last executing test programs: 5.72581484s ago: executing program 0 (id=1402): r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000240)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000380)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90) 5.565546757s ago: executing program 0 (id=1406): socket(0x10, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) sendto$inet(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0xc4382, 0x0) r2 = dup(r1) r3 = socket$alg(0x26, 0x5, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) fchmod(0xffffffffffffffff, 0x0) bind$alg(r3, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-avx2\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) sendfile(r4, r2, 0x0, 0x8a000) 5.252386928s ago: executing program 0 (id=1411): r0 = syz_io_uring_setup(0x1230, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x0, 0x400000000000003, 0x0}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='%'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 5.120413828s ago: executing program 0 (id=1413): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', 0x0}) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000010c0)={0x4, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', r1}, 0x48) 5.005878713s ago: executing program 0 (id=1417): bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x101002, 0x0) write$vga_arbiter(r1, &(0x7f0000000100)=@other={'lock', ' ', 'io'}, 0x8) preadv(r1, &(0x7f0000003300)=[{&(0x7f00000000c0)=""/4096, 0x1000}], 0x1, 0x0, 0x0) 4.346188399s ago: executing program 1 (id=1430): open$dir(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) r5 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, &(0x7f00000001c0), &(0x7f0000000100)) r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ppoll(&(0x7f0000002240)=[{r5}], 0x1, 0x0, 0x0, 0x0) 3.138112449s ago: executing program 0 (id=1437): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xfa, 0xcf, 0x1, 0x40, 0x56e, 0x4010, 0x201c, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x91, 0x55, 0xe7}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f00000002c0)={0x0, 0x0, 0x1, '$'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000180)={0x0, 0x0, 0x2, "f2ac"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000500)={0x1c, &(0x7f0000000c40)={0x0, 0x0, 0x1, '\x00'}, 0x0, 0x0}) syz_emit_vhci(0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) 1.741118449s ago: executing program 2 (id=1464): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000240)={0x1d, r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0xfea7) sendfile(r0, r2, &(0x7f0000000040), 0x10) 1.615472828s ago: executing program 2 (id=1467): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000300)) 1.553274674s ago: executing program 2 (id=1469): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000061104c00000000006200e2ffffff00009500000c00000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f0000000080)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0xffffffffffffffff}, 0x40) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @private2}}}, 0x108) syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') r1 = socket$packet(0x11, 0x3, 0x300) socket$nl_route(0x10, 0x3, 0x0) setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x1001}, 0x4) sendmmsg(r2, &(0x7f0000007fc0), 0x2d, 0x0) r3 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x12, r3, 0x0) fallocate(r3, 0x0, 0x0, 0x1000f4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a700000008000c0095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='mm_lru_insertion\x00', r4}, 0x10) r5 = getpid() process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x10, &(0x7f0000000140)={[{@norecovery}]}, 0xee, 0x468, &(0x7f00000004c0)="$eJzs3E1sVEUcAPD/e/3i01bEDxC0ikbiR0vLhxy8aDTxoImJHjCealsIUqihNRFCFD3g0ZB4Nx5NvJt40otRD8bEq94NCTFcQE9rZve9sl12S8tuWXB/v+RtZ96bZua/86Y7O7PbAHrWaHrIIrZExB8RMVzLLi8wWvtx7cq56X+unJvOolJ58++sWu7qlXPTZdHy9zbXMpVKxFBKDjWp98I7EVNzc7Oni/z44sn3xxfOnH3u+MmpY7PHZk9NHj58YP/uwUOTB9uKLy9+priu7vxofteOV9+++Pr0kYvv/vxNau+W4np9HLckRdtgtPbsNno0PTzZVmV3lF/Tw9a6E1l/68Jjt6FBrF5fRKTuGqiO/+Hoi41L14bjlU+72jhgXVUqlUqz1+fC+QrwP5ZFt1sAdEf5Qp/e/5bHbZp63BEuv1h7A5TivlYctSv9S2sHAw3vbztpNCKOnP/3y3REJ9YhAABu4vs0/3m22fwvjwfqyt1T7KGMRMS9EbEtIu6LiO0RcX9EteyDEfHQGutv3CG5cf6TX7qlwFYpzf9eKPa2ls//ytlfjPQVua3V+Aeyo8fnZvcVz8neGBhK+YkV6vjh5d8/L9MbGq7Vz//Skeov54JFOy71NyzQzUwtTrUbd+nyJxE7+5vFn0W5jZNFxI6I2HmLdRx/+utdra7dPP4VrLDPtFqVryKeqvX/+VgW//WuylruT048f2jy4PiGmJvdN17eFTf65bcLb7Sqv634OyD1/6am9//SLvBItiFi4czZE9X92oW113Hhz8/qxvSy3eUUf/5txJrv/8HsrWp6sDj34dTi4umJiMHstRvPT17/3TJflk/x793TfPxvq2vxwxGRbuLdEfFIsYmb+u6xiHg8IvasEP9PLz3xXqtrrft/hVX5Dkrxz9ys/6O+/9ee6Dvx43drj7+U+v9ANbW3OLOav3+rbWA7zx0AAADcLfLqZ+CzfGwpnedjY7XP8G+PTfnc/MLiM0fnPzg1U/us/EgM5OVK13DdeuhEsTZc5icb8vuLdeMv+jZW82PT83Mz3Q4eetzmFuM/+auv260D1l0H9tGAu5TxD73L+IfeZfxD7zL+oXc1G/8fd6EdwO3n9R96l/EPvcv4h95l/ENPavnd+Lytr/x3OVH+74Q7pT1dSmxczyoi736APZHoX+/beKjppS7/YQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiQ/wIAAP//YKPiyQ==") pselect6(0x0, 0x0, 0x0, &(0x7f0000000680)={0xff, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x3e37}, &(0x7f0000000040)={0x0, 0x3938700}, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) openat$cgroup(r6, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) r7 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r7, 0xc4c85512, &(0x7f0000000140)={{0x0, 0x2, 0x9a8, 0x0, 'syz1\x00'}}) r8 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r8, 0x4, 0x6000) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r9, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r8, &(0x7f0000000000), 0x4000}]) 1.371085282s ago: executing program 3 (id=1472): accept$inet(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$cramfs(&(0x7f0000000440), &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f00000007c0)=ANY=[], 0x1, 0x163, &(0x7f0000000980)="$eJzs0c1KG1EYBuD3zJxMAk1IS1MIXTTZNW0o5IdmV0KmNDTgOKCI4ioQRxQSIgbUpeDWRS4gC3+24gW4SdSFRCYbr0KE7ASXI2cmOug1vM9mmO/7eM/fvz+TnEDob7ezte30es5adsG26ov3w2FN1Q0AsTf9YH5UAzYgMZLGa8Z1AljfbDtaq9tWY9MaEAVgfpjV0Um+zJopuay+RXgXD1bFr11F/TlttmRQ+wKsoO2UEfH/v0rATAZ5BQDuMfAdHsxPQa0I4BGADgihtuZFg6BGPvNZAHuD/PnZ7bw7buioOoelev9HPK3nAZzAFLEbLbySiWvN2ZY9KZdKlVihqOH3nX/W/T7k//gOsCoAqfI0uOPGr58G0t/kEnAgYECtNZxeioQ6xNGT3Qn2UVUBu3oWEJlBq5mOnDZTHzXoOam6Ht5RT+R3whshIiIiIiIiIiIiIiIiIiIKPQcAAP//jfRNIQ==") fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f0000004f00)={0x2020}, 0x2020) preadv(r0, &(0x7f0000004ec0)=[{&(0x7f0000004bc0)=""/68, 0x44}], 0x1, 0x8000, 0x0) read$FUSE(r0, &(0x7f0000006f40)={0x2020}, 0x2020) socket$inet6_tcp(0xa, 0x1, 0x0) syz_mount_image$hfs(&(0x7f0000000000), &(0x7f00000004c0)='./file0\x00', 0x0, &(0x7f0000001580)={[{@codepage={'codepage', 0x3d, 'iso8859-7'}}, {@iocharset={'iocharset', 0x3d, 'macromanian'}}, {@gid}]}, 0x7, 0x34f, &(0x7f00000007c0)="$eJzs3Utr1UwcBvBnkpzb29I3b9uXgiupFlyVti4UNxYpbvwCLqRY21MojRW1ghak1bWIO0Fw6c61qB9BN+IX0FUX4ko3xYUjM5mcXDpzLr3FQ58fmMRkLv9JZpKMpQZEdGxdmvvy6uy2+iMqAHwAFwAPQB0IAPyPsfq9tfWOBfmtLYE4p9iVZnGtactah8lhhOpvAQaz++hwSCnl146pfph1/dDjoXKI7AjO8ICaGZ36eK4H9PH43IrbdbxkrrDYwQ7uY6jMcIiIqHzm+e+Zp8SgeX/3PGDCPOd3P//7S+79Zqe8OA6T123C1vPf5JBCnZ9/9SE131tZj5pL8RROXX0vmSXayrL2CZme7qqJzB+opfFlarHTsXiN5ZWoObmlC3iMi0Ym2aheLuWb7oq2Gq/GLXPTNpxtl51yDug2VFQbZhzxj7Sr0fqC/e4bnturm//YKSB14j+IT2JehHiBpfT9L3P2wsJQieOfcpeoWxnGqXKtTMP/Ty2CE8kVePs6bWXD2qd0t/JVLDaqFFF8fw+TOJ9V3bkwXJi2xK2bdrdO5xoBAqFnDdlcM61Ev6y5Rot1NZYrUXNy8Vbk6vQHyzqjE0/FVTGO73iDucz7v6dST8A9MnOjXOiUpmfk21O4GwQ6peM65ugueLOnkUnaZeuFdpF64DzBDZzH0N0HG6sLUdS8U/5GMlRae6SU+g7bXfaTBxxP3BFNd1R71DqTBnW1UQFQzL7pKNlDcY9qXmbPbymlNZ4AlgK9fDz736jopp57mTZ5Y3VBmHtePnEyyLutQt05C4dm3YkBzKbXXTjqEkHn2jdbuWpdd6R446c6u3oPrGmSqI5ggCRV5Q75qNkDK2w09lDplYerC9Ge7kTUZ9KLjrFrZQdDZVDPERHP/zLzlSl911GLMJ3/VIp5e5kBTTtmQMN6+U93M7hWsc73xIF4dfs90HbOdeoMcLpQo4ekxkfFYkMT51/5U4/ef5Qh5vAZ1/nv/0RERERERERERERERERERERERERE/abX30bYy68T5GvcPob/8QYRERERERERERERERERERERERERERER0f5kvv8L+PqLMVXb93/bfalJ8+Mvv9QP4vu/Pr//S3QU/gQAAP//NTRZJA==") 1.156092601s ago: executing program 1 (id=1474): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/212, 0xd4}, {&(0x7f0000000a00)=""/242, 0xf2}, {&(0x7f00000006c0)=""/235, 0xeb}, {&(0x7f0000000500)=""/211, 0xd3}, {&(0x7f0000000940)=""/183, 0xb7}, {&(0x7f0000000c00)=""/110, 0x6e}, {&(0x7f0000000340)=""/36, 0x24}, {&(0x7f0000002140)=""/4096, 0x1000}, {&(0x7f0000000cc0)=""/88, 0x58}], 0x9}, 0x0) recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0) 1.025877731s ago: executing program 4 (id=1475): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000600), 0xffffffffffffffff) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000800)={'syz_tun\x00', 0x0}) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000840)={0x20, r1, 0x1, 0x0, 0x0, {0x4}, [@ETHTOOL_A_FEATURES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x20}}, 0x0) 1.025242041s ago: executing program 3 (id=1476): unshare(0x600) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_add_memb(r0, 0x107, 0xc, 0x0, 0x0) 910.31426ms ago: executing program 4 (id=1477): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000240)={0x1d, r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0xfea7) sendfile(r0, r2, &(0x7f0000000040), 0x10) 909.745894ms ago: executing program 1 (id=1478): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000480), 0x208e26e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000240)={'wlan0\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="00100000", @ANYRES16=r5, @ANYBLOB="010700000000000000002000000008000300", @ANYRES32=r4], 0x1c}}, 0x0) sendfile(r2, r1, 0x0, 0x34c5) 866.753959ms ago: executing program 3 (id=1479): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@mpls_delroute={0x28, 0x19, 0x9, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfe}, [@RTA_MULTIPATH={0xc}]}, 0x28}}, 0x0) 860.16176ms ago: executing program 4 (id=1480): socket(0x10, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) sendto$inet(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0xc4382, 0x0) r2 = dup(r1) r3 = socket$alg(0x26, 0x5, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) fchmod(0xffffffffffffffff, 0x0) bind$alg(r3, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-avx2\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) sendfile(r4, r2, 0x0, 0x8a000) 795.66313ms ago: executing program 2 (id=1481): r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000800000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='contention_end\x00', r1}, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'virt_wifi0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100000000020000000000000000", @ANYRES32=r2], 0x20}}, 0x0) 674.279993ms ago: executing program 3 (id=1482): r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0}, &(0x7f00000000c0)=0x5) setuid(r1) r2 = socket$netlink(0x10, 0x3, 0x4) writev(r2, &(0x7f0000000300)=[{&(0x7f0000000000)="580000001400192340834b80040d8c5602ff820fffff5bab023a0200002058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100030c100000000000224e0000", 0x58}], 0x1) 634.457786ms ago: executing program 1 (id=1483): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x12, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x6}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r0, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000400), &(0x7f0000000440), 0x8, 0x0, 0x8, 0x8, &(0x7f0000000480)}}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000007c0)={&(0x7f0000000600)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x4c, 0x4c, 0x3, [@enum={0x0, 0x1, 0x0, 0x6, 0x4, [{}]}, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0xc}]}, @ptr={0x9, 0x0, 0x0, 0x2, 0x2}, @ptr={0x7, 0x0, 0x0, 0x2, 0x3}, @ptr={0x10, 0x0, 0x0, 0x2, 0x2}]}, {0x0, [0x0]}}, 0x0, 0x67}, 0x20) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000040), 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x4, 0x4, 0x4}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000001000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='track_foreign_dirty\x00', r2}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r1}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) splice(r4, &(0x7f0000000040), r5, 0x0, 0x808, 0x0) write$cgroup_int(r3, &(0x7f0000000100), 0x1001) 566.869535ms ago: executing program 3 (id=1484): syz_init_net_socket$ax25(0x3, 0x5, 0xcf) 520.316468ms ago: executing program 1 (id=1485): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2) r1 = memfd_create(&(0x7f00000002c0)='y\x105%\xfa,\x1f\x99\xa2\xc9\x8e\xcd\xfc\xfa\xf6\x12\x95^\xdfT\xe2=\x0e~F\xcds\xe6@\xdb\x91\xae4!\x97\x0e\x1b\x8d\x1c\xa9\xf2-T\xbc\xfe\x1ei\xbf\xb2\x8d\xe7c\xc4\xef\x89\xeb+\x82\x06I\r\xa7\as[\x06Z:\v\xe9BS\xfc)-\xe4\xff\x0e9\x98\xd4ty\xb5\x80R\x1f\tw7\xa4\x01 \xcf\x02C\xe7p\xdc\x04\xf1\xed\xa38\x98\xd9w\x9f\x120\x84\x10\xff\xa96\xc92W\xfbm\x9b3\xde\x1f\x04\x96\xb9\x84\x19:\a}2\xbd\x9a\x05\x17r\x86\xe5\x94\x7f\x9d\xae{O \xcfF(\xc0G\x15\xaf\xad\x17\xe6gbn\x15\xc3\xe7\a\xe9l\x00[8\t\x91z=\x01\x9c\x96\x19e\xa6,\xdea\x17lf\x85\x8fy\xect\x1a\xde\xa8Xb\xf3T@\xc5\xbbr9Pj\xbb\x95kp\xb3\xd6e\xf4\re\xd7\x8fG\xd2p\x82\f{\x96\xdd5l\a\xe6\x96\x1dL\x91\xd4E\x9f\xfcy\x96~\xfcwE\xb4\xab\v\xc4\xad\x93\xba6(v\xe7\xb0\x9f\v7\xfep\x95\xd2\xf1\xba)p$\a\f\xc4A\x8c\xdc\x8a\xc2\xcc\xc0\xde\x04\x10Z\xcbK\xaa\x8e\x88%H$x\x80\x0e@0x0}, 0x40) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000fc0)={@cgroup, 0xffffffffffffffff, 0xd, 0x8, 0x0, @prog_fd, r4}, 0x20) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)={r3, 0xffffffffffffffff, 0x0, 0x26, @val=@tcx={@prog_fd=r3, r4}}, 0x40) sendmsg$nl_route(r2, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=@ipv6_delroute={0x3c, 0x19, 0x0, 0x70bd2b, 0x25dfdbff, {0xa, 0x0, 0x10, 0x7, 0xfd, 0x3, 0xff, 0xa, 0x1500}, [@RTA_PRIORITY={0x8, 0x6, 0x40000}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x8}, @RTA_EXPIRES={0x8, 0x17, 0x5}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x50}, 0x1) openat2$dir(0xffffffffffffff9c, &(0x7f00000039c0)='./file0\x00', &(0x7f0000003a00)={0x80040, 0x171, 0x30}, 0x18) close_range(r2, r1, 0x2) r5 = timerfd_create(0x0, 0x0) readv(r5, &(0x7f0000000640)=[{&(0x7f0000000140)=""/168, 0xa8}], 0x1) timerfd_settime(r5, 0x3, &(0x7f0000000440)={{0x0, 0x989680}}, 0x0) clock_adjtime(0x0, &(0x7f0000000040)={0xd54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}) 432.333003ms ago: executing program 4 (id=1488): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x2, 0x6, 0x750, 0x0, 0x290, 0x0, 0x450, 0x1b0, 0x680, 0x680, 0x680, 0x680, 0x680, 0x6, 0x0, {[{{@ipv6={@mcast1, @private1, [], [], 'pimreg0\x00', 'macvtap0\x00'}, 0x0, 0x188, 0x1b0, 0x0, {0x7a00000010000000}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @local, @mcast2, @private2}}, @common=@inet=@multiport={{0x50}}]}, @HL={0x28}}, {{@ipv6={@mcast2, @dev, [], [], 'veth1_macvtap\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38}}, {{@ipv6={@ipv4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], '\x00', 'bond_slave_0\x00'}, 0x0, 0xa8, 0xd0, 0x48000000}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x1b0}}, {{@uncond, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4, @ipv4=@loopback}}}, {{@uncond, 0x0, 0x208, 0x230, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@empty, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private1, @empty, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, @mcast2, @mcast2, @private1, @empty, @loopback, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @remote, @private1, @private2, @private0]}}]}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x7b0) 373.404439ms ago: executing program 1 (id=1489): syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f0000000100)={[{@metadata_ratio={'metadata_ratio', 0x3d, 0x2}}, {@space_cache_v2}, {@compress_force}, {@nossd_spread}, {@compress_algo={'compress', 0x3d, 'zlib'}}, {@autodefrag}, {@user_subvol_rm}, {@max_inline={'max_inline', 0x3d, [0x1f, 0x67, 0x37, 0x74, 0x65, 0x36]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=") r0 = open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0) r1 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r1, 0x0) fallocate(r1, 0x0, 0x0, 0x1000f4) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020660b, &(0x7f0000006480)={0x0, 0xfffffffeffc, 0x0, 0x0, 0x1, [{}]}) 323.69853ms ago: executing program 4 (id=1490): ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, 0x0) syz_emit_ethernet(0x76, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd609606d800403a0020010000000000000000000000000001fe8000000000000000000000000000aa0300907800000000602e93030000110000000000000000000000000000000000fe"], 0x0) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x9dd}, 0x10) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000001a000100000000000000000080"], 0x1c}}, 0x0) 316.802221ms ago: executing program 2 (id=1491): open(&(0x7f0000000000)='./bus\x00', 0x20342, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x10) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 0s ago: executing program 4 (id=1492): r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='('], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): t4 filesystem being mounted at /117/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 129.875303][ T6905] loop1: detected capacity change from 0 to 256 [ 129.954234][ T6903] loop0: detected capacity change from 0 to 4096 [ 129.975336][ T6898] EXT4-fs warning (device loop2): verify_group_input:156: