetooth: hci1: command tx timeout [ 120.023768][ T940] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 120.077745][ T6351] team0: Port device team_slave_0 added [ 120.106611][ T6351] team0: Port device team_slave_1 added [ 120.111311][ T6476] loop0: detected capacity change from 0 to 32768 [ 120.162151][ T6476] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 120.174747][ T5276] usb 2-1: config 0 has an invalid interface number: 16 but max is 0 [ 120.184942][ T5276] usb 2-1: config 0 has no interface number 0 [ 120.186209][ T6351] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 120.191151][ T5276] usb 2-1: config 0 interface 16 has no altsetting 0 [ 120.208643][ T5276] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=30.4b [ 120.220806][ T5276] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.231804][ T6351] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 120.233934][ T940] usb 3-1: Using ep0 maxpacket: 32 [ 120.263108][ T5276] usb 2-1: Product: syz [ 120.267451][ T5276] usb 2-1: Manufacturer: syz [ 120.272058][ T5276] usb 2-1: SerialNumber: syz [ 120.284143][ T5276] usb 2-1: config 0 descriptor?? [ 120.290948][ T940] usb 3-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 120.300492][ T940] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.308894][ T940] usb 3-1: Product: syz [ 120.313438][ T940] usb 3-1: Manufacturer: syz [ 120.318109][ T940] usb 3-1: SerialNumber: syz [ 120.330465][ T940] usb 3-1: config 0 descriptor?? [ 120.345393][ T6351] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 120.420307][ T6476] XFS (loop0): Ending clean mount [ 120.429432][ T6351] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 120.448143][ T6476] XFS (loop0): Quotacheck needed: Please wait. [ 120.454714][ T6351] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 120.528572][ T6476] XFS (loop0): Quotacheck: Done. [ 120.535708][ T6351] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 120.658204][ T5956] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 120.676787][ T6351] hsr_slave_0: entered promiscuous mode [ 120.697079][ T6351] hsr_slave_1: entered promiscuous mode [ 120.703354][ C0] raw-gadget.0 gadget.1: ignoring, device is not running [ 120.710675][ C0] raw-gadget.0 gadget.1: ignoring, device is not running [ 120.722360][ C0] raw-gadget.0 gadget.1: ignoring, device is not running [ 120.729430][ C0] hrtimer: interrupt took 7133301 ns [ 120.735820][ C0] raw-gadget.0 gadget.1: ignoring, device is not running [ 120.763027][ T5276] usbtest 2-1:0.16: couldn't get endpoints, -71 [ 120.769426][ T5276] usbtest 2-1:0.16: probe with driver usbtest failed with error -71 [ 120.791962][ T6351] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 120.792653][ T940] airspy 3-1:0.0: Board ID: 00 [ 120.807682][ T5276] usb 2-1: USB disconnect, device number 9 [ 120.828705][ T6351] Cannot create hsr debugfs directory [ 120.839548][ T940] airspy 3-1:0.0: Firmware version: [ 122.062799][ T940] airspy 3-1:0.0: usb_control_msg() failed -110 request 0e [ 122.082361][ T5232] Bluetooth: hci1: command tx timeout [ 122.235403][ T940] airspy 3-1:0.0: Registered as swradio16 [ 122.241178][ T940] airspy 3-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 122.757180][ T6516] loop4: detected capacity change from 0 to 2048 [ 122.852223][ T6516] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 123.294202][ T6351] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 123.314210][ T6351] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 123.327489][ T6351] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 123.345953][ T6351] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 123.464102][ T6351] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.491629][ T6351] 8021q: adding VLAN 0 to HW filter on device team0 [ 123.511351][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.518517][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.537740][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.544909][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.581224][ T6351] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 123.775708][ T6351] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 123.846777][ T6351] veth0_vlan: entered promiscuous mode [ 123.871313][ T6351] veth1_vlan: entered promiscuous mode [ 123.906846][ T6351] veth0_macvtap: entered promiscuous mode [ 123.918497][ T6351] veth1_macvtap: entered promiscuous mode [ 123.937409][ T6351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.949769][ T6351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.972384][ T6351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.992238][ T8] usb 3-1: USB disconnect, device number 5 [ 123.992359][ T6351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.014561][ T6351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 124.042473][ T6351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.059648][ T6351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 124.074657][ T6351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.086666][ T6351] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 124.097780][ T6351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.110954][ T6351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.121351][ T6351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.132610][ T6351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.142828][ T6351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.153581][ T6351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.163589][ T6351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.175385][ T6351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.186578][ T6351] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 124.204487][ T6351] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.222374][ T6351] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.231100][ T6351] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.245109][ T6351] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.329468][ T3040] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.340633][ T3040] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.390680][ T999] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.400095][ T999] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.656586][ T6650] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 126.797339][ T6654] loop4: detected capacity change from 0 to 4096 [ 127.826870][ T6659] loop3: detected capacity change from 0 to 32768 [ 127.893499][ T6659] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 127.922833][ T6659] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 127.966812][ T6676] loop0: detected capacity change from 0 to 8192 [ 128.025735][ T6676] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 128.054707][ T6659] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 128.084429][ T5276] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 128.091741][ T5276] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 128.177958][ T5276] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 86ms [ 128.203698][ T5276] gfs2: fsid=syz:syz.0: jid=0: Done [ 128.230742][ T6659] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 128.263337][ T6690] Bluetooth: MGMT ver 1.23 [ 128.390415][ T6659] gfs2: fsid=syz:syz.0: gfs2_check_dirent: gfs2_dirent too small (not first in block) [ 128.400425][ T6659] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 12 2341, function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 589 [ 128.414912][ T6659] gfs2: fsid=syz:syz.0: G: s:SH n:2/925 f:aqob t:SH d:EX/0 a:0 v:0 r:2 m:20 p:1 [ 128.424122][ T6659] gfs2: fsid=syz:syz.0: H: s:SH f:H e:0 p:6659 [syz.3.305] __gfs2_lookup+0xa4/0x280 [ 128.434128][ T6659] gfs2: fsid=syz:syz.0: I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0 [ 128.442851][ T6659] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 128.450400][ T6659] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 128.459277][ T6659] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 128.471640][ T6659] gfs2: fsid=syz:syz.0: File system withdrawn [ 128.480134][ T6659] CPU: 0 UID: 0 PID: 6659 Comm: syz.3.305 Not tainted 6.11.0-rc5-next-20240827-syzkaller #0 [ 128.490230][ T6659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 128.500285][ T6659] Call Trace: [ 128.503558][ T6659] [ 128.506480][ T6659] dump_stack_lvl+0x241/0x360 [ 128.511163][ T6659] ? __pfx_dump_stack_lvl+0x10/0x10 [ 128.516371][ T6659] ? __pfx__printk+0x10/0x10 [ 128.520961][ T6659] ? kobject_uevent_env+0x54d/0x8e0 [ 128.526155][ T6659] gfs2_withdraw+0xefa/0x1460 [ 128.530848][ T6659] ? __pfx_gfs2_withdraw+0x10/0x10 [ 128.535977][ T6659] ? gfs2_dirent_scan+0x27c/0x670 [ 128.541014][ T6659] ? __pfx__printk+0x10/0x10 [ 128.545600][ T6659] ? gfs2_consist_inode_i+0xf5/0x110 [ 128.550880][ T6659] gfs2_dirent_scan+0x52b/0x670 [ 128.555722][ T6659] ? gfs2_permission+0x275/0x450 [ 128.560649][ T6659] ? __pfx_gfs2_dirent_find+0x10/0x10 [ 128.566025][ T6659] gfs2_dirent_search+0x30e/0x8c0 [ 128.571058][ T6659] ? __pfx_gfs2_dirent_find+0x10/0x10 [ 128.576422][ T6659] ? generic_permission+0x1e0/0x550 [ 128.581650][ T6659] ? __pfx_gfs2_dirent_search+0x10/0x10 [ 128.587203][ T6659] ? gfs2_permission+0x37c/0x450 [ 128.592152][ T6659] ? __pfx___might_resched+0x10/0x10 [ 128.597446][ T6659] gfs2_dir_search+0xb2/0x2f0 [ 128.602149][ T6659] ? __pfx_gfs2_dir_search+0x10/0x10 [ 128.607545][ T6659] ? inode_go_held+0xea/0x200 [ 128.612248][ T6659] ? gfs2_glock_wait+0x21a/0x2b0 [ 128.617222][ T6659] gfs2_lookupi+0x461/0x5e0 [ 128.621757][ T6659] ? __pfx_gfs2_lookupi+0x10/0x10 [ 128.626805][ T6659] ? __gfs2_lookup+0xa4/0x280 [ 128.631510][ T6659] ? d_alloc_parallel+0x14a8/0x1600 [ 128.636744][ T6659] __gfs2_lookup+0xa4/0x280 [ 128.641274][ T6659] ? __pfx___gfs2_lookup+0x10/0x10 [ 128.646420][ T6659] ? __d_lookup+0x706/0x7b0 [ 128.650955][ T6659] gfs2_atomic_open+0x9e/0x230 [ 128.655759][ T6659] ? __pfx_gfs2_atomic_open+0x10/0x10 [ 128.661128][ T6659] path_openat+0x101b/0x3590 [ 128.665722][ T6659] ? __pfx_path_openat+0x10/0x10 [ 128.670676][ T6659] do_filp_open+0x235/0x490 [ 128.675205][ T6659] ? __pfx_do_filp_open+0x10/0x10 [ 128.680251][ T6659] ? _raw_spin_unlock+0x28/0x50 [ 128.685109][ T6659] ? alloc_fd+0x5a1/0x640 [ 128.689463][ T6659] do_sys_openat2+0x13e/0x1d0 [ 128.694130][ T6659] ? __pfx_do_sys_openat2+0x10/0x10 [ 128.699347][ T6659] ? fd_install+0x35c/0x5d0 [ 128.703845][ T6659] __x64_sys_openat+0x247/0x2a0 [ 128.708686][ T6659] ? __pfx___x64_sys_openat+0x10/0x10 [ 128.714054][ T6659] ? do_syscall_64+0x100/0x230 [ 128.718812][ T6659] ? do_syscall_64+0xb6/0x230 [ 128.723488][ T6659] do_syscall_64+0xf3/0x230 [ 128.727987][ T6659] ? clear_bhb_loop+0x35/0x90 [ 128.732670][ T6659] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.738575][ T6659] RIP: 0033:0x7f5918179e79 [ 128.742986][ T6659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.762691][ T6659] RSP: 002b:00007f5918fdf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 128.771125][ T6659] RAX: ffffffffffffffda RBX: 00007f5918315f80 RCX: 00007f5918179e79 [ 128.779093][ T6659] RDX: 000000000000275a RSI: 0000000020000000 RDI: ffffffffffffff9c [ 128.787069][ T6659] RBP: 00007f59181e793e R08: 0000000000000000 R09: 0000000000000000 [ 128.795047][ T6659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.803006][ T6659] R13: 0000000000000000 R14: 00007f5918315f80 R15: 00007ffd4a24d758 [ 128.810973][ T6659] [ 129.153151][ T6702] loop4: detected capacity change from 0 to 512 [ 129.206557][ T6700] loop0: detected capacity change from 0 to 1024 [ 129.229842][ T6702] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 129.295716][ T6702] ext4 filesystem being mounted at /83/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 129.421189][ T6698] loop2: detected capacity change from 0 to 32768 [ 129.430999][ T940] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 129.483755][ T6698] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 129.491970][ T6698] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 129.520780][ T6698] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 129.526145][ T5227] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 129.540671][ T5276] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 129.548168][ T5276] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 129.636954][ T940] usb 2-1: config 220 has too many interfaces: 184, using maximum allowed: 32 [ 129.653648][ T5276] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 105ms [ 129.661407][ T5276] gfs2: fsid=syz:syz.0: jid=0: Done [ 129.672586][ T940] usb 2-1: config 220 has 1 interface, different from the descriptor's value: 184 [ 129.681855][ T940] usb 2-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85 [ 129.704623][ T6698] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 129.714931][ T940] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.779309][ T940] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 129.804158][ T6698] gfs2: fsid=syz:syz.0: gfs2_check_dirent: gfs2_dirent too small (not first in block) [ 129.811619][ T6717] loop0: detected capacity change from 0 to 1024 [ 129.814366][ T6698] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 12 2341, function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 589 [ 129.837359][ T6698] gfs2: fsid=syz:syz.0: G: s:SH n:2/925 f:aqob t:SH d:EX/0 a:0 v:0 r:2 m:20 p:1 [ 129.846608][ T6698] gfs2: fsid=syz:syz.0: H: s:SH f:H e:0 p:6698 [syz.2.330] __gfs2_lookup+0xa4/0x280 [ 129.856311][ T6698] gfs2: fsid=syz:syz.0: I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0 [ 129.866154][ T6698] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 129.873566][ T6698] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 129.882418][ T6698] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 129.889069][ T6698] gfs2: fsid=syz:syz.0: File system withdrawn [ 129.891334][ T6717] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 129.895286][ T6698] CPU: 0 UID: 0 PID: 6698 Comm: syz.2.330 Not tainted 6.11.0-rc5-next-20240827-syzkaller #0 [ 129.913918][ T6698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 129.923992][ T6698] Call Trace: [ 129.927282][ T6698] [ 129.930213][ T6698] dump_stack_lvl+0x241/0x360 [ 129.934895][ T6698] ? __pfx_dump_stack_lvl+0x10/0x10 [ 129.940097][ T6698] ? __wake_up_klogd+0xcc/0x110 [ 129.944962][ T6698] ? dump_stack+0x9/0x20 [ 129.949308][ T6698] gfs2_withdraw+0xefa/0x1460 [ 129.954000][ T6698] ? __pfx_gfs2_withdraw+0x10/0x10 [ 129.959114][ T6698] ? gfs2_dirent_scan+0x27c/0x670 [ 129.964138][ T6698] ? __pfx__printk+0x10/0x10 [ 129.968742][ T6698] ? gfs2_consist_inode_i+0xf5/0x110 [ 129.974028][ T6698] gfs2_dirent_scan+0x52b/0x670 [ 129.978877][ T6698] ? gfs2_permission+0x275/0x450 [ 129.983814][ T6698] ? __pfx_gfs2_dirent_find+0x10/0x10 [ 129.989186][ T6698] gfs2_dirent_search+0x30e/0x8c0 [ 129.994206][ T6698] ? __pfx_gfs2_dirent_find+0x10/0x10 [ 129.999571][ T6698] ? generic_permission+0x1e0/0x550 [ 130.004767][ T6698] ? __pfx_gfs2_dirent_search+0x10/0x10 [ 130.010310][ T6698] ? gfs2_permission+0x37c/0x450 [ 130.015249][ T6698] ? __pfx___might_resched+0x10/0x10 [ 130.020534][ T6698] gfs2_dir_search+0xb2/0x2f0 [ 130.025207][ T6698] ? __pfx_gfs2_dir_search+0x10/0x10 [ 130.030482][ T6698] ? inode_go_held+0xea/0x200 [ 130.035150][ T6698] ? gfs2_glock_wait+0x21a/0x2b0 [ 130.040089][ T6698] gfs2_lookupi+0x461/0x5e0 [ 130.044588][ T6698] ? __pfx_gfs2_lookupi+0x10/0x10 [ 130.049603][ T6698] ? __gfs2_lookup+0xa4/0x280 [ 130.054270][ T6698] ? d_alloc_parallel+0x14a8/0x1600 [ 130.059464][ T6698] __gfs2_lookup+0xa4/0x280 [ 130.063962][ T6698] ? __pfx___gfs2_lookup+0x10/0x10 [ 130.069070][ T6698] ? __d_lookup+0x706/0x7b0 [ 130.073570][ T6698] gfs2_atomic_open+0x9e/0x230 [ 130.078324][ T6698] ? __pfx_gfs2_atomic_open+0x10/0x10 [ 130.083688][ T6698] path_openat+0x101b/0x3590 [ 130.088292][ T6698] ? __pfx_path_openat+0x10/0x10 [ 130.093232][ T6698] do_filp_open+0x235/0x490 [ 130.097729][ T6698] ? __pfx_do_filp_open+0x10/0x10 [ 130.102761][ T6698] ? _raw_spin_unlock+0x28/0x50 [ 130.107604][ T6698] ? alloc_fd+0x5a1/0x640 [ 130.111935][ T6698] do_sys_openat2+0x13e/0x1d0 [ 130.116611][ T6698] ? __pfx_do_sys_openat2+0x10/0x10 [ 130.121801][ T6698] ? fd_install+0x35c/0x5d0 [ 130.126305][ T6698] __x64_sys_openat+0x247/0x2a0 [ 130.131146][ T6698] ? __pfx___x64_sys_openat+0x10/0x10 [ 130.136516][ T6698] ? do_syscall_64+0x100/0x230 [ 130.141276][ T6698] ? do_syscall_64+0xb6/0x230 [ 130.145949][ T6698] do_syscall_64+0xf3/0x230 [ 130.150446][ T6698] ? clear_bhb_loop+0x35/0x90 [ 130.155118][ T6698] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.161006][ T6698] RIP: 0033:0x7fc9d2b79e79 [ 130.165449][ T6698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.185042][ T6698] RSP: 002b:00007fc9d3a07038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 130.193449][ T6698] RAX: ffffffffffffffda RBX: 00007fc9d2d15f80 RCX: 00007fc9d2b79e79 [ 