last executing test programs: 6.881334279s ago: executing program 3 (id=4942): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {0x7a}, [{0x78, 0x1, [@m_police={0x74, 0x1, 0x0, 0x0, {{0xb}, {0x48, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x10000000}}, @TCA_POLICE_RESULT={0x8, 0x5, 0x1}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x8c}}, 0x0) 6.362022415s ago: executing program 3 (id=4947): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4018aee2, &(0x7f0000000040)) 6.222475126s ago: executing program 3 (id=4949): syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) 5.301202707s ago: executing program 3 (id=4962): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file2\x00', 0x10050, &(0x7f0000000700)={[{@orlov}, {@usrjquota}, {@noblock_validity}, {@norecovery}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x4}}, {@nomblk_io_submit}]}, 0x3, 0x546, &(0x7f0000000180)="$eJzs3dFrZFcZAPDv3mR2s7upmaoPtWAttrJbdSdJ47bBh6og+lRQKz4Ja0wmIWSSWZJJuwmLTfFVEES04Is++SL4BwjSF99FKNR3UVGkZvVBoe2VO3Onm0xmkhRncpfk94Oz9557Zu73nQlz5tyZu/cGcGE9GRE3ImIsIp6JiKlie1qU2OuU/HH39+8t5iWJLHvp7SSSYlt3X5eL5bXiaRMR8Y2vRnw3ORp3a2d3baHRqG8W9enWevJOlu3eXF1fWKmv1Dfm5mafm39+/tb8zFD6WY2IF77815/88JdfeeG3n33lT7f/fuN7eVr/zbJXo6cfw9TpeqX9WnSNR8TmKIKVZLzdw45bJecCAMDx8vn+hyPik+35/1SMtWdzAAAAwHmSfWEy3kkiMgAAAODcSiNiMpK0VpzvO1mcsXotIj4aV9NGc6v1meXm9sZS3hZRjUq6vNqoz8RE+9yBalSSvD5bnGPbrT/bU5+LiEcj4sdTV9r12mKzsVT2lx8AAABwQVzrOf7/91Sa1mpF417JyQEAAADDUy07AQAAAGDkHP8DAADA+VfN+tyh66h09JkAAAAAI/C1F1/MS9a9//XSyzvba82Xby7Vt9Zq69uLtcXm5p3aSrO50r5m3/pJ+2s0m3c+Fxvbd6db9a3W9NbO7u315vZG6/bqoVtgAwAAAGfo0U+88cckIvY+f6VdcpeKtkpENnbwweNlZAiMygc6p+cvo8sDOHsHP9+vlJgHcPZM6eHiqpSdAFC6k/4D0MCTd34//FwAAIDRuP6xwb//v71camrAiBW//yenugAIcK6MlZ0AUJrO73/vZR1lZwOcpcpxMwAHBXDupcP5/f+EUwkTAwoAAJRssl2StFYcB0xGmtZqEY+0bwtYSZZXG/WZiPhQRLw1Vbmc12fbz0zM5gEAAAAAAAAAAAAAAAAAAAAAAADglLIsiQwAAAA41yLSv3XvzHV96unJ3u8HLiX/mWovI+KVn73007sLrdbmbL79n+9vb71ebH+2jG8wAAAAgF7d4/TucTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNP9/XuL97Msy/bvLZ5l3H98KSKqRfyidFrGY6K9nIhKRFz9VxLjB56XRMTYEOLvvRYRj/WLn+RpRbXI4lD8SxFpRFwZVvz4gPGjE//aEOLDRfZGPv58sd/7L40n28v+77/xovy/Bo9/6fvj39iA8e+RQTutHK4+/uavpwfGfy3i8fH+4083fpLvr0/8p07Zx+98c3d3UFv2i4jr/ca/5HCs6db6nemtnd2bq+sLK/WV+sbc3Oxz88/P35qfmV5ebdSLf/vG+NHHf/Peg9q7R/p/9Zjxt93/Aa//06fs/7tv3t3/SGe15y8Tlfh5lt14qv/f/7F88emj8buffZ8qPgfyev4apq9/q2/8J371hycG5Zb3f2lA/yd6+n+5p/83Ttn/Z77+/T+f8qEAwBnY2tldW2g06ptWDq5E9aFI4+FdyeedpaeRRBL5yluHmhbKT6yz8mrxHltodN9tQ9rz74qDo1EmX9J4BAAAjM6DSX9vS1JOQgAAAAAAAAAAAAAAAAAAAHABnXgZsEFNaUQ82PLtHxxzNbLemHvldBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Fj/CwAA//8GI9aV") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) getdents64(r0, 