Last group not full [ 130.008705][ T6903] NILFS (loop0): mounting unchecked fs [ 130.014210][ T6903] NILFS (loop0): recovery required for readonly filesystem [ 130.058913][ T6903] NILFS (loop0): write access will be enabled during recovery [ 130.060116][ T5095] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 130.148639][ T6903] NILFS (loop0): invalid segment: Checksum error in segment payload [ 130.195942][ T6903] NILFS (loop0): trying rollback from an earlier position [ 130.258113][ T6903] NILFS (loop0): recovery complete [ 130.260196][ T6912] netlink: 'syz.4.585': attribute type 1 has an invalid length. [ 130.284842][ T6914] loop1: detected capacity change from 0 to 764 [ 130.395617][ T6914] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 130.407046][ T4496] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 130.540940][ T5097] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 130.550839][ T5097] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 130.559082][ T5097] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 130.567326][ T5097] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 130.576058][ T5097] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 130.696725][ T5097] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 131.687587][ T6932] loop1: detected capacity change from 0 to 256 [ 131.869024][ T5099] syz-executor (5099) used greatest stack depth: 18416 bytes left [ 131.898608][ T6910] loop2: detected capacity change from 0 to 32768 [ 131.927486][ T6910] bcachefs (/dev/loop2): error validating superblock: Invalid superblock: member info area missing [ 132.193915][ T2446] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.439952][ T2446] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.481701][ T6936] loop0: detected capacity change from 0 to 32768 [ 132.501165][ T6917] chnl_net:caif_netlink_parms(): no params data found [ 132.517551][ T6936] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.594 (6936) [ 132.552848][ T6946] loop4: detected capacity change from 0 to 4096 [ 132.580096][ T6936] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 132.592059][ T6946] NILFS (loop4): mounting unchecked fs [ 132.607092][ T6946] NILFS (loop4): recovery required for readonly filesystem [ 132.618256][ T6936] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 132.627478][ T6946] NILFS (loop4): write access will be enabled during recovery [ 132.637667][ T6936] BTRFS info (device loop0): using free-space-tree [ 132.647935][ T6946] NILFS (loop4): invalid segment: Checksum error in segment payload [ 132.678475][ T6946] NILFS (loop4): trying rollback from an earlier position [ 132.736083][ T6946] NILFS (loop4): recovery complete [ 132.742138][ T4496] Bluetooth: hci5: command tx timeout [ 132.903494][ T2446] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.219109][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.225628][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.841261][ T6936] BTRFS info (device loop0): setting incompat feature flag for SIMPLE_QUOTA (0x10000) [ 133.898678][ T2446] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.981162][ T5105] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 134.554234][ T6944] loop1: detected capacity change from 0 to 40427 [ 134.591115][ T6993] netlink: 'syz.2.608': attribute type 8 has an invalid length. [ 134.606006][ T6993] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.608'. [ 134.615234][ T6944] F2FS-fs (loop1): invalid crc value [ 134.651233][ T6944] F2FS-fs (loop1): Found nat_bits in checkpoint [ 134.686278][ T25] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 134.741769][ T6944] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 134.757954][ T29] kauditd_printk_skb: 19 callbacks suppressed [ 134.757970][ T29] audit: type=1800 audit(1854139992.905:57): pid=6944 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.596" name="file1" dev="loop1" ino=10 res=0 errno=0 [ 134.772586][ T6944] syz.1.596: attempt to access beyond end of device [ 134.772586][ T6944] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 134.809457][ T4496] Bluetooth: hci5: command tx timeout [ 134.852240][ T6944] evm: overlay not supported [ 134.896288][ T25] usb 5-1: Using ep0 maxpacket: 8 [ 134.903174][ T6944] syz.1.596: attempt to access beyond end of device [ 134.903174][ T6944] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 134.929432][ T25] usb 5-1: config 32 has an invalid interface number: 1 but max is 0 [ 134.955953][ T25] usb 5-1: config 32 has an invalid descriptor of length 0, skipping remainder of the config [ 134.995000][ T6917] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.004684][ T6917] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.012329][ T25] usb 5-1: config 32 has no interface number 0 [ 135.012746][ T6917] bridge_slave_0: entered allmulticast mode [ 135.026557][ T6917] bridge_slave_0: entered promiscuous mode [ 135.038732][ T6917] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.046340][ T6917] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.053570][ T6917] bridge_slave_1: entered allmulticast mode [ 135.062286][ T25] usb 5-1: New USB device found, idVendor=20a6, idProduct=1105, bcdDevice=c2.eb [ 135.073229][ T6917] bridge_slave_1: entered promiscuous mode [ 135.079232][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.127837][ T25] usb 5-1: Product: syz [ 135.170185][ T7001] loop2: detected capacity change from 0 to 164 [ 135.363420][ T25] usb 5-1: Manufacturer: syz [ 135.440357][ T5091] syz-executor: attempt to access beyond end of device [ 135.440357][ T5091] loop1: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 135.484717][ T25] usb 5-1: SerialNumber: syz [ 135.661604][ T5091] syz-executor: attempt to access beyond end of device [ 135.661604][ T5091] loop1: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 135.677296][ T25] usb 5-1: bad CDC descriptors [ 135.683173][ T25] option 5-1:32.1: GSM modem (1-port) converter detected [ 135.843741][ T6917] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 135.894242][ T2844] kworker/u8:10: attempt to access beyond end of device [ 135.894242][ T2844] loop1: rw=2049, sector=40960, nr_sectors = 40 limit=40427 [ 135.915700][ T25] usb 5-1: USB disconnect, device number 2 [ 135.924679][ T25] option 5-1:32.1: device disconnected [ 135.964516][ T6917] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 135.966316][ T2844] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 136.011444][ T2844] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 136.020874][ T2844] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 136.030464][ T2844] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 136.039051][ T2844] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 136.231060][ T2446] bridge_slave_1: left allmulticast mode [ 136.239919][ T2446] bridge_slave_1: left promiscuous mode [ 136.249135][ T2446] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.261070][ T2446] bridge_slave_0: left allmulticast mode [ 136.269296][ T2446] bridge_slave_0: left promiscuous mode [ 136.275162][ T2446] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.472337][ T7005] loop2: detected capacity change from 0 to 32768 [ 136.480458][ T7005] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.612 (7005) [ 136.503018][ T7005] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 136.524446][ T7005] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 136.557613][ T7005] BTRFS info (device loop2): using free-space-tree [ 136.897610][ T4496] Bluetooth: hci5: command tx timeout [ 136.917452][ T7005] BTRFS info (device loop2): setting incompat feature flag for SIMPLE_QUOTA (0x10000) [ 137.034010][ T5095] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 137.320359][ T5097] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 137.331345][ T5097] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 137.340032][ T5097] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 137.349089][ T5097] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 137.368839][ T5097] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 137.376461][ T5097] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 137.569656][ T2446] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 137.584607][ T2446] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 137.605060][ T2446] bond0 (unregistering): Released all slaves [ 137.626517][ T6917] team0: Port device team_slave_0 added [ 137.823737][ T7044] loop0: detected capacity change from 0 to 2048 [ 137.869475][ T7044] syz.0.623: attempt to access beyond end of device [ 137.869475][ T7044] loop0: rw=524288, sector=9007199254741068, nr_sectors = 2 limit=2048 [ 137.963906][ T6917] team0: Port device team_slave_1 added [ 138.209260][ T6917] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 138.232082][ T6917] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 138.305875][ T6917] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 138.344599][ T6917] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 138.362033][ T6917] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 138.407037][ T6917] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 138.419215][ T5141] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 138.696042][ T5141] usb 3-1: Using ep0 maxpacket: 32 [ 138.706741][ T5141] usb 3-1: New USB device found, idVendor=05ac, idProduct=0262, bcdDevice=a3.63 [ 138.717879][ T5141] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.950834][ T5141] usb 3-1: Product: syz [ 138.955057][ T5141] usb 3-1: Manufacturer: syz [ 138.966663][ T4496] Bluetooth: hci5: command tx timeout [ 138.978058][ T7047] loop4: detected capacity change from 0 to 1024 [ 139.054990][ T5141] usb 3-1: SerialNumber: syz [ 139.158858][ T5141] usb 3-1: config 0 descriptor?? [ 139.205152][ T5141] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input7 [ 139.346736][ T6917] hsr_slave_0: entered promiscuous mode [ 139.457527][ T4496] Bluetooth: hci0: command tx timeout [ 139.470962][ T4535] bcm5974 3-1:0.0: could not read from device [ 139.496484][ T6917] hsr_slave_1: entered promiscuous mode [ 139.519626][ T12] hfsplus: b-tree write err: -5, ino 4 [ 139.530145][ T4535] bcm5974 3-1:0.0: could not read from device [ 139.537549][ T6917] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 139.546856][ T5141] usb 3-1: USB disconnect, device number 4 [ 139.552184][ T6917] Cannot create hsr debugfs directory [ 139.829488][ T2446] hsr_slave_0: left promiscuous mode [ 139.866171][ T2446] hsr_slave_1: left promiscuous mode [ 139.911512][ T2446] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 139.937610][ T2446] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 139.980467][ T2446] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 140.006536][ T2446] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 140.074734][ T2446] veth1_macvtap: left promiscuous mode [ 140.113159][ T2446] veth0_macvtap: left promiscuous mode [ 140.126661][ T2446] veth1_vlan: left promiscuous mode [ 140.133212][ T2446] veth0_vlan: left promiscuous mode [ 140.680697][ T7071] loop4: detected capacity change from 0 to 32768 [ 140.734328][ T7092] loop0: detected capacity change from 0 to 4096 [ 140.748405][ T7092] ntfs3: Bad value for 'gid' [ 141.298355][ T7098] loop0: detected capacity change from 0 to 1024 [ 141.337345][ T7098] EXT4-fs: Ignoring removed nomblk_io_submit option [ 141.358800][ T7098] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 141.368181][ T7098] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 141.466940][ T7098] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #11: comm syz.0.637: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 141.526200][ T4496] Bluetooth: hci0: command tx timeout [ 141.595497][ T7098] EXT4-fs error (device loop0): ext4_orphan_get:1399: comm syz.0.637: couldn't read orphan inode 11 (err -117) [ 141.623507][ T7098] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 141.830442][ T7098] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.637: Invalid block bitmap block 0 in block_group 0 [ 141.994204][ T7098] Quota error (device loop0): write_blk: dquota write failed [ 142.045801][ T7098] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 142.085005][ T7098] EXT4-fs error (device loop0): ext4_acquire_dquot:6862: comm syz.0.637: Failed to acquire dquot type 0 [ 142.157727][ T7115] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 142.316218][ T2446] team0 (unregistering): Port device team_slave_1 removed [ 142.485181][ T2446] team0 (unregistering): Port device team_slave_0 removed [ 142.848716][ T7129] input: syz0 as /devices/virtual/input/input8 [ 143.109810][ T7106] netlink: 'syz.0.637': attribute type 10 has an invalid length. [ 143.141906][ T7106] team0: Device ipvlan1 failed to register rx_handler [ 143.245428][ T5105] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.618378][ T4496] Bluetooth: hci0: command tx timeout [ 143.870062][ T7140] netlink: 576 bytes leftover after parsing attributes in process `syz.4.652'. [ 144.162200][ T7036] chnl_net:caif_netlink_parms(): no params data found [ 144.377507][ T7165] netlink: 'syz.2.658': attribute type 1 has an invalid length. [ 144.406431][ T7165] netlink: 112860 bytes leftover after parsing attributes in process `syz.2.658'. [ 144.432881][ T7165] netlink: 1 bytes leftover after parsing attributes in process `syz.2.658'. [ 144.483273][ T2446] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.571746][ T7142] loop0: detected capacity change from 0 to 40427 [ 144.591601][ T7142] F2FS-fs (loop0): invalid crc value [ 144.631756][ T7142] F2FS-fs (loop0): Found nat_bits in checkpoint [ 144.752268][ T2446] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.795004][ T7142] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 144.809743][ T7036] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.831058][ T7036] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.847440][ T7036] bridge_slave_0: entered allmulticast mode [ 144.865721][ T7036] bridge_slave_0: entered promiscuous mode [ 144.897458][ T5105] syz-executor: attempt to access beyond end of device [ 144.897458][ T5105] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 144.921279][ T5105] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 145.020595][ T2446] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.080608][ T7036] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.096010][ T7036] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.113543][ T7036] bridge_slave_1: entered allmulticast mode [ 145.138108][ T7036] bridge_slave_1: entered promiscuous mode [ 145.299225][ T7183] loop2: detected capacity change from 0 to 2048 [ 145.385297][ T2446] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.498748][ T7036] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 145.560595][ T7190] netlink: 576 bytes leftover after parsing attributes in process `syz.4.664'. [ 145.574977][ T7036] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 145.685952][ T4496] Bluetooth: hci0: command tx timeout [ 145.790851][ T7036] team0: Port device team_slave_0 added [ 145.881615][ T6917] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 145.922569][ T7036] team0: Port device team_slave_1 added [ 146.014461][ T6917] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 146.178111][ T6917] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 146.228568][ T7036] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 146.235627][ T7036] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 146.261585][ C1] vkms_vblank_simulate: vblank timer overrun [ 146.303993][ T7036] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 146.327271][ T7036] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 146.334254][ T7036] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 146.360174][ C1] vkms_vblank_simulate: vblank timer overrun [ 146.447787][ T7036] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 146.482604][ T6917] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 146.528368][ T7226] netlink: 576 bytes leftover after parsing attributes in process `syz.0.674'. [ 146.754284][ T2446] bridge_slave_1: left allmulticast mode [ 146.778027][ T2446] bridge_slave_1: left promiscuous mode [ 146.784290][ T2446] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.804036][ T5238] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz0] on syz1 [ 146.817326][ T2446] bridge_slave_0: left allmulticast mode [ 146.829444][ T2446] bridge_slave_0: left promiscuous mode [ 146.842320][ T2446] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.650473][ T2446] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 147.661267][ T2446] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 147.671879][ T2446] bond0 (unregistering): Released all slaves [ 147.699770][ T7272] bridge0: entered promiscuous mode [ 147.725290][ T7036] hsr_slave_0: entered promiscuous mode [ 147.774266][ T7036] hsr_slave_1: entered promiscuous mode [ 147.804573][ T7036] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 147.837690][ T7036] Cannot create hsr debugfs directory [ 147.892332][ T7271] bridge0: left promiscuous mode [ 148.257578][ T7291] loop0: detected capacity change from 0 to 4096 [ 148.313516][ T7291] ntfs3: loop0: Failed to load $MFT (-22). [ 148.405308][ T2446] hsr_slave_0: left promiscuous mode [ 148.428218][ T2446] hsr_slave_1: left promiscuous mode [ 148.467239][ T2446] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 148.491636][ T2446] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 148.534226][ T2446] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 148.542967][ T2446] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 148.582723][ T7298] xt_hashlimit: max too large, truncated to 1048576 [ 148.599187][ T2446] veth1_macvtap: left promiscuous mode [ 148.601642][ T7298] xt_hashlimit: overflow, try lower: 0/0 [ 148.608065][ T7300] loop0: detected capacity change from 0 to 1024 [ 148.618253][ T2446] veth0_macvtap: left promiscuous mode [ 148.623992][ T2446] veth1_vlan: left promiscuous mode [ 148.630955][ T2446] veth0_vlan: left promiscuous mode [ 149.745450][ T7329] loop0: detected capacity change from 0 to 1024 [ 149.776445][ T7329] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 149.837224][ T7329] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 149.972070][ T2446] team0 (unregistering): Port device team_slave_1 removed [ 150.051038][ T2446] team0 (unregistering): Port device team_slave_0 removed [ 151.031117][ T7306] bridge0: entered promiscuous mode [ 151.039434][ T7306] bridge0: left promiscuous mode [ 151.071576][ T7326] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR [ 151.124300][ T5174] usb 5-1: new low-speed USB device number 3 using dummy_hcd [ 151.215185][ T5105] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 151.259658][ T6917] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.372550][ T5174] usb 5-1: config 1 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 64, setting to 8 [ 151.412125][ T5174] usb 5-1: config 1 interface 0 altsetting 2 endpoint 0x2 has invalid maxpacket 1023, setting to 8 [ 151.443131][ T5174] usb 5-1: config 1 interface 0 has no altsetting 0 [ 151.477000][ T6917] 8021q: adding VLAN 0 to HW filter on device team0 [ 151.487496][ T5174] usb 5-1: New USB device found, idVendor=056a, idProduct=005b, bcdDevice= 0.40 [ 151.514959][ T5174] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.538460][ T5141] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.545756][ T5141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.553365][ T5174] usb 5-1: Product: ဉ [ 151.564168][ T5174] usb 5-1: Manufacturer: 輘⦙須젢퀫떻싏ઘꃠ뫡̅㰴賰Ȉﶆ︐蟷䠓疼ㅴ싰뵛充謣讶炑ꤏ䰣鋞Ḳ厠Ӵ埏ᾈ뇜ᨛ褮韊푓捱삁붰Ⅸ䗫Ԃູՠ饱챳龠寙ꚴ翣䛳擲첒潉歓장爼塃辡຋耬谇墑欵 [ 151.566384][ T7350] netlink: 216 bytes leftover after parsing attributes in process `syz.0.711'. [ 151.614624][ T5174] usb 5-1: SerialNumber: 咙艅翍쯨잂ৈꅬ腕䭏餮ᷝ⁹燍̀鵉莡傲粧귓鵿팋ﲅ⇗⵨⦫矊渖塟ꗔꔪ㴰ལ꧴໠所᜼ⴱ뿣긣뵁渭徂췟䵕䲦莢홴捴써壯祦⥥베ᐁꏊᨺ૞훦뙙䕲꾑﷙ﳕᗟ⡋䟼笤籺嗗续甦翯遛렱撚ᔫ燛⧅⿪㟛짽㆟伪ꊆ焭㶍⑙ﺣХ⌂쯁ꄥƅ䄗ז [ 151.693269][ T7335] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 151.701237][ T7335] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 151.709437][ T5141] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.716672][ T5141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 151.911143][ T6917] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 151.945425][ T6917] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 152.310752][ T7036] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 152.342982][ T7036] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 152.370695][ T7036] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 152.391027][ T7036] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 152.519406][ T6917] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 152.624885][ T7036] 8021q: adding VLAN 0 to HW filter on device bond0 [ 152.630567][ T7355] loop2: detected capacity change from 0 to 32768 [ 152.649949][ T7355] bcachefs (/dev/loop2): error validating superblock: Invalid superblock: optional field with size 0 (type 1) [ 152.711888][ T7036] 8021q: adding VLAN 0 to HW filter on device team0 [ 152.758566][ T6917] veth0_vlan: entered promiscuous mode [ 152.779752][ T1146] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.787482][ T1146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 152.803211][ T6917] veth1_vlan: entered promiscuous mode [ 152.836372][ T1146] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.843609][ T1146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 152.988666][ T6917] veth0_macvtap: entered promiscuous mode [ 153.004804][ T6917] veth1_macvtap: entered promiscuous mode [ 153.115180][ T5174] usbhid 5-1:1.0: can't add hid device: -71 [ 153.131985][ T6917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.151237][ T5174] usbhid 5-1:1.0: probe with driver usbhid failed with error -71 [ 153.184164][ T5174] usb 5-1: USB disconnect, device number 3 [ 153.276004][ T6917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.286702][ T6917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.297342][ T6917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.307293][ T6917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.320019][ T6917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.338805][ T6917] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 153.349169][ T6917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.367916][ T6917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.378149][ T6917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.389004][ T6917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.399165][ T6917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.409933][ T6917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.422331][ T6917] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 153.451333][ T6917] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.476012][ T6917] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.484843][ T6917] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.506007][ T6917] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.608559][ T7036] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 153.732766][ T1275] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 153.750222][ T1275] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 153.764217][ T7036] veth0_vlan: entered promiscuous mode [ 153.813588][ T7036] veth1_vlan: entered promiscuous mode [ 153.828302][ T1275] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 153.841709][ T1275] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 153.903734][ T7036] veth0_macvtap: entered promiscuous mode [ 153.923663][ T7036] veth1_macvtap: entered promiscuous mode [ 153.970829][ T7036] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.984787][ T7036] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.999639][ T7036] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.017682][ T7036] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.033244][ T7036] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.045601][ T7036] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.056459][ T7036] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.068373][ T7036] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.080413][ T7036] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 154.089681][ T7401] tipc: Enabling of bearer rejected, failed to enable media [ 154.106168][ T7036] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.116818][ T7036] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.132341][ T7036] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.144280][ T7036] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.155219][ T7036] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.165747][ T7036] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.175797][ T7036] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.187317][ T7036] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.198630][ T7036] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 154.216679][ T7036] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.225383][ T7036] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.235020][ T7036] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.244407][ T7036] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.321800][ T2844] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 154.334366][ T2844] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 154.363790][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 154.372591][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 160.987425][ T7412] netlink: 4 bytes leftover after parsing attributes in process `syz.3.716'. [ 161.009081][ T7413] loop4: detected capacity change from 0 to 1024 [ 161.100384][ T7413] hfsplus: filesystem is marked journaled, leaving read-only. [ 161.123866][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.184293][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.213058][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.231493][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.245275][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.273934][ T29] audit: type=1326 audit(1854140019.415:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7427 comm="syz.3.720" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48ea775f19 code=0x7ffc0000 [ 161.286037][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.320792][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.344181][ T29] audit: type=1326 audit(1854140019.415:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7427 comm="syz.3.720" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48ea775f19 code=0x7ffc0000 [ 161.346252][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.423275][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.430888][ T29] audit: type=1326 audit(1854140019.485:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7427 comm="syz.3.720" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f48ea775f19 code=0x7ffc0000 [ 161.441545][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.468030][ T5239] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 161.474829][ T7433] loop2: detected capacity change from 0 to 16 [ 161.482567][ T29] audit: type=1326 audit(1854140019.485:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7427 comm="syz.3.720" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48ea775f19 code=0x7ffc0000 [ 161.501160][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.506214][ T7433] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 161.535077][ T29] audit: type=1326 audit(1854140019.485:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7427 comm="syz.3.720" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f48ea775f19 code=0x7ffc0000 [ 161.542996][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.578712][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.592309][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.596090][ T29] audit: type=1326 audit(1854140019.485:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7427 comm="syz.3.720" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48ea775f19 code=0x7ffc0000 [ 161.600037][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.656176][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.656351][ T29] audit: type=1326 audit(1854140019.485:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7427 comm="syz.3.720" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f48ea76cf67 code=0x7ffc0000 [ 161.664631][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.693593][ T29] audit: type=1326 audit(1854140019.485:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7427 comm="syz.3.720" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f48ea711909 code=0x7ffc0000 [ 161.724871][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.729137][ T29] audit: type=1326 audit(1854140019.485:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7427 comm="syz.3.720" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f48ea76cf67 code=0x7ffc0000 [ 161.743668][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.785061][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.791608][ T29] audit: type=1326 audit(1854140019.485:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7427 comm="syz.3.720" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f48ea711909 code=0x7ffc0000 [ 161.807748][ T7439] loop4: detected capacity change from 0 to 512 [ 161.841354][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.856281][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.864968][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.874798][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.876879][ T7439] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 161.885788][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.902363][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.910034][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.917638][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.925113][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.933754][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.942553][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.950133][ T5238] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 161.959363][ T7439] ext4 filesystem being mounted at /153/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 161.970986][ T5238] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz0 [ 161.992340][ T7425] udevd[7425]: failed to send result of seq 12347 to main daemon: Connection refused [ 162.153489][ T7448]  [ 162.313299][ T7450] loop0: detected capacity change from 0 to 64 [ 162.334668][ T5102] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 162.570891][ T7451] loop2: detected capacity change from 0 to 1024 [ 162.576143][ T7460] Cannot find del_set index 0 as target [ 162.764406][ T7468] loop4: detected capacity change from 0 to 16 [ 162.796692][ T7468] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 162.932744][ T7471] vlan2: entered promiscuous mode [ 162.969293][ T7471] bridge0: port 3(vlan2) entered blocking state [ 162.975732][ T7471] bridge0: port 3(vlan2) entered disabled state [ 163.013756][ T7471] vlan2: entered allmulticast mode [ 163.040581][ T35] hfsplus: b-tree write err: -5, ino 4 [ 163.228189][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.244425][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.265465][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.284617][ T7494] loop3: detected capacity change from 0 to 16 [ 163.288294][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.308057][ T7494] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 163.312161][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.323919][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.337887][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.345423][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.345454][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.345475][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.376465][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.383906][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.400223][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.412249][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.437746][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.445200][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.460176][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.472957][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.483599][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.492424][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.505144][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.513942][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.526435][ T1146] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 163.550183][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.570236][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.586209][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.604093][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.622090][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.641335][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.645326][ T7502] loop0: detected capacity change from 0 to 64 [ 163.659670][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.677298][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.703744][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.718344][ T5144] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 163.730533][ T1146] usb 5-1: config 0 has no interfaces? [ 163.736239][ T1146] usb 5-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 163.753929][ T1146] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.764851][ T5144] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz0] on syz0 [ 163.780130][ T1146] usb 5-1: config 0 descriptor?? [ 164.045117][ T7506] loop1: detected capacity change from 0 to 512 [ 165.009297][ T7512] syz.2.751[7512] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 165.009457][ T7512] syz.2.751[7512] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 165.158374][ T7514] vlan2: entered promiscuous mode [ 165.195545][ T5239] usb 5-1: USB disconnect, device number 4 [ 165.201982][ T7514] bridge0: port 3(vlan2) entered blocking state [ 165.220992][ T7514] bridge0: port 3(vlan2) entered disabled state [ 165.229008][ T7514] vlan2: entered allmulticast mode [ 165.463328][ T7529] loop2: detected capacity change from 0 to 16 [ 165.495575][ T7529] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 165.640752][ T7533] netlink: 4 bytes leftover after parsing attributes in process `syz.0.761'. [ 165.690124][ T7534] loop1: detected capacity change from 0 to 512 [ 165.730146][ T7534] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 165.786178][ T7534] ext4 filesystem being mounted at /9/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 166.340394][ T5097] Bluetooth: hci0: command 0x0405 tx timeout [ 166.774044][ T7036] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 167.016664][ T59] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 167.027628][ T7566] loop2: detected capacity change from 0 to 16 [ 167.061921][ T7566] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 167.071985][ T7567] bridge: RTM_NEWNEIGH with invalid ether address [ 167.952725][ T59] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 168.034816][ T59] usb 1-1: New USB device found, idVendor=1799, idProduct=011b, bcdDevice=ba.b6 [ 168.061448][ T59] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.072845][ T59] usb 1-1: Product: syz [ 168.083986][ T59] usb 1-1: Manufacturer: syz [ 168.088802][ T59] usb 1-1: SerialNumber: syz [ 168.094736][ T59] usb 1-1: config 0 descriptor?? [ 168.102673][ T59] rndis_host 1-1:0.0: invalid descriptor buffer length [ 168.114674][ T59] usb 1-1: bad CDC descriptors [ 168.157250][ T7581] loop4: detected capacity change from 0 to 128 [ 168.186705][ T7581] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (16076!