130.201410][ T6698] RDX: 000000000000275a RSI: 0000000020000000 RDI: ffffffffffffff9c [ 130.209369][ T6698] RBP: 00007fc9d2be793e R08: 0000000000000000 R09: 0000000000000000 [ 130.217336][ T6698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 130.225299][ T6698] R13: 0000000000000000 R14: 00007fc9d2d15f80 R15: 00007ffcb07ce398 [ 130.233274][ T6698] [ 130.245091][ T940] gspca_sn9c2028: read1 error -32 [ 130.296615][ T6717] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=f04cc01c, mo2=0002] [ 130.307649][ T6717] System zones: 0-1, 3-36 [ 130.333774][ T6717] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 130.456010][ T940] gspca_sn9c2028: read1 error -71 [ 130.461149][ T940] sn9c2028 2-1:220.0: probe with driver sn9c2028 failed with error -71 [ 130.474108][ T940] usb 2-1: USB disconnect, device number 10 [ 130.534444][ T6717] EXT4-fs (loop0): Online resizing not supported with bigalloc [ 130.579638][ T6715] loop3: detected capacity change from 0 to 32768 [ 130.733897][ T5956] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.026777][ T6726] loop2: detected capacity change from 0 to 32768 [ 132.795393][ T6741] loop1: detected capacity change from 0 to 1024 [ 132.799001][ T6742] loop0: detected capacity change from 0 to 1024 [ 132.964533][ T6746] loop2: detected capacity change from 0 to 1024 [ 133.027383][ T6742] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 133.079486][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.086862][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.176030][ T6746] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 133.555135][ T6759] netlink: 12 bytes leftover after parsing attributes in process `syz.4.342'. [ 133.653754][ T5969] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.677060][ T6738] loop3: detected capacity change from 0 to 32768 [ 133.684737][ T6738] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.337 (6738) [ 133.685518][ T5956] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.770929][ T6761] loop1: detected capacity change from 0 to 4096 [ 133.797904][ T6761] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 133.910565][ T6738] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 133.932801][ T6738] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 133.941555][ T6738] BTRFS info (device loop3): using free-space-tree [ 134.356423][ T6351] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 134.957904][ T6763] loop4: detected capacity change from 0 to 40427 [ 134.993415][ T6786] loop2: detected capacity change from 0 to 32768 [ 135.001976][ T6763] F2FS-fs (loop4): heap/no_heap options were deprecated [ 135.010418][ T6786] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.349 (6786) [ 135.028384][ T6786] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 135.055561][ T6786] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 135.064593][ T6763] F2FS-fs (loop4): invalid crc value [ 135.084760][ T6763] F2FS-fs (loop4): Found nat_bits in checkpoint [ 135.103023][ T6786] BTRFS info (device loop2): using free-space-tree [ 135.169714][ T6811] loop0: detected capacity change from 0 to 64 [ 135.272079][ T6786] BTRFS info (device loop2): rebuilding free space tree [ 135.312416][ T6763] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 135.395872][ T6763] syz.4.347: attempt to access beyond end of device [ 135.395872][ T6763] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 135.457496][ T6796] loop3: detected capacity change from 0 to 32768 [ 135.565550][ T6796] ERROR: (device loop3): diAllocBit: iag inconsistent [ 135.565550][ T6796] [ 135.607461][ T6796] ialloc: diAlloc returned -5! [ 135.610312][ T5227] syz-executor: attempt to access beyond end of device [ 135.610312][ T5227] loop4: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 135.704806][ T5227] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 135.730915][ T6828] loop0: detected capacity change from 0 to 2048 [ 135.824384][ T6828] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 135.939868][ T5969] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 136.105973][ T5956] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.309715][ T6834] loop0: detected capacity change from 0 to 128 [ 136.353162][ T6825] loop1: detected capacity change from 0 to 32768 [ 136.379788][ T6834] EXT4-fs: Ignoring removed nobh option [ 136.449894][ T6825] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 136.489913][ T6834] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 136.515769][ T6847] netlink: 4 bytes leftover after parsing attributes in process `syz.3.361'. [ 136.555429][ T6834] ext4 filesystem being mounted at /39/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 136.620408][ T6825] XFS (loop1): Ending clean mount [ 136.631944][ T6825] XFS (loop1): Quotacheck needed: Please wait. [ 136.717425][ T6825] XFS (loop1): Quotacheck: Done. [ 136.724647][ T5956] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 136.970421][ T5236] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 136.991511][ T6865] loop3: detected capacity change from 0 to 512 [ 137.046390][ T6870] loop0: detected capacity change from 0 to 1024 [ 137.053640][ T6870] EXT4-fs: Ignoring removed mblk_io_submit option [ 137.188134][ T6865] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.372: invalid indirect mapped block 256 (level 2) [ 137.198366][ T6870] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 137.211449][ T6865] EXT4-fs (loop3): 2 truncates cleaned up [ 137.221353][ T6865] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 137.299982][ T6875] syz.4.375[6875] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 137.300059][ T6875] syz.4.375[6875] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 137.323650][ T6870] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #12: comm syz.0.374: corrupted xattr block 255: invalid header [ 137.345938][ T6875] syz.4.375[6875] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 137.355048][ T6351] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.523447][ T5956] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.538108][ T6880] loop3: detected capacity change from 0 to 256 [ 137.629832][ T6886] loop4: detected capacity change from 0 to 64 [ 137.911630][ T6886] hfs: request for non-existent node 131072 in B*Tree [ 137.947719][ T6886] hfs: request for non-existent node 131072 in B*Tree [ 137.978576][ T6898] loop0: detected capacity change from 0 to 1024 [ 138.011542][ T6898] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 138.212486][ T940] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 138.472819][ T940] usb 2-1: Using ep0 maxpacket: 16 [ 138.496394][ T940] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 138.509642][ T940] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 138.567827][ T940] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 138.580619][ T940] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.610622][ T940] usb 2-1: Product: syz [ 138.615829][ T6895] loop2: detected capacity change from 0 to 32768 [ 138.622914][ T940] usb 2-1: Manufacturer: syz [ 138.627543][ T940] usb 2-1: SerialNumber: syz [ 138.642261][ T6895] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.384 (6895) [ 138.657500][ T940] usb 2-1: config 0 descriptor?? [ 138.676472][ T940] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 138.690165][ T940] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 138.705777][ T6895] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 138.724216][ T6895] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 138.733926][ T6895] BTRFS info (device loop2): using free-space-tree [ 138.833092][ T25] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 138.982455][ T6936] loop0: detected capacity change from 0 to 2048 [ 139.090291][ T6936] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 139.107827][ T25] usb 5-1: Using ep0 maxpacket: 8 [ 139.149180][ T25] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 139.179062][ T6936] ext4 filesystem being mounted at /47/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 139.191757][ T25] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 139.216087][ T25] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 139.243017][ T5969] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 139.252232][ T25] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 139.281186][ T25] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 139.307864][ T940] em28xx 