0xfffffffffffffffe, 0x29) 4.789758522s ago: executing program 3 (id=4970): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001a80)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="07060000000000010000270000000a0001"], 0x20}}, 0x0) 4.213270691s ago: executing program 3 (id=4981): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}}, 0x0) 3.888475457s ago: executing program 4 (id=4987): accept(0xffffffffffffffff, 0x0, 0x0) r0 = openat$binfmt_format(0xffffff9c, &(0x7f0000000000)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0) capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb}) ioctl$FIBMAP(r0, 0x1, 0x0) 3.741143549s ago: executing program 4 (id=4988): r0 = socket(0x1e, 0x4, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000480), 0x4) recvmmsg(r0, &(0x7f0000006000)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000007c0)=""/242, 0xf2}], 0x1, &(0x7f00000004c0)=""/75, 0x4b}}], 0x1, 0x0, 0x0) sendmsg$tipc(r0, &(0x7f0000000200)={&(0x7f0000000c00)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x4}}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000380)='[', 0x1}], 0x1}, 0x80) 3.417410765s ago: executing program 4 (id=4989): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000500)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x2b}]}, 0x24}}, 0x0) 3.078329093s ago: executing program 4 (id=4990): syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000080)='./bus/file0\x00', 0x41, &(0x7f0000000b80)={[{@grpjquota}, {@noload}, {@abort}, {@grpjquota}, {@bsdgroups}, {@usrjquota}, {@min_batch_time={'min_batch_time', 0x3d, 0xb}}, {@noload}, {@noload}, {@resuid}, {@usrquota}, {@init_itable_val={'init_itable', 0x3d, 0x2}}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV") timer_create(0x3, 0x0, &(0x7f0000bbdffc)) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) timer_settime(0x0, 0x1, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) 2.156688748s ago: executing program 4 (id=5005): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 1.751632584s ago: executing program 2 (id=5009): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x12, 0x2b, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r1}, &(0x7f0000000440), &(0x7f0000000480)=r0}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000000c0)={r1, &(0x7f0000000180)}, 0x20) 1.620559915s ago: executing program 2 (id=5011): syz_mount_image$jfs(&(0x7f0000005dc0), &(0x7f0000005e00)='./file0\x00', 0x0, &(0x7f0000000080)={[{@iocharset={'iocharset', 0x3d, 'iso8859-2'}}, {}, {@uid}, {}, {@noquota}, {@quota}, {@uid}]}, 0x1, 