=39978) [ 168.214044][ T7562] loop3: detected capacity change from 0 to 512 [ 168.223344][ T7581] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none. [ 168.359826][ T29] kauditd_printk_skb: 72 callbacks suppressed [ 168.359844][ T29] audit: type=1326 audit(1854140026.505:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7582 comm="syz.1.779" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9692975f19 code=0x0 [ 169.156629][ T7581] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:517: comm syz.4.778: Block bitmap for bg 0 marked uninitialized [ 169.174992][ T7562] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 169.190897][ T7562] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 169.239306][ T5144] usb 1-1: USB disconnect, device number 4 [ 169.279524][ T5102] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 169.363158][ T7562] EXT4-fs error (device loop3): ext4_do_update_inode:5149: inode #2: comm syz.3.772: corrupted inode contents [ 169.395014][ T7562] EXT4-fs error (device loop3): ext4_dirty_inode:6009: inode #2: comm syz.3.772: mark_inode_dirty error [ 169.436709][ T7562] EXT4-fs error (device loop3): ext4_do_update_inode:5149: inode #2: comm syz.3.772: corrupted inode contents [ 169.462208][ T7562] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz.3.772: mark_inode_dirty error [ 172.461973][ T6917] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.606793][ T7615] capability: warning: `syz.2.790' uses 32-bit capabilities (legacy support in use) [ 172.628020][ T7618] Cannot find del_set index 0 as target [ 172.645040][ T7617] warning: `syz.4.786' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 172.801116][ T7623] loop0: detected capacity change from 0 to 2048 [ 172.835482][ T7623] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 174.761129][ T7619] UDF-fs: warning (device loop0): udf_truncate_tail_extent: Too long extent after EOF in inode 1367: i_size: 4096 lbcount: 8192 extent 65+4096 [ 175.016092][ T1146] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 175.104452][ T7657] netlink: 8 bytes leftover after parsing attributes in process `syz.4.803'. [ 175.227994][ T7666] dccp_invalid_packet: P.Data Offset(100) too large [ 175.247292][ T1146] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 175.259373][ T7667] loop1: detected capacity change from 0 to 512 [ 175.281244][ T1146] usb 3-1: New USB device found, idVendor=1799, idProduct=011b, bcdDevice=ba.b6 [ 175.289692][ T7667] EXT4-fs: Ignoring removed nobh option [ 175.295928][ T1146] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.295957][ T1146] usb 3-1: Product: syz [ 175.295974][ T1146] usb 3-1: Manufacturer: syz [ 175.295989][ T1146] usb 3-1: SerialNumber: syz [ 175.300496][ T1146] usb 3-1: config 0 descriptor?? [ 175.327346][ T7667] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 175.369224][ T1146] rndis_host 3-1:0.0: invalid descriptor buffer length [ 175.391604][ T1146] usb 3-1: bad CDC descriptors [ 175.616397][ T1146] usb 3-1: USB disconnect, device number 5 [ 176.026268][ T7687] trusted_key: syz.1.811 sent an empty control message without MSG_MORE. [ 176.293242][ T7653] loop3: detected capacity change from 0 to 32768 [ 176.332206][ T7653] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 176.357128][ T5097] Bluetooth: hci1: command 0x0406 tx timeout [ 176.357156][ T5107] Bluetooth: hci3: command 0x0406 tx timeout [ 176.385605][ T7701] loop1: detected capacity change from 0 to 512 [ 176.458989][ T7701] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 176.477063][ T7701] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2 [ 176.490165][ T7701] EXT4-fs error (device loop1): ext4_orphan_get:1420: comm syz.1.814: bad orphan inode 13 [ 176.511676][ T29] audit: type=1326 audit(1854140034.655:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7702 comm="syz.4.815" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd88ad75f19 code=0x0 [ 176.517012][ T7701] EXT4-fs (loop1): Remounting filesystem read-only [ 176.542274][ T7701] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 176.623315][ T7036] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.661485][ T7653] XFS (loop3): Ending clean mount [ 176.699559][ T7712] dccp_invalid_packet: P.Data Offset(100) too large [ 176.942490][ T6917] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 177.364548][ T5239] kernel write not supported for file bpf-prog (pid: 5239 comm: kworker/1:6) [ 177.537664][ T7747] loop3: detected capacity change from 0 to 128 [ 177.547937][ T7745] loop2: detected capacity change from 0 to 512 [ 177.563793][ T7747] EXT4-fs (loop3): Test dummy encryption mode enabled [ 177.573128][ T7747] EXT4-fs (loop3): Encoding requested by superblock is unknown [ 177.615443][ T7745] EXT4-fs error (device loop2): ext4_get_branch:178: inode #13: block 1024: comm syz.2.830: invalid block [ 177.681767][ T7745] EXT4-fs (loop2): Remounting filesystem read-only [ 177.715172][ T7745] EXT4-fs (loop2): 1 truncate cleaned up [ 177.725808][ T7745] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 177.900379][ T5095] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.957085][ T7766] netlink: 'syz.2.842': attribute type 10 has an invalid length. [ 178.215426][ T7775] netlink: 8 bytes leftover after parsing attributes in process `syz.2.846'. [ 178.273646][ T7768] loop3: detected capacity change from 0 to 2048 [ 178.340786][ T7779] loop2: detected capacity change from 0 to 128 [ 178.357830][ T7779] EXT4-fs (loop2): Test dummy encryption mode enabled [ 178.364873][ T7779] EXT4-fs (loop2): Encoding requested by superblock is unknown [ 179.612197][ T7799] dccp_invalid_packet: P.Data Offset(100) too large [ 179.641083][ T5104] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 179.766548][ T5239] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 179.944790][ T7814] netlink: 28 bytes leftover after parsing attributes in process `syz.0.861'. [ 179.978391][ T5239] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 179.998338][ T5239] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 180.020458][ T5239] usb 2-1: config 1 has no interface number 1 [ 180.028577][ T5239] usb 2-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 180.044285][ T5239] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 180.068301][ T5239] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 180.083325][ T5239] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.097461][ T5239] usb 2-1: Product: syz [ 180.108583][ T5239] usb 2-1: Manufacturer: syz [ 180.118504][ T5239] usb 2-1: SerialNumber: syz [ 182.427598][ T5239] usb 2-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 182.461886][ T5239] usb 2-1: USB disconnect, device number 8 [ 182.654676][ T25] kernel write not supported for file bpf-prog (pid: 25 comm: kworker/1:0) [ 183.492692][ T7860] loop0: detected capacity change from 0 to 2048 [ 183.503968][ T7860] NILFS (loop0): invalid segment: Inconsistency found [ 183.511045][ T7860] NILFS (loop0): trying rollback from an earlier position [ 183.538437][ T7860] NILFS (loop0): recovery complete [ 183.544985][ T7863] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 183.846137][ T25] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 184.039601][ T25] usb 1-1: unable to get BOS descriptor or descriptor too short [ 184.054964][ T25] usb 1-1: not running at top speed; connect to a high speed hub [ 184.064702][ T25] usb 1-1: config 243 has too many interfaces: 239, using maximum allowed: 32 [ 184.076267][ T25] usb 1-1: config 243 contains an unexpected descriptor of type 0x1, skipping [ 184.095503][ T25] usb 1-1: config 243 has an invalid descriptor of length 1, skipping remainder of the config [ 184.113793][ T25] usb 1-1: config 243 has 0 interfaces, different from the descriptor's value: 239 [ 184.127964][ T25] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 184.138745][ T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.147116][ T25] usb 1-1: Product: syz [ 184.151590][ T25] usb 1-1: Manufacturer: syz [ 184.157605][ T25] usb 1-1: SerialNumber: syz [ 185.100441][ T25] usb 1-1: USB disconnect, device number 5 [ 185.175188][ T7896] binder: 7895:7896 ioctl 894b 20000380 returned -22 [ 186.713865][ T7916] rdma_op ffff88802df161f0 conn xmit_rdma 0000000000000000 [ 187.950935][ T7930] binder: 7929:7930 ioctl 894b 20000380 returned -22 [ 188.089427][ T7932] loop0: detected capacity change from 0 to 8192 [ 188.156659][ T7932] loop0: p1 p2 p3 p4 [ 188.160714][ T7932] loop0: partition table partially beyond EOD, truncated [ 188.180244][ T29] audit: type=1326 audit(1854140046.325:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7933 comm="syz.3.906" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f48ea775f19 code=0x0 [ 188.186965][ T7932] loop0: p1 start 51379968 is beyond EOD, truncated [ 188.242071][ T7932] loop0: p3 size 100663552 extends beyond EOD, truncated [ 188.245203][ T7939] netlink: 'syz.0.907': attribute type 1 has an invalid length. [ 188.276113][ T7939] netlink: 244 bytes leftover after parsing attributes in process `syz.0.907'. [ 188.304288][ T7932] loop0: p4 size 50348032 extends beyond EOD, truncated [ 188.323428][ T7939] NCSI netlink: No device for ifindex 0 [ 188.509782][ T7942] block nbd1: shutting down sockets [ 188.569182][ T5104] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 188.589392][ T5104] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 188.606579][ T5104] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 188.634055][ T29] audit: type=1326 audit(1854140046.775:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7941 comm="syz.1.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9692975f19 code=0x7ffc0000 [ 188.643705][ T5104] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 188.662956][ T29] audit: type=1326 audit(1854140046.775:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7941 comm="syz.1.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9692975f19 code=0x7ffc0000 [ 188.667599][ T5104] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 188.699364][ T5104] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 188.702093][ T29] audit: type=1326 audit(1854140046.775:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7941 comm="syz.1.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7f9692975f19 code=0x7ffc0000 [ 188.731399][ T29] audit: type=1326 audit(1854140046.775:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7941 comm="syz.1.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9692975f19 code=0x7ffc0000 [ 188.771980][ T29] audit: type=1326 audit(1854140046.775:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7941 comm="syz.1.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9692975f19 code=0x7ffc0000 [ 188.808555][ T29] audit: type=1326 audit(1854140046.785:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7941 comm="syz.1.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9692975f19 code=0x7ffc0000 [ 188.831159][ T29] audit: type=1326 audit(1854140046.785:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7941 comm="syz.1.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9692975f19 code=0x7ffc0000 [ 188.879541][ T29] audit: type=1326 audit(1854140046.785:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7941 comm="syz.1.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9692975f19 code=0x7ffc0000 [ 188.943972][ T29] audit: type=1326 audit(1854140046.785:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7941 comm="syz.1.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f9692975f19 code=0x7ffc0000 [ 188.946810][ T7955] rdma_op ffff888064fb99f0 conn xmit_rdma 0000000000000000 [ 188.997577][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.137396][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.300823][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.408318][ T7945] chnl_net:caif_netlink_parms(): no params data found [ 189.629733][ T7972] loop1: detected capacity change from 0 to 164 [ 190.451768][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.631209][ T7983] rdma_op ffff8880237e39f0 conn xmit_rdma 0000000000000000 [ 190.725988][ T4496] Bluetooth: hci2: command tx timeout [ 190.798257][ T7945] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.805512][ T7945] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.819047][ T7945] bridge_slave_0: entered allmulticast mode [ 190.820772][ T5104] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 190.826302][ T7945] bridge_slave_0: entered promiscuous mode [ 190.840665][ T5104] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 190.843575][ T7945] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.855018][ T7945] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.855130][ T5104] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 190.862332][ T7945] bridge_slave_1: entered allmulticast mode [ 190.863568][ T7945] bridge_slave_1: entered promiscuous mode [ 190.884340][ T5104] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 190.895438][ T5104] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 190.902604][ T5239] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 190.910620][ T5104] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 190.991604][ T7945] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 191.009117][ T7998] loop0: detected capacity change from 0 to 1024 [ 191.028827][ T7945] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 191.057207][ T7999] block nbd3: shutting down sockets [ 191.125189][ T12] bridge_slave_1: left allmulticast mode [ 191.137983][ T12] bridge_slave_1: left promiscuous mode [ 191.144014][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.177837][ T12] bridge_slave_0: left allmulticast mode [ 191.191248][ T12] bridge_slave_0: left promiscuous mode [ 191.198345][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.280248][ T5239] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 191.289422][ T5239] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 191.310682][ T5239] usb 2-1: config 1 has no interface number 1 [ 191.326698][ T5239] usb 2-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 191.336033][ T5239] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 191.393532][ T8002] ipt_rpfilter: unknown options [ 191.433003][ T5239] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 191.525055][ T5239] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.642373][ T5239] usb 2-1: Product: syz [ 191.684638][ T5239] usb 2-1: Manufacturer: syz [ 191.750092][ T5239] usb 2-1: SerialNumber: syz [ 192.061885][ T2844] hfsplus: b-tree write err: -5, ino 4 [ 192.193651][ T8008] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.932'. [ 192.203734][ T8008] openvswitch: netlink: Key type 29 is not supported [ 192.257606][ T8010] rdma_op ffff888024ffa9f0 conn xmit_rdma 0000000000000000 [ 192.520278][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 192.531740][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 192.548575][ T12] bond0 (unregistering): Released all slaves [ 192.668280][ T5239] usb 2-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 192.731602][ T7945] team0: Port device team_slave_0 added [ 192.740335][ T5239] usb 2-1: USB disconnect, device number 9 [ 192.755323][ T7945] team0: Port device team_slave_1 added [ 192.806060][ T5104] Bluetooth: hci2: command tx timeout [ 192.917978][ T8023] loop3: detected capacity change from 0 to 2048 [ 192.925215][ T8023] udf: Bad value for 'session' [ 192.947782][ T8025] loop0: detected capacity change from 0 to 64 [ 192.958994][ T8023] fuse: blksize only supported for fuseblk [ 192.965450][ T7945] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 192.972615][ T5104] Bluetooth: hci3: command tx timeout [ 192.980249][ T7945] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 193.027574][ T7945] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 193.052095][ T8028] 9pnet_fd: Insufficient options for proto=fd [ 193.103124][ T7945] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 193.110346][ T7945] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 193.139811][ T7945] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 193.223812][ T12] hsr_slave_0: left promiscuous mode [ 193.233216][ T12] hsr_slave_1: left promiscuous mode [ 193.249708][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 193.258801][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 193.271094][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 193.272692][ T8032] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.941'. [ 193.288673][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 193.308341][ T8032] openvswitch: netlink: Key type 29 is not supported [ 193.337378][ T12] veth1_macvtap: left promiscuous mode [ 193.344146][ T12] veth0_macvtap: left promiscuous mode [ 193.373923][ T12] veth1_vlan: left promiscuous mode [ 193.379932][ T12] veth0_vlan: left promiscuous mode [ 193.439574][ T8035] rdma_op ffff88806398b9f0 conn xmit_rdma 0000000000000000 [ 194.030447][ T12] team0 (unregistering): Port device team_slave_1 removed [ 194.075353][ T12] team0 (unregistering): Port device team_slave_0 removed [ 194.585759][ T8054] loop0: detected capacity change from 0 to 256 [ 194.619658][ T8055] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.952'. [ 194.631230][ T8055] openvswitch: netlink: Key type 29 is not supported [ 194.651782][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.658229][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.742839][ T8060] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 194.744974][ T7945] hsr_slave_0: entered promiscuous mode [ 194.759451][ T7945] hsr_slave_1: entered promiscuous mode [ 194.765776][ T7945] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 194.773554][ T7945] Cannot create hsr debugfs directory [ 194.890954][ T5104] Bluetooth: hci2: command tx timeout [ 194.962423][ T7989] chnl_net:caif_netlink_parms(): no params data found [ 195.045937][ T5104] Bluetooth: hci3: command tx timeout [ 195.084515][ T29] kauditd_printk_skb: 278 callbacks suppressed [ 195.084531][ T29] audit: type=1326 audit(1854140053.225:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8074 comm="syz.1.961" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9692975f19 code=0x0 [ 195.972178][ T7989] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.996384][ T7989] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.027801][ T7989] bridge_slave_0: entered allmulticast mode [ 196.049876][ T7989] bridge_slave_0: entered promiscuous mode [ 196.125790][ T7989] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.133823][ T7989] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.153751][ T8092] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 196.167300][ T7989] bridge_slave_1: entered allmulticast mode [ 196.181003][ T7989] bridge_slave_1: entered promiscuous mode [ 196.299385][ T8101] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode broadcast(3) [ 196.323837][ T7989] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 196.660912][ T7989] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 196.793194][ T8106] veth0_vlan: entered allmulticast mode [ 196.966753][ T5104] Bluetooth: hci2: command tx timeout [ 197.136686][ T5104] Bluetooth: hci3: command tx timeout [ 197.166762][ T8103] DRBG: could not allocate digest TFM handle: hmac(sha384) [ 197.263496][ T7989] team0: Port device team_slave_0 added [ 197.342963][ T7989] team0: Port device team_slave_1 added [ 197.441882][ T7989] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 197.450745][ T7989] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.293725][ T8120] netlink: 224 bytes leftover after parsing attributes in process `syz.3.974'. [ 198.321118][ T7989] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 198.362306][ T7989] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 198.369558][ T7989] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.396781][ T7989] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 198.506340][ T8126] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 198.535757][ T7989] hsr_slave_0: entered promiscuous mode [ 198.561697][ T7989] hsr_slave_1: entered promiscuous mode [ 198.575926][ T7989] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 198.584989][ T7989] Cannot create hsr debugfs directory [ 198.707073][ T7945] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 198.747062][ T7945] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 198.774727][ T7945] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 198.814622][ T8141] loop3: detected capacity change from 0 to 4096 [ 198.844568][ T8141] NILFS (loop3): invalid segment: Checksum error in segment payload [ 198.854874][ T8141] NILFS (loop3): trying rollback from an earlier position [ 199.114497][ T7945] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 199.256075][ T5104] Bluetooth: hci3: command tx timeout [ 199.633782][ T8141] NILFS (loop3): recovery complete [ 199.682900][ T8149] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 199.758858][ T29] audit: type=1800 audit(1854140057.895:431): pid=8141 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.983" name="bus" dev="loop3" ino=13 res=0 errno=0 [ 199.785634][ T29] audit: type=1800 audit(1854140057.905:432): pid=8141 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.983" name="bus" dev="loop3" ino=13 res=0 errno=0 [ 199.817254][ T8153] input: syz1 as /devices/virtual/input/input13 [ 199.847420][ T29] audit: type=1804 audit(1854140057.985:433): pid=8155 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.983" name="/newroot/71/file1/bus/bus" dev="loop3" ino=13 res=1 errno=0 [ 200.209974][ T7989] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.346150][ T7989] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.425454][ T7945] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.506437][ T7945] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.613060][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.620268][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.647783][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.654992][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.781576][ T8176] Cannot find set identified by id 0 to match [ 202.342250][ T29] audit: type=1800 audit(1854140060.485:434): pid=8155 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.983" name="bus" dev="loop3" ino=13 res=0 errno=0 [ 202.362004][ T8155] syz.3.983 (8155) used greatest stack depth: 18296 bytes left [ 202.384537][ T7989] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 202.542117][ T8178] Bluetooth: MGMT ver 1.23 [ 202.583893][ T7989] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 202.706907][ T7945] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 203.046940][ T7989] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 203.095057][ T7989] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 203.125231][ T7989] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 203.160990][ T7989] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 203.209465][ T8199] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1001'. [ 203.243309][ T7945] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 203.564744][ T7989] 8021q: adding VLAN 0 to HW filter on device bond0 [ 203.631218][ T7989] 8021q: adding VLAN 0 to HW filter on device team0 [ 203.653255][ T5141] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.658975][ T8213] netlink: 57 bytes leftover after parsing attributes in process `syz.3.1007'. [ 203.660556][ T5141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.738585][ T5238] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.745804][ T5238] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.984152][ T7945] veth0_vlan: entered promiscuous mode [ 204.031324][ T7945] veth1_vlan: entered promiscuous mode [ 204.125691][ T7945] veth0_macvtap: entered promiscuous mode [ 204.147707][ T7945] veth1_macvtap: entered promiscuous mode [ 204.208172][ T7945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.233808][ T7945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.260897][ T7945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.281680][ T7945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.312142][ T7945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.356013][ T7945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.384627][ T7945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.429149][ T7945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.443798][ T7945] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 205.207464][ T7945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.246045][ T7945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.262534][ T7945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.273345][ T7945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.291618][ T7945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.302422][ T7945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.326107][ T7945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.343822][ T7945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.374649][ T7945] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 205.415702][ T7945] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.426271][ T7945] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.435100][ T7945] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.452370][ T7945] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.483027][ T7989] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 205.508553][ T8237] loop1: detected capacity change from 0 to 4096 [ 205.546267][ T8237] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 205.646601][ T8237] ntfs3: loop1: Failed to initialize $Extend/$ObjId. [ 205.671968][ T7989] veth0_vlan: entered promiscuous mode [ 205.702443][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.734761][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.784164][ T7989] veth1_vlan: entered promiscuous mode [ 205.808743][ T2446] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.831084][ T2446] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.895325][ T7989] veth0_macvtap: entered promiscuous mode [ 205.922287][ T7989] veth1_macvtap: entered promiscuous mode [ 205.962313][ T7989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.974332][ T7989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.995190][ T8253] loop1: detected capacity change from 0 to 128 [ 206.010293][ T7989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 206.024181][ T7989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.036341][ T7989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 206.057764][ T7989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.096939][ T7989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 206.126067][ T7989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.136044][ T7989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 206.146528][ T7989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.161425][ T7989] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 206.213808][ T7989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 206.233597][ T7989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.258471][ T7989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 206.278478][ T7989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.294750][ T7989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 206.309760][ T7989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.325724][ T7989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 206.342999][ T7989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.366493][ T7989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 206.385924][ T7989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.409173][ T7989] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 206.434479][ T7989] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.446723][ T7989] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.455449][ T7989] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.478197][ T8263] loop1: detected capacity change from 0 to 4096 [ 206.486701][ T7989] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.504139][ T8263] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 206.620031][ T8263] ntfs3: loop1: Failed to initialize $Extend/$ObjId. [ 206.699473][ T2844] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.728173][ T2844] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.828434][ T2430] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.841651][ T2430] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 208.269342][ T8307] loop2: detected capacity change from 0 to 2048 [ 208.285306][ T8307] udf: Bad value for 'session' [ 208.346521][ T8307] fuse: blksize only supported for fuseblk [ 208.429238][ T8318] 9pnet_fd: Insufficient options for proto=fd [ 208.713553][ T8332] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1047'. [ 209.428551][ T8343] loop1: detected capacity change from 0 to 32768 [ 209.446906][ T8343] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1051 (8343) [ 209.513682][ T8343] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 209.543001][ T8343] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 209.566596][ T8343] BTRFS info (device loop1): using free-space-tree [ 209.746396][ T7036] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 209.886236][ T25] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 210.095951][ T25] usb 5-1: Using ep0 maxpacket: 32 [ 210.104353][ T25] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 210.121127][ T25] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 210.134323][ T25] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 210.149675][ T25] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 210.162581][ T25] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 210.180552][ T25] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 210.198576][ T25] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 210.210364][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.218633][ T25] usb 5-1: Product: syz [ 210.222930][ T25] usb 5-1: Manufacturer: syz [ 210.228031][ T25] usb 5-1: SerialNumber: syz [ 210.497954][ T25] cdc_ncm 5-1:1.0: bind() failure [ 210.526179][ T25] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 210.533023][ T25] cdc_ncm 5-1:1.1: bind() failure [ 210.541702][ T25] usb 5-1: USB disconnect, device number 5 [ 210.545650][ T8390] loop1: detected capacity change from 0 to 32768 [ 210.588502][ T8390] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1061 (8390) [ 210.628446][ T8390] BTRFS info (device loop1): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 210.645748][ T8390] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 210.663422][ T8390] BTRFS info (device loop1): using free-space-tree [ 211.076917][ T7036] BTRFS info (device loop1): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 212.336717][ T25] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 212.501186][ T8454] loop4: detected capacity change from 0 to 32768 [ 212.508232][ T8462] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1084'. [ 212.520165][ T8454] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1080 (8454) [ 212.533501][ T8462] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1084'. [ 212.546972][ T8454] BTRFS info (device loop4): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 212.557904][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 212.563709][ T8454] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 212.575120][ T25] usb 3-1: config 0 has no interfaces? [ 212.581062][ T25] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 212.590423][ T8454] BTRFS info (device loop4): using free-space-tree [ 212.597546][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.614793][ T25] usb 3-1: config 0 descriptor?? [ 212.877298][ T8448] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 212.900426][ T8448] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 212.997463][ T7945] BTRFS info (device loop4): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 213.447093][ T59] usb 3-1: USB disconnect, device number 6 [ 213.598985][ T8494] loop4: detected capacity change from 0 to 1024 [ 213.998953][ T8494] EXT4-fs: Ignoring removed orlov option [ 214.040451][ T8494] EXT4-fs (loop4): Test dummy encryption mode enabled [ 214.065813][ T8494] EXT4-fs (loop4): stripe (7) is not aligned with cluster size (16), stripe is disabled [ 214.128906][ T8494] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 214.435000][ T8503] loop3: detected capacity change from 0 to 512 [ 214.442962][ T4496] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 214.456123][ T4496] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 214.464900][ T4496] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 214.473893][ T4496] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 214.500897][ T4496] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 214.509254][ T4496] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 214.559699][ T8503] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 214.580098][ T8503] ext4 filesystem being mounted at /107/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 214.636469][ T8494] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx" [ 214.864013][ T8494] batadv_slave_1: vlans aren't supported yet