2-1:0.0: unknown em28xx chip ID (61) [ 139.326823][ T25] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 139.363264][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.403800][ T6906] loop3: detected capacity change from 0 to 40427 [ 139.407447][ T6936] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: none. [ 139.430659][ T6906] F2FS-fs (loop3): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 139.471870][ T6906] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 139.505124][ T6906] F2FS-fs (loop3): invalid crc value [ 139.515882][ T940] em28xx 2-1:0.0: Config register raw data: 0x3d [ 139.531219][ T940] em28xx 2-1:0.0: I2S Audio (5 sample rate(s)) [ 139.549878][ T6906] F2FS-fs (loop3): Found nat_bits in checkpoint [ 139.553775][ T5956] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.572583][ T940] em28xx 2-1:0.0: No AC97 audio processor [ 139.597165][ T25] usb 5-1: GET_CAPABILITIES returned 0 [ 139.629901][ T25] usbtmc 5-1:16.0: can't read capabilities [ 139.691117][ T6906] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 139.702792][ T6906] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 139.798203][ T6947] loop2: detected capacity change from 0 to 2048 [ 139.806385][ T5361] usb 5-1: USB disconnect, device number 4 [ 139.814608][ T6351] syz-executor: attempt to access beyond end of device [ 139.814608][ T6351] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 139.831773][ T6351] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 139.865475][ T6947] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 139.891105][ T6947] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 139.920576][ T940] usb 2-1: USB disconnect, device number 11 [ 139.947036][ T6947] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 140.511207][ T6966] netlink: 28 bytes leftover after parsing attributes in process `syz.2.403'. [ 140.577127][ T6970] loop4: detected capacity change from 0 to 128 [ 140.618614][ T6970] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 140.842442][ T6970] ext4 filesystem being mounted at /99/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 142.223291][ T6961] loop3: detected capacity change from 0 to 32768 [ 143.062608][ T6959] loop0: detected capacity change from 0 to 40427 [ 144.005651][ T6959] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 144.092378][ T6959] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 145.212676][ T6959] F2FS-fs (loop0): invalid crc value [ 145.582508][ T6959] F2FS-fs (loop0): Found nat_bits in checkpoint [ 146.133979][ T6961] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.397 (6961) [ 146.186447][ T6959] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 146.382501][ T6961] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 146.412805][ T6959] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 146.592595][ T6961] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 146.734515][ T6961] BTRFS info (device loop3): using free-space-tree [ 148.744982][ T6961] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 148.768959][ T6961] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 148.793033][ T6961] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 148.808506][ T6961] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 148.836004][ T6961] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 148.847248][ T6961] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 148.873150][ T5227] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 148.896240][ T6961] BTRFS error (device loop3): open_ctree failed [ 149.162610][ T7004] loop3: detected capacity change from 0 to 1024 [ 149.295567][ T7004] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 149.458224][ T6351] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.624961][ T7010] loop3: detected capacity change from 0 to 8 [ 149.641899][ T7010] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 149.686147][ T7010] cramfs: root is not a directory [ 149.723399][ T7010] netlink: 'syz.3.414': attribute type 1 has an invalid length. [ 149.778293][ T7012] loop0: detected capacity change from 0 to 512 [ 149.813207][ T7012] EXT4-fs: Ignoring removed mblk_io_submit option [ 149.832601][ T7012] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 149.896834][ T7012] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.411: corrupted in-inode xattr: e_value out of bounds [ 150.053072][ T7012] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.411: couldn't read orphan inode 15 (err -117) [ 150.088292][ T7012] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 150.251398][ T6995] loop1: detected capacity change from 0 to 32768 [ 150.278969][ T6995] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.409 (6995) [ 150.616855][ T7005] loop2: detected capacity change from 0 to 32768 [ 150.687629][ T7015] loop3: detected capacity change from 0 to 32768 [ 150.839330][ T5956] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 151.529889][ T7018] loop2: detected capacity change from 0 to 32768 [ 151.632536][ T7015] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.415 (7015) [ 151.649914][ T6995] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 151.665027][ T7018] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 151.702224][ T6995] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 151.800455][ T6995] BTRFS info (device loop1): using free-space-tree [ 151.816483][ T7015] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 151.828644][ T7015] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 151.843259][ T7015] BTRFS info (device loop3): using free-space-tree [ 152.016306][ T7018] XFS (loop2): Ending clean mount [ 152.042795][ T6995] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 152.043100][ T6995] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 152.229557][ T5969] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 152.443449][ T6995] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 152.616746][ T7046] loop0: detected capacity change from 0 to 40427 [ 152.654096][ T7046] F2FS-fs (loop0): Wrong NAT boundary, start(2560) end(462336) blocks(1024) [ 152.706967][ T7046] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 152.731549][ T7046] F2FS-fs (loop0): Found nat_bits in checkpoint [ 152.801022][ T7046] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 152.918661][ T7046] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 152.962883][ T7015] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 152.963163][ T7015] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 153.022100][ T7015] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 153.135612][ T6995] BTRFS error (device loop1): open_ctree failed [ 153.152183][ T7015] BTRFS error (device loop3): open_ctree failed [ 153.546730][ T5956] syz-executor: attempt to access beyond end of device [ 153.546730][ T5956] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 153.627356][ T5956] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 153.896681][ T7075] loop3: detected capacity change from 0 to 64 [ 154.011488][ T7075] hfs: request for non-existent node 237 in B*Tree [ 154.050054][ T7075] hfs: request for non-existent node 237 in B*Tree [ 154.109902][ T7075] hfs: request for non-existent node 237 in B*Tree [ 154.137772][ T7075] hfs: request for non-existent node 237 in B*Tree [ 154.215164][ T7075] hfs: request for non-existent node 237 in B*Tree [ 154.242751][ T7079] 9pnet: p9_errstr2errno: server reported unknown error œæøýÓ®“Ö¤jê [ 154.261421][ T7075] hfs: request for non-existent node 237 in B*Tree [ 154.318020][ T7078] hfs: request for non-existent node 237 in B*Tree [ 154.340415][ T7078] hfs: request for non-existent node 237 in B*Tree [ 154.395313][ T5956] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 155.186725][ T7090] loop1: detected capacity change from 0 to 64 [ 156.070100][ T7100] program syz.3.433 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 156.471317][ T7094] loop2: detected capacity change from 0 to 32768 [ 156.503987][ T7094] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.431 (7094) [ 156.564826][ T7094] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 156.649736][ T7094] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 156.687999][ T7094] BTRFS info (device loop2): using free-space-tree [ 158.131954][ T7119] loop0: detected capacity change from 0 to 40427 [ 158.157702][ T7119] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 158.184595][ T7119] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 158.195119][ T7119] F2FS-fs (loop0): invalid crc value [ 158.210244][ T7119] F2FS-fs (loop0): Found nat_bits in checkpoint [ 158.295446][ T7119] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 158.307193][ T7119] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 158.468603][ T7119] syz.0.438: attempt to access beyond end of device [ 158.468603][ T7119] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 158.546606][ T5969] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 158.835976][ T7136] syz.0.438: attempt to access beyond end of device [ 158.835976][ T7136] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 158.881928][ T7139] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 159.041608][ T7141] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 159.069269][ T7141] macvtap1: entered allmulticast mode [ 159.087112][ T7143] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 159.096908][ T7141] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 159.588690][ T5361] kernel write not supported for file bpf-prog (pid: 5361 comm: kworker/1:5) [ 160.035151][ T7141] netdevsim netdevsim1 netdevsim0: left allmulticast mode [ 160.050807][ T7141] netdevsim netdevsim1 netdevsim0: left promiscuous mode [ 160.131286][ T5242] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 160.154564][ T7157] loop3: detected capacity change from 0 to 512 [ 160.229113][ T5956] syz-executor: attempt to access beyond end of device [ 160.229113][ T5956] loop0: rw=2051, sector=45096, nr_sectors = 8 limit=40427 [ 160.251024][ T5956] F2FS-fs (loop0): Issue discard(5637, 5637, 1) failed, ret: -5 [ 160.422805][ T5242] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 160.433387][ T5242] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 160.441284][ T5242] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 160.448947][ T5242] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 160.456268][ T5242] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 160.573623][ T7157] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 160.622881][ T29] audit: type=1800 audit(1724787072.683:4): pid=7157 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.447" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 160.684954][ T6351] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.989242][ T7168] Process accounting resumed [ 161.285615][ T7176] loop2: detected capacity change from 0 to 8 [ 161.309828][ T7176] overlayfs: failed to resolve './file1': -2 [ 161.524298][ T7153] chnl_net:caif_netlink_parms(): no params data found [ 161.870696][ T7153] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.963988][ T7153] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.971561][ T7153] bridge_slave_0: entered allmulticast mode [ 161.983295][ T7153] bridge_slave_0: entered promiscuous mode [ 162.018920][ T7153] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.026524][ T7189] fuse: Bad value for 'fd' [ 162.050705][ T7153] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.080526][ T7153] bridge_slave_1: entered allmulticast mode [ 162.097901][ T7153] bridge_slave_1: entered promiscuous mode [ 162.332207][ T7153] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 162.379687][ T7153] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 162.580233][ T5232] Bluetooth: hci4: command tx timeout [ 162.601899][ T7153] team0: Port device team_slave_0 added [ 162.821786][ T7153] team0: Port device team_slave_1 added [ 163.014210][ T7153] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 163.021194][ T7153] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.129519][ T7197] loop3: detected capacity change from 0 to 4096 [ 163.149423][ T7197] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512). [ 163.191708][ T7153] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 163.240357][ T7197] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 163.268071][ T7153] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 163.320770][ T7153] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.402813][ T7197] ntfs3: loop3: Failed to initialize $Extend/$ObjId. [ 163.438176][ T7191] loop2: detected capacity change from 0 to 32768 [ 163.451410][ T7153] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 163.542469][ T7153] hsr_slave_0: entered promiscuous mode [ 163.548915][ T7153] hsr_slave_1: entered promiscuous mode [ 163.555319][ T7153] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 163.562986][ T7153] Cannot create hsr debugfs directory [ 163.657493][ T7153] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.813279][ T7181] loop1: detected capacity change from 0 to 32768 [ 163.834114][ T7153] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.015246][ T7191] XFS (loop2): DAX unsupported by block device. Turning off DAX. [ 164.030139][ T7191] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 164.089963][ T7205] loop3: detected capacity change from 0 to 2048 [ 164.180049][ T7153] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.237459][ T7191] XFS (loop2): Ending clean mount [ 164.253299][ T7153] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.321294][ T7191] XFS (loop2): Quotacheck needed: Please wait. [ 164.349569][ T7205] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 164.368086][ T29] audit: type=1800 audit(1724787076.453:5): pid=7205 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.461" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 164.612000][ T7153] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 164.627303][ T7191] XFS (loop2): Quotacheck: Done. [ 164.639334][ T5232] Bluetooth: hci4: command tx timeout [ 164.705335][ T7153] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 164.887180][ T7153] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 164.946305][ T7153] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 165.178008][ T5969] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 165.660265][ T7217] loop0: detected capacity change from 0 to 40427 [ 165.734952][ T7153] 8021q: adding VLAN 0 to HW filter on device bond0 [ 165.766746][ T7217] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 165.776337][ T7217] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 165.786850][ T7153] 8021q: adding VLAN 0 to HW filter on device team0 [ 165.915277][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.922437][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 165.980700][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.987888][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.030141][ T6351] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.703073][ T5232] Bluetooth: hci4: command tx timeout [ 166.786433][ T7217] F2FS-fs (loop0): Found nat_bits in checkpoint [ 166.870175][ T7237] netlink: 4 bytes leftover after parsing attributes in process `syz.3.468'. [ 167.043231][ T7217] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 167.050308][ T7217] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 167.541433][ T7250] loop3: detected capacity change from 0 to 4096 [ 167.667318][ T7253] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 167.740652][ T29] audit: type=1804 audit(1724787079.823:6): pid=7250 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.470" name="/newroot/46/file0/bus" dev="loop3" ino=18 res=1 errno=0 [ 168.188911][ T7255] loop3: detected capacity change from 0 to 512 [ 168.601314][ T7153] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 168.782912][ T5232] Bluetooth: hci4: command tx timeout [ 168.822660][ T7255] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 168.835573][ T7255] ext4 filesystem being mounted at /47/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 169.039484][ T7229] loop2: detected capacity change from 0 to 32768 [ 169.188851][ T6351] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.260861][ T7229] XFS (loop2): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 169.429233][ T7229] workqueue: Failed to create a rescuer kthread for wq "xfs-log/loop2": -EINTR [ 169.429646][ T7229] XFS (loop2): log mount failed [ 170.626921][ T7294] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 170.861200][ T7299] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 171.203333][ T7306] netlink: 'syz.1.486': attribute type 10 has an invalid length. [ 171.224623][ T7307] kernel read not supported for file /!d| (pid: 7307 comm: syz.3.487) [ 171.266406][ T7306] bond0: (slave bond_slave_0): Releasing backup interface [ 171.293960][ T29] audit: type=1800 audit(1724787083.373:7): pid=7307 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.487" name="!d|" dev="mqueue" ino=14647 res=0 errno=0 [ 171.315603][ T7309] 9pnet_fd: Insufficient options for proto=fd [ 171.520886][ T7310] loop2: detected capacity change from 0 to 512 [ 171.582721][ T7310] EXT4-fs (loop2): blocks per group (255) and clusters per group (8192) inconsistent [ 171.694322][ T7153] veth0_vlan: entered promiscuous mode [ 171.789222][ T7153] veth1_vlan: entered promiscuous mode [ 171.914657][ T7153] veth0_macvtap: entered promiscuous mode [ 171.964641][ T7153] veth1_macvtap: entered promiscuous mode [ 172.036571][ T7153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 172.088244][ T7153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.108165][ T7153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 172.121335][ T7153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.161768][ T7153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 172.192409][ T7153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.382491][ T7153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 172.393555][ T7153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.421691][ T7153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 172.449403][ T7153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.541085][ T7153] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 172.550284][ T7320] loop1: detected capacity change from 0 to 8192 [ 172.584829][ T7153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.660526][ T7153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.721523][ T7153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.766303][ T7153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.811697][ T7153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.849207][ T7153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.875443][ T7153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.918910][ T7153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.958099][ T7153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.989926][ T7153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.018867][ T7153] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 173.199500][ T7330] loop1: detected capacity change from 0 to 64 [ 173.238162][ T7153] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.262679][ T7153] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.281703][ T7153] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.313165][ T7153] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.712266][ T2565] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 173.751786][ T2565] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 173.791357][ T999] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 173.842950][ T999] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 173.900741][ T7337] loop3: detected capacity change from 0 to 8 [ 174.283550][ T7341] loop3: detected capacity change from 0 to 8 [ 174.450827][ T7341] squashfs image failed sanity check [ 174.709431][ T25] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 174.924546][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 174.952230][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 174.992598][ T25] usb 5-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00 [ 174.997546][ T7355] loop2: detected capacity change from 0 to 16 [ 175.021989][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.044176][ T25] usb 5-1: config 0 descriptor?? [ 175.084010][ T7355] erofs: (device loop2): mounted with root inode @ nid 36. [ 175.144212][ T7338] loop0: detected capacity change from 0 to 32768 [ 175.173684][ T7338] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.501 (7338) [ 175.247887][ T7339] loop1: detected capacity change from 0 to 32768 [ 175.280826][ T7338] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 175.305913][ T7338] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 175.320956][ T7338] BTRFS info (device loop0): using free-space-tree [ 175.328429][ T7339] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.500 (7339) [ 175.397745][ T29] audit: type=1326 audit(1724787087.483:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7360 comm="syz.3.506" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5918179e79 code=0x0 [ 175.445488][ T7339] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 175.455964][ T7339] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 175.465141][ T7339] BTRFS info (device loop1): using free-space-tree [ 175.690388][ T5969] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 46 [ 175.730930][ T5969] erofs: (device loop2): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 175.753296][ T5969] erofs: (device loop2): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 176.203230][ T25] redragon 0003:0C45:760B.0004: unknown main item tag 0x0 [ 176.232699][ T25] redragon 0003:0C45:760B.0004: hidraw0: USB HID v0.00 Device [HID 0c45:760b] on usb-dummy_hcd.4-1/input0 [ 176.260584][ T25] usb 5-1: USB disconnect, device number 5 [ 176.385090][ T5236] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 176.487257][ T5956] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 176.526340][ T7409] loop2: detected capacity change from 0 to 64 [ 176.846458][ T7412] loop1: detected capacity change from 0 to 2048 [ 177.077247][ T7417] bridge0: entered allmulticast mode [ 177.178763][ T7418] pimreg: entered allmulticast mode [ 177.182684][ T7412] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 177.196856][ T7412] ext4 filesystem being mounted at /97/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 177.336868][ T5236] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.352691][ T7421] pimreg: left allmulticast mode [ 177.363033][ T7421] bridge0: left allmulticast mode [ 177.860748][ T7435] loop1: detected capacity change from 0 to 16 [ 177.898235][ T7435] erofs: (device loop1): mounted with root inode @ nid 36. [ 178.074292][ T7420] loop2: detected capacity change from 0 to 32768 [ 178.313929][ T5236] erofs: (device loop1): erofs_fill_dentries: bogus dirent @ nid 46 [ 178.348881][ T5236] erofs: (device loop1): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 178.379910][ T7420] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 178.519551][ T5236] erofs: (device loop1): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 178.822247][ T7420] XFS (loop2): Ending clean mount [ 178.895393][ T7420] xfs: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿ¤ Z*¬ð¿Ë m˜.Dc8'ñ@Ø×C9Gö9œùõ?À9†Så¦{»1Ÿ¿JÆöÌÕ¬¿á5 æÒÔŒöÀ‰Ýöqqÿ³±Yˆç³”ÅÚóá' [ 179.122999][ T5969] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 179.160327][ T7472] loop3: detected capacity change from 0 to 512 [ 179.389483][ T7452] loop0: detected capacity change from 0 to 40427 [ 179.408972][ T7452] F2FS-fs (loop0): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 179.421761][ T7472] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 179.437521][ T7472] ext4 filesystem being mounted at /61/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 179.449190][ T7452] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 179.469534][ T7452] F2FS-fs (loop0): invalid crc value [ 179.491718][ T7452] F2FS-fs (loop0): Found nat_bits in checkpoint [ 179.503691][ T7474] loop4: detected capacity change from 0 to 1024 [ 179.687003][ T7452] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 179.704720][ T7452] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 179.722633][ T7482] loop4: detected capacity change from 0 to 16 [ 179.775004][ T6351] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.796188][ T7468] loop1: detected capacity change from 0 to 32768 [ 179.803177][ T7482] erofs: (device loop4): mounted with root inode @ nid 36. [ 179.859074][ T7468] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.530 (7468) [ 179.938912][ T7485] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 179.975122][ T7485] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 179.990853][ T7468] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 180.029272][ T7468] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 180.048851][ T7468] BTRFS info (device loop1): using free-space-tree [ 180.179748][ T52] kworker/u8:3: attempt to access beyond end of device [ 180.179748][ T52] loop0: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 