for dev_uc|mc_add() [ 215.003303][ T7945] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 215.035104][ T8507] chnl_net:caif_netlink_parms(): no params data found [ 215.041704][ T6917] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 215.313978][ T8537] loop4: detected capacity change from 0 to 512 [ 215.341600][ T8537] EXT4-fs: Ignoring removed nomblk_io_submit option [ 215.386927][ T8537] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 215.492634][ T8537] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e02c, mo2=0002] [ 215.506243][ T8537] EXT4-fs (loop4): orphan cleanup on readonly fs [ 215.889861][ T8537] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #11: comm syz.4.1103: attempt to clear invalid blocks 1024 len 1 [ 215.924762][ T8507] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.027827][ T8507] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.155596][ T8507] bridge_slave_0: entered allmulticast mode [ 216.173914][ T8507] bridge_slave_0: entered promiscuous mode [ 216.180132][ T8537] EXT4-fs (loop4): Remounting filesystem read-only [ 216.239955][ T8537] EXT4-fs (loop4): 1 truncate cleaned up [ 216.247197][ T8507] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.254336][ T8507] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.283353][ T8537] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 216.310007][ T8523] loop2: detected capacity change from 0 to 32768 [ 216.326318][ T8507] bridge_slave_1: entered allmulticast mode [ 216.341894][ T8507] bridge_slave_1: entered promiscuous mode [ 216.348251][ T8523] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1096 (8523) [ 216.373820][ T8537] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1103'. [ 216.399455][ T8523] BTRFS info (device loop2): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 216.415156][ T29] audit: type=1326 audit(1854140074.545:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8536 comm="syz.4.1103" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1068f75f19 code=0x0 [ 216.446814][ T8523] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 216.460343][ T8523] BTRFS info (device loop2): using free-space-tree [ 216.489572][ T8507] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 216.503231][ T8507] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 216.575972][ T4496] Bluetooth: hci6: command tx timeout [ 216.635251][ T8533] loop3: detected capacity change from 0 to 32768 [ 216.667427][ T7945] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 216.684621][ T8533] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1101 (8533) [ 216.733399][ T8507] team0: Port device team_slave_0 added [ 216.747893][ T8533] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 216.761316][ T8533] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 216.770183][ T8533] BTRFS info (device loop3): using free-space-tree [ 217.087231][ T8507] team0: Port device team_slave_1 added [ 217.480000][ T8507] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 217.506512][ T8507] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 217.547525][ T8507] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 217.564485][ T8507] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 217.579762][ T8507] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 217.607087][ T8507] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 217.650416][ T7989] BTRFS info (device loop2): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 217.809461][ T5141] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 217.817762][ T8507] hsr_slave_0: entered promiscuous mode [ 217.836337][ T8507] hsr_slave_1: entered promiscuous mode [ 217.852064][ T8507] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 217.877921][ T8507] Cannot create hsr debugfs directory [ 218.007830][ T8598] delete_channel: no stack [ 218.015993][ T5141] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 218.037233][ T5141] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 218.080528][ T5141] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 218.110424][ T5141] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 218.128383][ T5141] usb 4-1: SerialNumber: syz [ 218.148187][ T5141] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22 [ 218.158798][ T8609] loop1: detected capacity change from 0 to 24 [ 218.359225][ T8533] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 218.407109][ T8533] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 218.460281][ T8507] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.649301][ T4496] Bluetooth: hci6: command tx timeout [ 219.420610][ T8507] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.581962][ T5144] usb 4-1: USB disconnect, device number 5 [ 220.418692][ T8507] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.472997][ T6917] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 220.702487][ T8507] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.726001][ T4496] Bluetooth: hci6: command tx timeout [ 221.090085][ T8642] delete_channel: no stack [ 221.123565][ T8624] loop4: detected capacity change from 0 to 32768 [ 221.137082][ T8624] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1120 (8624) [ 221.193340][ T8624] BTRFS info (device loop4): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 221.222469][ T8624] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 221.234599][ T8624] BTRFS info (device loop4): using free-space-tree [ 221.338703][ T8507] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 221.378927][ T8507] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 221.424458][ T8507] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 221.479020][ T8507] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 221.709747][ T8507] 8021q: adding VLAN 0 to HW filter on device bond0 [ 221.743559][ T7945] BTRFS info (device loop4): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 221.772717][ T8507] 8021q: adding VLAN 0 to HW filter on device team0 [ 221.793045][ T8676] loop3: detected capacity change from 0 to 1024 [ 221.810935][ T8676] EXT4-fs: Ignoring removed orlov option [ 221.828482][ T5142] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.835687][ T5142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 221.847043][ T8676] EXT4-fs: Ignoring removed nomblk_io_submit option [ 221.910121][ T5092] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.917367][ T5092] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.952589][ T8678] loop1: detected capacity change from 0 to 256 [ 222.010633][ T8676] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 222.174242][ T8676] process 'syz.3.1134' launched './file0/file0' with NULL argv: empty string added [ 222.348861][ T6917] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 222.457209][ T8691] tmpfs: Bad value for 'mpol' [ 222.522971][ T8507] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 222.597714][ T8693] batadv0: mtu less than device minimum [ 222.694546][ T8507] veth0_vlan: entered promiscuous mode [ 222.723688][ T8507] veth1_vlan: entered promiscuous mode [ 222.785231][ T8507] veth0_macvtap: entered promiscuous mode [ 222.807734][ T4496] Bluetooth: hci6: command tx timeout [ 222.814062][ T8701] input: syz1 as /devices/virtual/input/input14 [ 222.827915][ T8507] veth1_macvtap: entered promiscuous mode [ 222.923116][ T8507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.940039][ T8507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.955237][ T8507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 223.016723][ T8507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.043909][ T8709] loop3: detected capacity change from 0 to 64 [ 223.055952][ T8507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 223.079372][ T8507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.121327][ T8507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 223.145878][ T8507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.171259][ T8706] loop1: detected capacity change from 0 to 4096 [ 223.186300][ T8507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 223.221107][ T8507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.250824][ T8706] ntfs3: loop1: $Secure::$SII is corrupted. [ 223.266153][ T8706] ntfs3: loop1: Failed to initialize $Secure (-22). [ 223.276124][ T8507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 223.312351][ T8507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.337446][ T8507] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 223.384664][ T8507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.433042][ T8507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.461465][ T8507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.495955][ T8507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.516393][ T8507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.574088][ T8507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.610665][ T8507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.636092][ T8507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.669179][ T8507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.708989][ T8507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.735070][ T8507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.765220][ T8507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.816038][ T5239] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 223.823988][ T8507] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 223.883534][ T8507] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.918958][ T8507] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.943659][ T8507] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.968046][ T8507] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.058803][ T5239] usb 4-1: Using ep0 maxpacket: 32 [ 224.067819][ T8707] loop2: detected capacity change from 0 to 32768 [ 224.078113][ T5239] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 224.089655][ T8707] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1143 (8707) [ 224.124468][ T5239] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 224.192261][ T8707] BTRFS info (device loop2): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 224.202709][ T5239] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 224.236643][ T8707] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 224.245395][ T5239] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 224.256062][ T8707] BTRFS info (device loop2): using free-space-tree [ 224.263714][ T5239] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 224.289107][ T5239] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 224.300990][ T2446] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.313468][ T2446] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.329311][ T5239] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 224.343035][ T5239] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.352012][ T5239] usb 4-1: Product: syz [ 224.356595][ T5239] usb 4-1: Manufacturer: syz [ 224.361200][ T5239] usb 4-1: SerialNumber: syz [ 224.458270][ T2446] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.497932][ T2446] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.595063][ T8725] loop1: detected capacity change from 0 to 40427 [ 224.626847][ T5239] cdc_ncm 4-1:1.0: bind() failure [ 224.628543][ T8725] F2FS-fs (loop1): Found nat_bits in checkpoint [ 224.648035][ T5239] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 224.687268][ T5239] cdc_ncm 4-1:1.1: bind() failure [ 224.705444][ T5239] usb 4-1: USB disconnect, device number 6 [ 224.711376][ T8725] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 224.778083][ T7989] BTRFS info (device loop2): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 224.815224][ T7036] syz-executor: attempt to access beyond end of device [ 224.815224][ T7036] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 224.855047][ T7036] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 225.231279][ T8766] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 225.253451][ T8766] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 225.276069][ T8766] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 225.309663][ T8766] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 225.346031][ T8766] netdevsim netdevsim0 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 225.359367][ T8766] netdevsim netdevsim0 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 225.369183][ T8766] netdevsim netdevsim0 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 225.384040][ T8766] netdevsim netdevsim0 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 225.393589][ T8766] geneve2: entered promiscuous mode [ 225.400331][ T8766] geneve2: entered allmulticast mode [ 225.418722][ T8768] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 225.648010][ T8780] loop0: detected capacity change from 0 to 164 [ 225.665731][ T8780] rock: directory entry would overflow storage [ 225.674939][ T8780] rock: sig=0x5245, size=8, remaining=3 [ 226.219095][ T8806] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 226.242911][ T8806] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 226.262590][ T8806] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 226.278589][ T8806] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 226.293085][ T8806] netdevsim netdevsim0 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 226.308076][ T8806] netdevsim netdevsim0 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 226.323256][ T8806] netdevsim netdevsim0 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 226.334819][ T8806] netdevsim netdevsim0 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 226.354675][ T8806] geneve2: entered promiscuous mode [ 226.365869][ T8806] geneve2: entered allmulticast mode [ 226.386525][ T8805] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 226.528469][ T8812] loop4: detected capacity change from 0 to 1024 [ 226.540571][ T8812] EXT4-fs: Ignoring removed orlov option [ 226.555344][ T8787] loop1: detected capacity change from 0 to 40427 [ 226.565696][ T8812] EXT4-fs (loop4): Test dummy encryption mode enabled [ 226.567683][ T8812] EXT4-fs (loop4): stripe (7) is not aligned with cluster size (16), stripe is disabled [ 226.604849][ T8812] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 226.622948][ T8787] F2FS-fs (loop1): Found nat_bits in checkpoint [ 226.774270][ T8787] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 226.809591][ T8823] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1176'. [ 226.821814][ T29] audit: type=1804 audit(1854140084.975:436): pid=8831 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1173" name="/newroot/41/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 226.995784][ T8812] batadv_slave_1: vlans aren't supported yet for dev_uc|mc_add() [ 227.030969][ T7036] syz-executor: attempt to access beyond end of device [ 227.030969][ T7036] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 227.054942][ T7036] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 227.060069][ T8823] loop2: detected capacity change from 0 to 256 [ 227.080244][ T7945] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 227.171781][ T8823] FAT-fs (loop2): Directory bread(block 64) failed [ 227.184987][ T8823] FAT-fs (loop2): Directory bread(block 65) failed [ 227.203264][ T8823] FAT-fs (loop2): Directory bread(block 66) failed [ 227.224622][ T8823] FAT-fs (loop2): Directory bread(block 67) failed [ 227.246053][ T8823] FAT-fs (loop2): Directory bread(block 68) failed [ 227.264530][ T8823] FAT-fs (loop2): Directory bread(block 69) failed [ 227.293800][ T8823] FAT-fs (loop2): Directory bread(block 70) failed [ 227.316575][ T8823] FAT-fs (loop2): Directory bread(block 71) failed [ 227.342531][ T8823] FAT-fs (loop2): Directory bread(block 72) failed [ 227.358411][ T8848] loop4: detected capacity change from 0 to 256 [ 227.369867][ T8823] FAT-fs (loop2): Directory bread(block 73) failed [ 227.484609][ T8848] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 198) [ 227.498510][ T8823] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 227.498596][ T8823] FAT-fs (loop2): Filesystem has been set read-only [ 227.518844][ T8848] FAT-fs (loop4): Filesystem has been set read-only [ 227.553451][ T8848] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 227.683089][ T8857] loop0: detected capacity change from 0 to 256 [ 227.814228][ T8865] loop2: detected capacity change from 0 to 512 [ 227.814973][ T8865] EXT4-fs: Ignoring removed mblk_io_submit option [ 227.836136][ T8865] EXT4-fs (loop2): Test dummy encryption mode enabled [ 227.855563][ T8865] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a064e01c, mo2=0102] [ 227.903961][ T8865] System zones: 1-12 [ 227.939300][ T8865] EXT4-fs error (device loop2): ext4_orphan_get:1394: inode #15: comm syz.2.1192: casefold flag without casefold feature [ 228.033367][ T8865] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz.2.1192: couldn't read orphan inode 15 (err -117) [ 228.067897][ T8865] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 228.367585][ T8865] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 228.515666][ T8888] netlink: 236 bytes leftover after parsing attributes in process `syz.0.1200'. [ 228.572708][ T8890] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 228.572708][ T8890] The task syz.2.1192 (8890) triggered the difference, watch for misbehavior. [ 228.698516][ T8894] loop0: detected capacity change from 0 to 256 [ 228.800106][ T8863] loop4: detected capacity change from 0 to 40427 [ 228.812648][ T8894] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 198) [ 228.812901][ T7989] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 228.843416][ T8894] FAT-fs (loop0): Filesystem has been set read-only [ 228.850876][ T8894] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 228.875113][ T8863] F2FS-fs (loop4): Found nat_bits in checkpoint [ 228.965316][ T8903] loop3: detected capacity change from 0 to 1024 [ 229.014226][ T8903] hfsplus: failed to load root directory [ 229.027339][ T8863] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 229.225641][ T7945] syz-executor: attempt to access beyond end of device [ 229.225641][ T7945] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 229.248057][ T7945] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 229.275695][ T8920] sctp: [Deprecated]: syz.3.1212 (pid 8920) Use of struct sctp_assoc_value in delayed_ack socket option. [ 229.275695][ T8920] Use struct sctp_sack_info instead [ 229.438290][ T8927] loop3: detected capacity change from 0 to 256 [ 229.526740][ T8927] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 198) [ 229.548992][ T8927] FAT-fs (loop3): Filesystem has been set read-only [ 229.562236][ T8927] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 230.306671][ T8918] loop0: detected capacity change from 0 to 40427 [ 230.522686][ T8918] F2FS-fs (loop0): Found nat_bits in checkpoint [ 231.454615][ T8918] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 231.488927][ T8963] sctp: [Deprecated]: syz.3.1227 (pid 8963) Use of struct sctp_assoc_value in delayed_ack socket option. [ 231.488927][ T8963] Use struct sctp_sack_info instead [ 231.564954][ T8507] syz-executor: attempt to access beyond end of device [ 231.564954][ T8507] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 231.598346][ T8507] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 231.642563][ T8973] netlink: 'syz.1.1232': attribute type 1 has an invalid length. [ 232.097231][ T8981] loop1: detected capacity change from 0 to 40427 [ 232.106348][ T8981] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 232.115696][ T8981] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 232.156517][ T8981] F2FS-fs (loop1): Found nat_bits in checkpoint [ 232.219637][ T8981] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 232.226824][ T8981] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 232.729464][ T9002] syz.1.1236: attempt to access beyond end of device [ 232.729464][ T9002] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 232.749573][ T9005] netlink: 30 bytes leftover after parsing attributes in process `syz.1.1236'. [ 232.998068][ T7036] syz-executor: attempt to access beyond end of device [ 232.998068][ T7036] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 232.998178][ T7036] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 233.140088][ T9016] netlink: 'syz.3.1248': attribute type 2 has an invalid length. [ 233.403339][ T9024] loop2: detected capacity change from 0 to 64 [ 233.489843][ T9026] loop0: detected capacity change from 0 to 256 [ 234.254013][ T8991] loop4: detected capacity change from 0 to 40427 [ 234.297677][ T8991] F2FS-fs (loop4): Found nat_bits in checkpoint [ 234.576133][ T9041] loop1: detected capacity change from 0 to 40427 [ 234.591517][ T9041] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 234.599305][ T9041] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 234.662258][ T9041] F2FS-fs (loop1): Found nat_bits in checkpoint [ 234.712874][ T9039] loop2: detected capacity change from 0 to 4096 [ 234.730442][ T9041] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 234.737618][ T9041] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 234.755166][ T9039] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512). [ 234.767374][ T9020] loop3: detected capacity change from 0 to 32768 [ 234.786129][ T9020] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1250 (9020) [ 234.786552][ T8991] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 234.824469][ T9020] BTRFS info (device loop3): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 234.944619][ T9020] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 235.024069][ T9020] BTRFS info (device loop3): using free-space-tree [ 235.157635][ T9050] syz.1.1257: attempt to access beyond end of device [ 235.157635][ T9050] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 235.392273][ T7036] syz-executor: attempt to access beyond end of device [ 235.392273][ T7036] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 235.439456][ T7036] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 235.829060][ T6917] BTRFS info (device loop3): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 236.044855][ T9079] loop2: detected capacity change from 0 to 64 [ 236.167249][ T9081] netlink: 'syz.1.1261': attribute type 2 has an invalid length. [ 236.273397][ T25] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 236.357555][ T29] audit: type=1326 audit(1854140094.505:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9082 comm="syz.2.1265" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3cab775f19 code=0x0 [ 236.410868][ T9087] loop3: detected capacity change from 0 to 4096 [ 236.423996][ T9087] NILFS (loop3): invalid segment: Checksum error in segment payload [ 236.432191][ T9087] NILFS (loop3): trying rollback from an earlier position [ 236.458480][ T9087] NILFS (loop3): recovery complete [ 236.464729][ T9092] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 236.494109][ T9093] syz.1.1268 uses obsolete (PF_INET,SOCK_PACKET) [ 236.556243][ T25] usb 5-1: Using ep0 maxpacket: 16 [ 236.574392][ T29] audit: type=1800 audit(1854140094.715:438): pid=9087 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1263" name="bus" dev="loop3" ino=13 res=0 errno=0 [ 236.609510][ T29] audit: type=1800 audit(1854140094.715:439): pid=9087 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1263" name="bus" dev="loop3" ino=13 res=0 errno=0 [ 236.638699][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 236.668804][ T29] audit: type=1804 audit(1854140094.815:440): pid=9100 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1263" name="/newroot/143/file1/bus/bus" dev="loop3" ino=13 res=1 errno=0 [ 236.690642][ C1] vkms_vblank_simulate: vblank timer overrun [ 236.703324][ T25] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 236.741454][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.752447][ T25] usb 5-1: config 0 descriptor?? [ 237.357109][ T9076] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 237.377080][ T9113] loop1: detected capacity change from 0 to 256 [ 237.383301][ T9076] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 237.420780][ T29] audit: type=1800 audit(1854140095.555:441): pid=9100 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1263" name="bus" dev="loop3" ino=13 res=0 errno=0 [ 237.461079][ T25] hid (null): unknown global tag 0xd [ 237.477298][ T25] hid (null): report_id 0 is invalid [ 237.484372][ T25] hid (null): unknown global tag 0x83 [ 237.506214][ T25] hid (null): unknown global tag 0xc [ 237.534752][ T25] hid-generic 0003:0158:0100.0005: unknown main item tag 0x1 [ 237.572073][ T25] hid-generic 0003:0158:0100.0005: unexpected long global item [ 237.592798][ T25] hid-generic 0003:0158:0100.0005: probe with driver hid-generic failed with error -22 [ 237.710255][ T25] usb 5-1: USB disconnect, device number 6 [ 237.726378][ T9117] loop0: detected capacity change from 0 to 4096 [ 237.754040][ T9117] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 237.804659][ T9124] loop3: detected capacity change from 0 to 2048 [ 237.839628][ T9124] NILFS (loop3): ifile inode (checkpoint number=2) corrupted [ 237.860355][ T9124] NILFS (loop3): error -5 while loading last checkpoint (checkpoint number=2) [ 237.994902][ T9109] loop2: detected capacity change from 0 to 32768 [ 238.016241][ T9109] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1273 (9109) [ 238.079533][ T9109] BTRFS info (device loop2): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 238.100603][ T29] audit: type=1326 audit(1854140096.245:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9132 comm="syz.0.1283" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fadc9b75f19 code=0x0 [ 238.116073][ T9109] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 238.151317][ T9109] BTRFS info (device loop2): using free-space-tree [ 238.255021][ T9158] loop3: detected capacity change from 0 to 128 [ 238.557309][ T7989] BTRFS info (device loop2): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 238.803552][ T9169] loop4: detected capacity change from 0 to 4096 [ 238.820379][ T9169] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 238.876821][ T9172] loop3: detected capacity change from 0 to 2048 [ 238.980472][ T9172] NILFS (loop3): ifile inode (checkpoint number=2) corrupted [ 239.014683][ T9172] NILFS (loop3): error -5 while loading last checkpoint (checkpoint number=2) [ 239.374767][ T9188] mmap: syz.0.1300 (9188) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 239.572613][ T9188] loop0: detected capacity change from 0 to 1024 [ 239.667743][ T9188] EXT4-fs (loop0): stripe (205) is not aligned with cluster size (16), stripe is disabled [ 240.397865][ T9188] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 240.578489][ T9215] loop4: detected capacity change from 0 to 2048 [ 240.605605][ T9215] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 240.670953][ T29] audit: type=1800 audit(1854140098.815:443): pid=9215 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1311" name="bus" dev="loop4" ino=1367 res=0 errno=0 [ 240.750571][ T9223] loop3: detected capacity change from 0 to 512 [ 240.755891][ T29] audit: type=1804 audit(1854140098.815:444): pid=9215 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1311" name="/newroot/56/file0/bus" dev="loop4" ino=1367 res=1 errno=0 [ 240.768147][ T9223] EXT4-fs: Ignoring removed mblk_io_submit option [ 240.805326][ T9223] EXT4-fs (loop3): Test dummy encryption mode enabled [ 240.866832][ T9223] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a064e01c, mo2=0102] [ 240.876100][ T9223] System zones: 1-12 [ 240.890917][ T9223] EXT4-fs error (device loop3): ext4_orphan_get:1394: inode #15: comm syz.3.1314: casefold flag without casefold feature [ 240.989794][ T9223] EXT4-fs error (device loop3): ext4_orphan_get:1399: comm syz.3.1314: couldn't read orphan inode 15 (err -117) [ 241.039458][ T9223] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 241.231553][ T29] audit: type=1326 audit(1854140099.375:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9249 comm="syz.1.1326" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9692975f19 code=0x0 [ 241.590451][ T6917] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 241.697532][ T9269] loop4: detected capacity change from 0 to 256 [ 241.759952][ T9269] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xba7df490, utbl_chksum : 0xe619d30d) [ 241.797077][ T9275] dlm: no locking on control device [ 242.580189][ T9285] netlink: 'syz.2.1337': attribute type 2 has an invalid length. [ 242.762541][ T8507] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 242.861333][ T9289] sp0: Synchronizing with TNC [ 242.981627][ T9291] loop4: detected capacity change from 0 to 4096 [ 243.026933][ T9291] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 243.091243][ T9299] loop0: detected capacity change from 0 to 2048 [ 243.125622][ T9299] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 243.421311][ T9312] loop3: detected capacity change from 0 to 256 [ 243.478363][ T9312] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xba7df490, utbl_chksum : 0xe619d30d) [ 244.540094][ T9324] dlm: no locking on control device [ 244.621787][ T9328] sp0: Synchronizing with TNC [ 244.837151][ T9336] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1357'. [ 244.991003][ T9338] loop0: detected capacity change from 0 to 4096 [ 245.025479][ T9338] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 245.439210][ T9365] loop2: detected capacity change from 0 to 64 [ 245.505102][ T9365] Trying to free block not in datazone [ 245.526422][ T9365] minix_free_block (loop2:21): bit already cleared [ 246.199595][ T9371] loop4: detected capacity change from 0 to 256 [ 246.953763][ T9380] loop2: detected capacity change from 0 to 2048 [ 247.026727][ T9380] NILFS (loop2): ifile inode (checkpoint number=2) corrupted [ 247.054777][ T9380] NILFS (loop2): error -5 while loading last checkpoint (checkpoint number=2) [ 247.463333][ T9388] loop4: detected capacity change from 0 to 256 [ 247.492023][ T9388] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xba7df490, utbl_chksum : 0xe619d30d) [ 247.513922][ T9390] loop0: detected capacity change from 0 to 128 [ 247.538805][ T9363] loop1: detected capacity change from 0 to 32768 [ 247.612932][ T9390] syz.0.1378: attempt to access beyond end of device [ 247.612932][ T9390] loop0: rw=0, sector=97, nr_sectors = 32 limit=128 [ 247.653738][ T29] audit: type=1804 audit(1854140105.705:446): pid=9390 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1378" name="/newroot/43/file2/bus" dev="loop0" ino=1048659 res=1 errno=0 [ 247.675562][ C1] vkms_vblank_simulate: vblank timer overrun [ 247.697776][ T29] audit: type=1804 audit(1854140105.705:447): pid=9390 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1378" name="/newroot/43/file2/bus" dev="loop0" ino=1048659 res=1 errno=0 [ 247.753743][ T9363] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 247.762697][ T9363] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 247.809023][ T5144] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 247.839357][ T9363] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 247.870619][ T5141] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 247.897562][ T5141] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 248.124737][ T5144] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 26232, setting to 64 [ 248.682399][ T5144] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 248.691610][ T5144] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.710023][ T5144] usb 3-1: config 0 descriptor?? [ 248.715289][ T5141] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 817ms [ 248.752927][ T5141] gfs2: fsid=syz:syz.0: jid=0: Done [ 248.768100][ T9363] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 248.786874][ T9403] netlink: 300 bytes leftover after parsing attributes in process `syz.0.1381'. [ 248.805599][ T9401] loop4: detected capacity change from 0 to 1024 [ 248.938109][ T9384] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 248.950588][ T9409] loop3: detected capacity change from 0 to 256 [ 248.959024][ T9384] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 249.778458][ T5144] ath6kl: Failed to submit usb control message: -110 [ 249.794348][ T5144] ath6kl: unable to send the bmi data to the device: -110 [ 249.816348][ T5144] ath6kl: Unable to send get target info: -110 [ 249.864910][ T5144] ath6kl: Failed to init ath6kl core: -110 [ 249.980408][ T5144] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 250.415152][ T5144] usb 3-1: USB disconnect, device number 7 [ 251.433850][ T9410] sched: RT throttling activated [ 253.434956][ T5104] Bluetooth: hci5: command 0x0406 tx timeout [ 253.813554][ T9417] netlink: 'syz.3.1387': attribute type 1 has an invalid length. [ 254.264864][ T9442] loop0: detected capacity change from 0 to 256 [ 254.307789][ T9442] FAT-fs (loop0): Directory bread(block 64) failed [ 254.329498][ T9442] FAT-fs (loop0): Directory bread(block 65) failed [ 254.346473][ T9442] FAT-fs (loop0): Directory bread(block 66) failed [ 254.363077][ T9442] FAT-fs (loop0): Directory bread(block 67) failed [ 254.386907][ T9442] FAT-fs (loop0): Directory bread(block 68) failed [ 254.403772][ T9442] FAT-fs (loop0): Directory bread(block 69) failed [ 254.419929][ T9442] FAT-fs (loop0): Directory bread(block 70) failed [ 254.442655][ T9442] FAT-fs (loop0): Directory bread(block 71) failed [ 254.461932][ T9442] FAT-fs (loop0): Directory bread(block 72) failed [ 254.503553][ T9442] FAT-fs (loop0): Directory bread(block 73) failed [ 254.831701][ T9456] netlink: 'syz.1.1400': attribute type 1 has an invalid length. [ 254.883986][ T9437] loop4: detected capacity change from 0 to 32768 [ 255.129969][ T9473] loop1: detected capacity change from 0 to 256 [ 255.152244][ T9474] loop3: detected capacity change from 0 to 128 [ 255.208797][ T9474] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 255.219570][ T9473] FAT-fs (loop1): Directory bread(block 64) failed [ 255.231819][ T9474] ext4 filesystem being mounted at /173/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 255.255961][ T9473] FAT-fs (loop1): Directory bread(block 65) failed [ 255.287061][ T9473] FAT-fs (loop1): Directory bread(block 66) failed [ 255.293909][ T9473] FAT-fs (loop1): Directory bread(block 67) failed [ 255.301304][ T9473] FAT-fs (loop1): Directory bread(block 68) failed [ 255.308026][ T9473] FAT-fs (loop1): Directory bread(block 69) failed [ 255.314635][ T9473] FAT-fs (loop1): Directory bread(block 70) failed [ 255.336996][ T9474] syz.3.1407 (pid 9474) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 255.350008][ T9473] FAT-fs (loop1): Directory bread(block 71) failed [ 255.357598][ T9473] FAT-fs (loop1): Directory bread(block 72) failed [ 255.364238][ T9473] FAT-fs (loop1): Directory bread(block 73) failed [ 255.460053][ T6917] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 255.597307][ T9490] loop3: detected capacity change from 0 to 64 [ 255.832397][ T9499] Unknown gid [ 256.088602][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.092763][ T9511] loop3: detected capacity change from 0 to 256 [ 256.096974][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.203721][ T9511] FAT-fs (loop3): Directory bread(block 64) failed [ 256.215803][ T9511] FAT-fs (loop3): Directory bread(block 65) failed [ 256.239337][ T9511] FAT-fs (loop3): Directory bread(block 66) failed [ 256.257457][ T9511] FAT-fs (loop3): Directory bread(block 67) failed [ 256.269416][ T9511] FAT-fs (loop3): Directory bread(block 68) failed [ 256.286920][ T9511] FAT-fs (loop3): Directory bread(block 69) failed [ 256.295943][ T9511] FAT-fs (loop3): Directory bread(block 70) failed [ 256.314149][ T9511] FAT-fs (loop3): Directory bread(block 71) failed [ 256.326380][ T9511] FAT-fs (loop3): Directory bread(block 72) failed [ 256.339795][ T9511] FAT-fs (loop3): Directory bread(block 73) failed [ 257.344331][ T9531] loop4: detected capacity change from 0 to 8 [ 257.594113][ T9547] loop4: detected capacity change from 0 to 16 [ 257.602620][ T9547] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 257.623967][ T9547] cramfs: bad root offset 24652 [ 257.668467][ T9547] loop4: detected capacity change from 0 to 64 [ 257.716153][ T25] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 257.837203][ T9563] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 0, id = 0 [ 257.861354][ T9560] IPVS: stopping backup sync thread 9563 ... [ 257.920772][ T25] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 257.954916][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 257.960309][ T9567] Unknown gid [ 257.992838][ T25] usb 1-1: config 0 descriptor?? [ 258.559301][ T9588] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 0, id = 0 [ 258.568638][ T9586] IPVS: stopping backup sync thread 9588 ... [ 258.805270][ T9594] Unknown gid [ 259.117736][ T9611] loop4: detected capacity change from 0 to 256 [ 259.138792][ T9611] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x4f8593fa, utbl_chksum : 0xe619d30d) [ 259.168880][ T9613] loop2: detected capacity change from 0 to 512 [ 259.189229][ T9613] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 259.218384][ T9613] EXT4-fs (loop2): invalid journal inode [ 259.223255][ T9615] loop3: detected capacity change from 0 to 16 [ 259.224204][ T9613] EXT4-fs (loop2): can't get journal size [ 259.231108][ T9615] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 259.258986][ T9615] cramfs: bad root offset 24652 [ 259.263651][ T9613] EXT4-fs (loop2): 1 truncate cleaned up [ 259.283020][ T9613] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 259.395736][ T9615] loop3: detected capacity change from 0 to 64 [ 259.437297][ T9623] netlink: 'syz.1.1474': attribute type 29 has an invalid length. [ 259.447122][ T9623] netlink: 'syz.1.1474': attribute type 29 has an invalid length. [ 259.494714][ T9623] netlink: 'syz.1.1474': attribute type 29 has an invalid length. [ 259.533838][ T9623] netlink: 'syz.1.1474': attribute type 29 has an invalid length. [ 259.776822][ T7989] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 259.782697][ T9631] netlink: 4068 bytes leftover after parsing attributes in process `syz.1.1478'. [ 259.862884][ T25] pegasus 1-1:0.0: setup Pegasus II specific registers [ 260.016113][ T25] pegasus 1-1:0.0: can't locate MII phy, using default [ 260.079788][ T25] pegasus 1-1:0.0: eth1, ELECOM USB Ethernet LD-USB20, 56:dd:bc:44:a8:63 [ 260.116633][ T25] usb 1-1: USB disconnect, device number 6 [ 365.235858][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 365.235886][ C0] rcu: 1-...!: (1 GPs behind) idle=aad4/1/0x4000000000000000 softirq=24167/24168 fqs=1 [ 365.254490][ C0] rcu: (detected by 0, t=10502 jiffies, g=33289, q=373 ncpus=2) [ 365.254523][ C0] Sending NMI from CPU 0 to CPUs 1: [ 365.254554][ C1] NMI backtrace for cpu 1 [ 365.254579][ C1] CPU: 1 UID: 0 PID: 9655 Comm: syz.3.1487 Not tainted 6.10.0-rc6-next-20240702-syzkaller #0 [ 365.254598][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 365.254614][ C1] RIP: 0010:lock_release+0x185/0x9f0 [ 365.254641][ C1] Code: 84 24 b0 00 00 00 00 00 00 00 9c 8f 84 24 b0 00 00 00 42 80 3c 3b 00 74 08 4c 89 f7 e8 f4 c4 8a 00 48 8b 9c 24 b0 00 00 00 fa <48> c7 c7 e0 d5 ca 8b e8 bf 9d 21 0a 65 ff 05 78 fb 92 7e 48 8d 94 [ 365.254655][ C1] RSP: 0018:ffffc90000a18a20 EFLAGS: 00000046 [ 365.254670][ C1] RAX: 0000000000000000 RBX: 0000000000000046 RCX: ffffffff816f8e20 [ 365.254681][ C1] RDX: 0000000000000000 RSI: ffffffff8c207ba0 RDI: ffffffff8c207b60 [ 365.254693][ C1] RBP: ffffc90000a18b50 R08: ffffffff8faf7eaf R09: 1ffffffff1f5efd5 [ 365.254705][ C1] R10: dffffc0000000000 R11: fffffbfff1f5efd6 R12: 1ffff92000143150 [ 365.254717][ C1] R13: ffffffff84b71734 R14: ffffc90000a18ad0 R15: dffffc0000000000 [ 365.254729][ C1] FS: 00007f48eb5bd6c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 365.254744][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 365.254756][ C1] CR2: 00007f48eb5bdd58 CR3: 0000000065644000 CR4: 00000000003506f0 [ 365.254770][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 365.254779][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 365.254790][ C1] Call Trace: [ 365.254797][ C1] [ 365.254807][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 365.254828][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 365.254850][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 365.254867][ C1] ? nmi_handle+0x2a/0x5a0 [ 365.254895][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 365.254914][ C1] ? nmi_handle+0x14f/0x5a0 [ 365.254928][ C1] ? nmi_handle+0x2a/0x5a0 [ 365.254943][ C1] ? lock_release+0x185/0x9f0 [ 365.254962][ C1] ? default_do_nmi+0x63/0x160 [ 365.254980][ C1] ? exc_nmi+0x123/0x1f0 [ 365.254997][ C1] ? end_repeat_nmi+0xf/0x53 [ 365.255015][ C1] ? debug_object_activate+0x3e4/0x510 [ 365.255041][ C1] ? lock_release+0xb0/0x9f0 [ 365.255060][ C1] ? lock_release+0x185/0x9f0 [ 365.255080][ C1] ? lock_release+0x185/0x9f0 [ 365.255100][ C1] ? lock_release+0x185/0x9f0 [ 365.255119][ C1] [ 365.255124][ C1] [ 365.255134][ C1] ? debug_object_activate+0x3e4/0x510 [ 365.255155][ C1] ? do_raw_spin_lock+0x14f/0x370 [ 365.255172][ C1] ? __pfx_lock_release+0x10/0x10 [ 365.255195][ C1] ? __pfx_debug_objects_fill_pool+0x10/0x10 [ 365.255222][ C1] _raw_spin_unlock_irqrestore+0x79/0x140 [ 365.255242][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 365.255266][ C1] debug_object_activate+0x3e4/0x510 [ 365.255293][ C1] ? __pfx_debug_object_activate+0x10/0x10 [ 365.255315][ C1] ? advance_sched+0xa02/0xca0 [ 365.255334][ C1] ? _raw_spin_lock_irq+0xdf/0x120 [ 365.255351][ C1] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 365.255370][ C1] enqueue_hrtimer+0x30/0x3c0 [ 365.255391][ C1] __hrtimer_run_queues+0x6cb/0xd50 [ 365.255408][ C1] ? ktime_get_update_offsets_now+0x3c/0x250 [ 365.255439][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 365.255457][ C1] ? ktime_get_update_offsets_now+0x22d/0x250 [ 365.255483][ C1] hrtimer_interrupt+0x396/0x990 [ 365.255513][ C1] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 365.255539][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 365.255560][ C1] [ 365.255565][ C1] [ 365.255571][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 365.255589][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140 [ 365.255608][ C1] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 1e 5d 5e f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 03 a1 c6 f5 65 8b 05 64 e0 67 74 85 c0 74 43 48 c7 04 24 0e 36 [ 365.255620][ C1] RSP: 0018:ffffc90013acf8c0 EFLAGS: 00000206 [ 365.255634][ C1] RAX: b1c67cff3dc46300 RBX: 1ffff92002759f1c RCX: ffffffff947f6803 [ 365.255646][ C1] RDX: dffffc0000000000 RSI: ffffffff8bcac900 RDI: 0000000000000001 [ 365.255657][ C1] RBP: ffffc90013acf958 R08: ffffffff8faf7eaf R09: 1ffffffff1f5efd5 [ 365.255669][ C1] R10: dffffc0000000000 R11: fffffbfff1f5efd6 R12: dffffc0000000000 [ 365.255681][ C1] R13: 1ffff92002759f18 R14: ffffc90013acf8e0 R15: 0000000000000246 [ 365.255703][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 365.255723][ C1] ? __wake_up_locked_key+0xe8/0x160 [ 365.255746][ C1] timerfd_clock_was_set+0x1e0/0x2f0 [ 365.255762][ C1] ? timerfd_clock_was_set+0x31/0x2f0 [ 365.255781][ C1] clock_was_set+0x78e/0x810 [ 365.255801][ C1] ? __pfx_clock_was_set+0x10/0x10 [ 365.255816][ C1] ? __asan_memcpy+0x40/0x70 [ 365.255832][ C1] ? timekeeping_update+0x3e5/0x450 [ 365.255853][ C1] ? do_adjtimex+0x515/0xab0 [ 365.255878][ C1] timekeeping_inject_offset+0x4e8/0x580 [ 365.255899][ C1] ? do_adjtimex+0x515/0xab0 [ 365.255922][ C1] ? __pfx_timekeeping_inject_offset+0x10/0x10 [ 365.255942][ C1] ? llc_conn_ev_rx_disc_cmd_pbit_set_x+0x5d/0x150 [ 365.255962][ C1] ? __pfx_add_device_randomness+0x10/0x10 [ 365.255980][ C1] ? security_capable+0x90/0xb0 [ 365.256002][ C1] do_adjtimex+0x515/0xab0 [ 365.256026][ C1] ? __pfx_do_adjtimex+0x10/0x10 [ 365.256047][ C1] ? __pfx___might_resched+0x10/0x10 [ 365.256066][ C1] ? __might_fault+0xaa/0x120 [ 365.256087][ C1] ? __pfx_lock_release+0x10/0x10 [ 365.256112][ C1] ? __might_fault+0xc6/0x120 [ 365.256137][ C1] __x64_sys_clock_adjtime+0x1e1/0x290 [ 365.256160][ C1] ? __pfx___x64_sys_clock_adjtime+0x10/0x10 [ 365.256195][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 365.256216][ C1] ? do_syscall_64+0x100/0x230 [ 365.256239][ C1] ? do_syscall_64+0xb6/0x230 [ 365.256263][ C1] do_syscall_64+0xf3/0x230 [ 365.256285][ C1] ? clear_bhb_loop+0x35/0x90 [ 365.256304][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 365.256321][ C1] RIP: 0033:0x7f48ea775f19 [ 365.256343][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 365.256356][ C1] RSP: 002b:00007f48eb5bd048 EFLAGS: 00000246 ORIG_RAX: 0000000000000131 [ 365.256372][ C1] RAX: ffffffffffffffda RBX: 00007f48ea904038 RCX: 00007f48ea775f19 [ 365.256383][ C1] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 365.256394][ C1] RBP: 00007f48ea7e4bcd R08: 0000000000000000 R09: 0000000000000000 [ 365.256404][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 365.256413][ C1] R13: 000000000000006e R14: 00007f48ea904038 R15: 00007ffed4e88ed8 [ 365.256433][ C1] [ 365.256548][ C0] rcu: rcu_preempt kthread starved for 10495 jiffies! g33289 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 365.256571][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 365.256581][ C0] rcu: RCU grace-period kthread stack dump: [ 365.256588][ C0] task:rcu_preempt state:R running task stack:24912 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 365.256625][ C0] Call Trace: [ 365.256631][ C0] [ 365.256643][ C0] __schedule+0x1800/0x4a60 [ 365.256687][ C0] ? __pfx___schedule+0x10/0x10 [ 365.256712][ C0] ? __pfx_lock_release+0x10/0x10 [ 365.256732][ C0] ? __asan_memset+0x23/0x50 [ 365.256756][ C0] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 365.256779][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 365.256805][ C0] ? schedule+0x90/0x320 [ 365.256825][ C0] schedule+0x14b/0x320 [ 365.256848][ C0] schedule_timeout+0x1be/0x310 [ 365.256867][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 365.256887][ C0] ? __pfx_process_timeout+0x10/0x10 [ 365.256919][ C0] ? prepare_to_swait_event+0x32e/0x350 [ 365.256947][ C0] rcu_gp_fqs_loop+0x2df/0x1330 [ 365.256970][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 365.257007][ C0] ? __pfx_dyntick_save_progress_counter+0x10/0x10 [ 365.257032][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 365.257054][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 365.257081][ C0] ? finish_swait+0xd4/0x1e0 [ 365.257106][ C0] rcu_gp_kthread+0xa7/0x3b0 [ 365.257139][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 365.257160][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 365.257185][ C0] ? __kthread_parkme+0x169/0x1d0 [ 365.257212][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 365.257236][ C0] kthread+0x2f0/0x390 [ 365.257260][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 365.257283][ C0] ? __pfx_kthread+0x10/0x10 [ 365.257308][ C0] ret_from_fork+0x4b/0x80 [ 365.257331][ C0] ? __pfx_kthread+0x10/0x10 [ 365.257356][ C0] ret_from_fork_asm+0x1a/0x30 [ 365.257396][ C0] [ 365.257403][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 365.257411][ C0] CPU: 0 UID: 0 PID: 35 Comm: kworker/u8:2 Not tainted 6.10.0-rc6-next-20240702-syzkaller #0 [ 365.257430][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 365.257441][ C0] Workqueue: events_unbound toggle_allocation_gate [ 365.257462][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x37/0x70 [ 365.257487][ C0] Code: 40 d7 03 00 65 8b 15 50 54 70 7e f7 c2 00 01 ff 00 74 11 f7 c2 00 01 00 00 74 35 83 b9 1c 16 00 00 00 74 2c 8b 91 f8 15 00 00 <83> fa 02 75 21 48 8b 91 00 16 00 00 48 8b 32 48 8d 7e 01 8b 89 fc [ 365.257501][ C0] RSP: 0018:ffffc90000ab76f8 EFLAGS: 00000246 [ 365.257516][ C0] RAX: ffffffff81877428 RBX: 1ffff110172a88f9 RCX: ffff88801aecbc00 [ 365.257530][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 365.257541][ C0] RBP: ffffc90000ab78e0 R08: ffffffff818773f7 R09: 1ffffffff26024f0 [ 365.257554][ C0] R10: dffffc0000000000 R11: fffffbfff26024f1 R12: dffffc0000000000 [ 365.257568][ C0] R13: ffff8880b95447c8 R14: ffff8880b943fb80 R15: 0000000000000001 [ 365.257581][ C0] FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 365.257597][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 365.257610][ C0] CR2: 00007f96887b7000 CR3: 000000000e132000 CR4: 00000000003506f0 [ 365.257625][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 365.257636][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 365.257647][ C0] Call Trace: [ 365.257653][ C0] [ 365.257660][ C0] ? rcu_check_gp_kthread_starvation+0x278/0x310 [ 365.257691][ C0] ? print_other_cpu_stall+0x147a/0x15b0 [ 365.257730][ C0] ? __pfx_print_other_cpu_stall+0x10/0x10 [ 365.257753][ C0] ? __pfx_lock_release+0x10/0x10 [ 365.257788][ C0] ? kvm_check_and_clear_guest_paused+0x6a/0xd0 [ 365.257812][ C0] ? rcu_sched_clock_irq+0xa1c/0x10c0 [ 365.257848][ C0] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 365.257874][ C0] ? hrtimer_run_queues+0x16c/0x460 [ 365.257894][ C0] ? acct_account_cputime+0x207/0x210 [ 365.257922][ C0] ? update_process_times+0x1ce/0x230 [ 365.257949][ C0] ? tick_nohz_handler+0x37c/0x500 [ 365.257974][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 365.257997][ C0] ? __hrtimer_run_queues+0x551/0xd50 [ 365.258017][ C0] ? ktime_get_update_offsets_now+0x3c/0x250 [ 365.258058][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 365.258080][ C0] ? ktime_get_update_offsets_now+0x22d/0x250 [ 365.258111][ C0] ? hrtimer_interrupt+0x396/0x990 [ 365.258160][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 365.258189][ C0] ? sysvec_apic_timer_interrupt+0xa1/0xc0 [ 365.258212][ C0] [ 365.258218][ C0] [ 365.258225][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 365.258252][ C0] ? smp_call_function_many_cond+0x1847/0x29d0 [ 365.258271][ C0] ? smp_call_function_many_cond+0x1878/0x29d0 [ 365.258293][ C0] ? __sanitizer_cov_trace_pc+0x37/0x70 [ 365.258319][ C0] smp_call_function_many_cond+0x1878/0x29d0 [ 365.258342][ C0] ? kmem_cache_alloc_bulk_noprof+0x146/0x770 [ 365.258373][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 365.258393][ C0] ? kmem_cache_alloc_bulk_noprof+0x146/0x770 [ 365.258436][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 365.258456][ C0] ? __pfx___might_resched+0x10/0x10 [ 365.258475][ C0] ? __mutex_trylock_common+0x183/0x2e0 [ 365.258503][ C0] ? __pfx___might_resched+0x10/0x10 [ 365.258528][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 365.258550][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 365.258572][ C0] text_poke_bp_batch+0x352/0xb30 [ 365.258605][ C0] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 365.258627][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 365.258654][ C0] ? arch_jump_label_transform_queue+0x9b/0x100 [ 365.258686][ C0] text_poke_finish+0x30/0x50 [ 365.258706][ C0] arch_jump_label_transform_apply+0x1c/0x30 [ 365.258728][ C0] static_key_enable_cpuslocked+0x136/0x260 [ 365.258756][ C0] static_key_enable+0x1a/0x20 [ 365.258779][ C0] toggle_allocation_gate+0xb5/0x250 [ 365.258801][ C0] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 365.258824][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 365.258860][ C0] ? process_scheduled_works+0x945/0x1830 [ 365.258881][ C0] process_scheduled_works+0xa2c/0x1830 [ 365.258930][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 365.258962][ C0] ? assign_work+0x364/0x3d0 [ 365.258989][ C0] worker_thread+0x86d/0xd40 [ 365.259026][ C0] ? __kthread_parkme+0x169/0x1d0 [ 365.259053][ C0] ? __pfx_worker_thread+0x10/0x10 [ 365.259075][ C0] kthread+0x2f0/0x390 [ 365.259099][ C0] ? __pfx_worker_thread+0x10/0x10 [ 365.259120][ C0] ? __pfx_kthread+0x10/0x10 [ 365.259150][ C0] ret_from_fork+0x4b/0x80 [ 365.259172][ C0] ? __pfx_kthread+0x10/0x10 [ 365.259197][ C0] ret_from_fork_asm+0x1a/0x30 [ 365.259236][ C0]