180.198352][ T52] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 180.205669][ T52] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 180.213955][ T52] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 180.221060][ T52] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 180.315508][ T5956] syz-executor: attempt to access beyond end of device [ 180.315508][ T5956] loop0: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 180.330652][ T5956] syz-executor: attempt to access beyond end of device [ 180.330652][ T5956] loop0: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 180.593113][ T7153] erofs: (device loop4): erofs_fill_dentries: bogus dirent @ nid 46 [ 180.638471][ T7153] erofs: (device loop4): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 180.648677][ T5236] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 180.677587][ T7153] erofs: (device loop4): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 180.988545][ T7513] loop2: detected capacity change from 0 to 32768 [ 180.995640][ T7513] XFS: noikeep mount option is deprecated. [ 181.108018][ T7513] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 181.149090][ T3040] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.193781][ T5243] Bluetooth: hci0: command 0x0406 tx timeout [ 181.197748][ T5232] Bluetooth: hci3: command 0x0406 tx timeout [ 181.244842][ T7513] XFS (loop2): Ending clean mount [ 181.254108][ T7513] XFS (loop2): Quotacheck needed: Please wait. [ 181.372463][ T7513] XFS (loop2): Quotacheck: Done. [ 181.683155][ T5969] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 181.699615][ T3040] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.971344][ T3040] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.058566][ T7539] loop3: detected capacity change from 0 to 1024 [ 182.331760][ T3040] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.560005][ T5232] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 182.570126][ T5232] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 182.579397][ T5232] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 182.589380][ T5232] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 182.598475][ T5232] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 182.608083][ T5232] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 182.672913][ T3040] bridge_slave_1: left allmulticast mode [ 182.678598][ T3040] bridge_slave_1: left promiscuous mode [ 182.701562][ T3040] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.719988][ T3040] bridge_slave_0: left allmulticast mode [ 182.726684][ T3040] bridge_slave_0: left promiscuous mode [ 182.739332][ T3040] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.064895][ T7540] loop1: detected capacity change from 0 to 32768 [ 183.173087][ T7540] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 183.242272][ T7540] XFS (loop1): Ending clean mount [ 183.386436][ T5236] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 183.420519][ T3040] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 183.433210][ T3040] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 183.451346][ T3040] bond0 (unregistering): Released all slaves [ 183.735226][ T7545] chnl_net:caif_netlink_parms(): no params data found [ 183.972901][ T7545] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.979985][ T7545] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.009181][ T7545] bridge_slave_0: entered allmulticast mode [ 184.016320][ T7545] bridge_slave_0: entered promiscuous mode [ 184.024672][ T7545] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.031767][ T7545] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.039378][ T7545] bridge_slave_1: entered allmulticast mode [ 184.046410][ T7545] bridge_slave_1: entered promiscuous mode [ 184.096223][ T3040] hsr_slave_0: left promiscuous mode [ 184.112985][ T3040] hsr_slave_1: left promiscuous mode [ 184.134649][ T3040] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 184.142098][ T3040] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 184.200061][ T3040] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 184.219866][ T3040] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 184.296412][ T3040] veth1_macvtap: left promiscuous mode [ 184.301978][ T3040] veth0_macvtap: left promiscuous mode [ 184.309234][ T3040] veth1_vlan: left promiscuous mode [ 184.314603][ T3040] veth0_vlan: left promiscuous mode [ 184.713823][ T5242] Bluetooth: hci2: command tx timeout [ 184.908473][ T3040] team0 (unregistering): Port device team_slave_1 removed [ 184.961968][ T3040] team0 (unregistering): Port device team_slave_0 removed [ 185.680851][ T7545] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.702197][ T7545] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 185.772141][ T7545] team0: Port device team_slave_0 added [ 185.801048][ T7545] team0: Port device team_slave_1 added [ 185.853051][ T7545] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 185.860043][ T7545] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 185.897230][ T7545] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 185.932741][ T7545] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 185.939725][ T7545] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 185.982203][ T7545] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.083646][ T7545] hsr_slave_0: entered promiscuous mode [ 186.100833][ T7545] hsr_slave_1: entered promiscuous mode [ 186.114936][ T7545] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 186.131887][ T7545] Cannot create hsr debugfs directory [ 186.772901][ T7545] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 186.783411][ T5242] Bluetooth: hci2: command tx timeout [ 186.804865][ T7545] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 186.830336][ T7545] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 186.859455][ T7545] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 186.993269][ T7545] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.041236][ T7545] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.055489][ T999] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.062658][ T999] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.099355][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.106523][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.145428][ T7545] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 187.161113][ T7545] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 187.370267][ T7545] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.426812][ T7545] veth0_vlan: entered promiscuous mode [ 187.460389][ T7545] veth1_vlan: entered promiscuous mode [ 187.506193][ T7545] veth0_macvtap: entered promiscuous mode [ 187.527571][ T7545] veth1_macvtap: entered promiscuous mode [ 187.567002][ T7545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 187.578948][ T7545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.595573][ T7545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 187.612876][ T7545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.632360][ T7545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 187.649977][ T7545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.661933][ T7545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 187.682457][ T7545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.699541][ T7545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 187.710644][ T7545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.730294][ T7545] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 187.741268][ T7545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 187.771332][ T7545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.781532][ T7545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 187.792943][ T7545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.803137][ T7545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 187.813813][ T7545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.826104][ T7545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 187.836910][ T7545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.847199][ T7545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 187.858593][ T7545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.870915][ T7545] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 187.908436][ T7545] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.922503][ T7545] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.931312][ T7545] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.972471][ T7545] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.099548][ T2565] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 188.107736][ T2565] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 188.207485][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 188.218020][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 188.348422][ T7636] loop2: detected capacity change from 0 to 256 [ 188.571123][ T7636] syz.2.562: attempt to access beyond end of device [ 188.571123][ T7636] loop2: rw=2049, sector=256, nr_sectors = 132 limit=256 [ 188.862537][ T5242] Bluetooth: hci2: command tx timeout [ 189.042925][ T7669] loop0: detected capacity change from 0 to 16 [ 189.113125][ T7669] erofs: (device loop0): mounted with root inode @ nid 36. [ 189.535249][ T7688] Illegal XDP return value 4294967294 on prog (id 92) dev N/A, expect packet loss! [ 189.627157][ T7545] erofs: (device loop0): erofs_fill_dentries: bogus dirent @ nid 46 [ 189.652978][ T7545] erofs: (device loop0): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 189.669841][ T7545] erofs: (device loop0): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 189.756864][ T5361] infiniband syz1: ib_query_port failed (-19) [ 189.769484][ T7662] infiniband syz1: set down [ 189.779867][ T7662] infiniband syz1: added syzkaller0 [ 189.819036][ T7662] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR [ 189.826166][ T7662] infiniband syz1: Couldn't open port 1 [ 189.895019][ T7662] RDS/IB: syz1: added [ 189.899589][ T7662] smc: adding ib device syz1 with port count 1 [ 189.932905][ T7662] smc: ib device syz1 port 1 has pnetid [ 190.277358][ T7662] smc: removing ib device syz1 [ 190.942690][ T5242] Bluetooth: hci2: command tx timeout [ 194.422872][ T7662] rdma_rxe: rxe_newlink: failed to add syzkaller0 [ 194.712885][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.719223][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 197.546741][ T7697] loop0: detected capacity change from 0 to 512 [ 197.570712][ T7697] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 197.601016][ T7697] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002] [ 197.609532][ T7697] System zones: 1-12 [ 197.658948][ T7697] EXT4-fs (loop0): 1 truncate cleaned up [ 197.678508][ T7697] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 197.895962][ T7545] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.908391][ T7708] syzkaller1: entered promiscuous mode [ 197.940905][ T7708] syzkaller1: entered allmulticast mode [ 198.281659][ T7724] loop1: detected capacity change from 0 to 128 [ 198.326481][ T7725] loop3: detected capacity change from 0 to 512 [ 198.349218][ T7727] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 198.415235][ T7725] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 198.448213][ T7725] ext4 filesystem being mounted at /72/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 198.668648][ T7740] input: syz0 as /devices/virtual/input/input9 [ 198.675362][ T7740] input: failed to attach handler leds to device input9, error: -6 [ 198.822628][ T6351] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.166439][ T7756] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI [ 199.179084][ T7756] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 199.187513][ T7756] CPU: 0 UID: 0 PID: 7756 Comm: syz.0.591 Not tainted 6.11.0-rc5-next-20240827-syzkaller #0 [ 199.197596][ T7756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 199.207664][ T7756] RIP: 0010:mmap_region+0xc12/0x27f0 [ 199.212968][ T7756] Code: 0f b6 44 25 00 84 c0 0f 85 b7 19 00 00 41 8b 1e bf 01 00 00 00 89 de e8 3c a8 ad ff 83 fb 01 0f 85 88 01 00 00 e8 ee a3 ad ff <41> 80 3c 24 00 74 07 31 ff e8 40 7b 16 00 48 8b 1c 25 00 00 00 00 [ 199.232589][ T7756] RSP: 0018:ffffc90009e2f800 EFLAGS: 00010287 [ 199.238670][ T7756] RAX: ffffffff81e66a72 RBX: 0000000000000001 RCX: 0000000000040000 [ 199.246633][ T7756] RDX: ffffc9000fe29000 RSI: 00000000000049ab RDI: 00000000000049ac [ 199.254597][ T7756] RBP: ffffc90009e2fc50 R08: ffffffff81e66a64 R09: 1ffffffff26f6f06 [ 199.262559][ T7756] R10: dffffc0000000000 R11: fffffbfff26f6f07 R12: dffffc0000000000 [ 199.270522][ T7756] R13: 1ffff920013c5f63 R14: ffffc90009e2fb18 R15: ffffc90009e2fae0 [ 199.278485][ T7756] FS: 00007fccc1bb46c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 [ 199.287407][ T7756] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 199.293981][ T7756] CR2: 00007facd06e52d8 CR3: 000000005f354000 CR4: 00000000003506f0 [ 199.301941][ T7756] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 199.309900][ T7756] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 199.317866][ T7756] Call Trace: [ 199.321134][ T7756] [ 199.324057][ T7756] ? __die_body+0x5f/0xb0 [ 199.328378][ T7756] ? die_addr+0xb0/0xe0 [ 199.332530][ T7756] ? exc_general_protection+0x3dd/0x5d0 [ 199.338086][ T7756] ? asm_exc_general_protection+0x26/0x30 [ 199.343799][ T7756] ? mmap_region+0xc04/0x27f0 [ 199.348463][ T7756] ? mmap_region+0xc12/0x27f0 [ 199.353126][ T7756] ? mmap_region+0xc12/0x27f0 [ 199.357797][ T7756] ? __pfx_mmap_region+0x10/0x10 [ 199.362727][ T7756] ? __pfx_lock_acquire+0x10/0x10 [ 199.367746][ T7756] ? mm_get_unmapped_area+0xa5/0xd0 [ 199.372934][ T7756] ? bpf_lsm_mmap_addr+0x9/0x10 [ 199.377773][ T7756] ? security_mmap_addr+0x6f/0x250 [ 199.382874][ T7756] ? __get_unmapped_area+0x2ed/0x350 [ 199.388148][ T7756] do_mmap+0x8f0/0x1000 [ 199.392294][ T7756] ? __pfx_do_mmap+0x10/0x10 [ 199.396888][ T7756] ? __pfx_down_write_killable+0x10/0x10 [ 199.402506][ T7756] ? common_file_perm+0x1a6/0x210 [ 199.407526][ T7756] vm_mmap_pgoff+0x1dd/0x3d0 [ 199.412106][ T7756] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 199.417206][ T7756] ? __fget_files+0x29/0x470 [ 199.421788][ T7756] ? __fget_files+0x3f3/0x470 [ 199.426455][ T7756] ? __fget_files+0x29/0x470 [ 199.431037][ T7756] ksys_mmap_pgoff+0x4eb/0x720 [ 199.435790][ T7756] ? __x64_sys_mmap+0x7f/0x140 [ 199.440543][ T7756] do_syscall_64+0xf3/0x230 [ 199.445042][ T7756] ? clear_bhb_loop+0x35/0x90 [ 199.449713][ T7756] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.455596][ T7756] RIP: 0033:0x7fccc0d79e79 [ 199.459998][ T7756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.479591][ T7756] RSP: 002b:00007fccc1bb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 199.487995][ T7756] RAX: ffffffffffffffda RBX: 00007fccc0f16058 RCX: 00007fccc0d79e79 [ 199.495953][ T7756] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000000020000000 [ 199.503911][ T7756] RBP: 00007fccc0de793e R08: 0000000000000003 R09: 0000000000000000 [ 199.511870][ T7756] R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000000 [ 199.519829][ T7756] R13: 0000000000000001 R14: 00007fccc0f16058 R15: 00007ffd73f2e8d8 [ 199.527792][ T7756] [ 199.530798][ T7756] Modules linked in: [ 199.535404][ T7756] ---[ end trace 0000000000000000 ]--- [ 199.546628][ T7756] RIP: 0010:mmap_region+0xc12/0x27f0 [ 199.552068][ T7756] Code: 0f b6 44 25 00 84 c0 0f 85 b7 19 00 00 41 8b 1e bf 01 00 00 00 89 de e8 3c a8 ad ff 83 fb 01 0f 85 88 01 00 00 e8 ee a3 ad ff <41> 80 3c 24 00 74 07 31 ff e8 40 7b 16 00 48 8b 1c 25 00 00 00 00 [ 199.612818][ T7763] netdevsim netdevsim1: Direct firmware load for  failed with error -2 [ 199.633468][ T7756] RSP: 0018:ffffc90009e2f800 EFLAGS: 00010287 [ 199.641022][ T7763] netdevsim netdevsim1: Falling back to sysfs fallback for:  [ 199.649497][ T7756] RAX: ffffffff81e66a72 RBX: 0000000000000001 RCX: 0000000000040000 [ 199.659322][ T7756] RDX: ffffc9000fe29000 RSI: 00000000000049ab RDI: 00000000000049ac [ 199.683400][ T7756] RBP: ffffc90009e2fc50 R08: ffffffff81e66a64 R09: 1ffffffff26f6f06 [ 199.691693][ T7756] R10: dffffc0000000000 R11: fffffbfff26f6f07 R12: dffffc0000000000 [ 199.709786][ T7756] R13: 1ffff920013c5f63 R14: ffffc90009e2fb18 R15: ffffc90009e2fae0 [ 199.751769][ T7756] FS: 00007fccc1bb46c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 199.764348][ T7756] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 199.771051][ T7756] CR2: 00007f08d22e52d8 CR3: 000000005f354000 CR4: 00000000003506f0 [ 199.779917][ T7756] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 199.788330][ T7756] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 199.798601][ T7756] Kernel panic - not syncing: Fatal exception [ 199.804902][ T7756] Kernel Offset: disabled [ 199.809212][ T7756] Rebooting in 86400 seconds..