0x5ed3, &(0x7f0000011c00)="$eJzs3UuPFNfZB/CnL9Nz4TWMLL2WhbIYY+dCMDBcDLnb3iRSVpEiNlmBxmMLBScRkCi2UBhrFvkGUbJIlOyzyifIHj6EF1kGCZKNV6moZs6BmqKHHgLT1TPn95OGqqdOVfcp/l3T3dNVfQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiB9+/8fnehFx9VdpwXLE/8Ugoh+xWNcrEbG4spzXH0bE67HVHK/Vq89H1Ntv/XMs4mJE3D8a8fDRnbV68fk99uPfR/7/2D//+oPTv//b7+6d/OOpt9vtf1r/x72f3E33BQAAADyXqqqqXnqbfzy9v+933SkAYCry83+V5OVqtVqtVqsPX91UjXe3WUTERnOb+jXD3XE3BgDMro34ousu0CH5F20YEUe67gQw05x3fzg9fHRnrZfy7TWfD1a22/O5IDvy3+g9vr5jt+kk7XNMpvX42oxBvLpLfxan1IdZkvPvt/O/ut0+Suvtd/7Tslv+o+1Ln4qT8x+08285PPn3x+Zfqpz/8LnyH8gfAAAAAABmWP77/3LHn//Ov/iu7MmzPv9dmVIfAAAAAAAAAOBle9Hx/x4z/h8AAADMrPq9eu3PR58s2+09dr38Si/ildb6QGHSxTJLXfcDAAAAAAAAAAAAAEoy3D6H90ovYi4iXllaqqqq/mlq18/rRbc/6ErffyhZ17/kAQBg2/2jrWv5exELEXElfdff3NLSUlUtLC5VS9XifH49O5pfqBYb72vztF42P9rDC+LhqKpvbKGxXdOk98uT2tu3V9/XqBrsoWPT0WHgABAR289GDz0jHTJVdSy6fpXDweD4P3wc/+xF149TAAAAYP9VVVX10td5H0+f+fe77hQAMBX5+b/9uYBarVar1erDVzdV491tFhGx0dymfs1wd9yNAQCzayO+6LoLdEj+RRtGxOtddwKYab2uO8C+ePjozlov5dtrPh+k8d3zuSA78t/obW2Xtx83naR9jsm0Hl+bMYhXd+nPa1PqwyzJ+ffb+V/dbh+l9fY7/2nZLf96P5c76E/Xcv6Ddv4thyf//tj8S5XzHz5X/gP5AwAAAADADMt//1/2+W/eZQAAAAAAAAA4cB4+urOWr3vNn/9/acx6rv88nHL+PfkXKeffb+X/tdZ6g8b8g/ef5P+vR3fWfvSHz4/n6V7zn88zvfTI6qVHRC/dU2+Ypi+yd0/bnBuM6nua6/UHw3TOTzX3YVyPG7EeqzvW7af/jyft53a01z2d29F+fkf78Kn2Czva59L3DlSLuf1MrMXP40Z8sNVet81P2P+FCe3VhPac/8DxX6Sc/7DxU+e/lNp7rWntwWf9p4775nTc/bz323v3V/d/dybajMHjfWuq9+9EB/3Z+j85Mopf3lq/eebX127fvnku0mTH0vORJi9Zzn8u/Tz+/f/mdnv+vd88Xh98Nnru/GfFZgx3zf/Nxny9vyen3Lcu5PxH6Sfn/0FqH3/8H+T8dz/+T3XQHwAAAAAAAAAAAAAAAHiWqqq2LhF9LyIupet/uro2EwCYrvz8XyV5uVqtVqvV6sNXN1XjvdssIuLvzW3q1wy/GXdjAMAs+09EfN51J+iM/AuWv++vnr7VdWeAqbr1yac/vXbjxvrNW133BAAAAAAAAAD4X+XxP1ca4z+/FRHLrfV2jP/6fqy86PifwzzzeIDRlzzQ9y42+6NBvzHc+Bvx7PG/T8Szx/8eTri/uQntownt8xPaFya0j73QoyHn/0ZjvPM6/+Ot4ddLGP+1PeZ9CXL+JxqP5zr/r7bWa+Zf/eUg59/fkf/Z2x//4uytTz49ff3jax+tf7T+s4urq5cuXH5n9fLq2Q+v31hP/3bY4/2V889jXzsPtCw5/5y5/MuS8/9yquVflpz/V1It/7Lk/PPrPfmXJeef3/vIvyw5/5Opln9Zcv5fT7X8y5LzP5Vq+Zcl5/92quVflpz/6VTLvyw5/zOpln9Zcv5nUy3/suT88ydc8i9Lzj+f2SD/suT8z6da/mXJ+V9ItfzLkvO/mGr5lyXn/06q5V+WnP+lVMu/LDn/y6mWf1ly/t9ItfzLkvP/ZqrlX5ac/7dSLf+y5Py/neqJ+S9Op19MR87/O6l2/Jcl5//dVMu/LDn/76Va/mXJ+b+bavmX5cn3/5sxY8ZMnun6NxMAAAAAAAAAAAAA0DaN04m73kcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/7IDBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzda4xc5X0G8LM3e20S2CZAXEJgbRwwsLDrO07rYC5pKIQ2TSBt04vj2mvj4Fu9drgICUekBamoRWo+kA9NSIpUvlRBSVRRNY0cqVUiJVL4lFZqS6ggFUpD66T9kFQhW82c9313Zjy7sz6za2bO+f0k/PfOnJl5Z+ad2X3WPLsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI3W3jb9+ECWZbX/6n+MZdlban9fNT5W+3D9e97sFQIAAADdeqP+55mL0gm7FnGhhmO+ccV3vjI7OzubvfT9a9/x6dnZdMZ4lo2tzLL6edFrd//d+sZjgsey0YHBho8HO9z8UIfzhzucP9Lh/BUdzl/Z4fzRDufPdrqCbFX+/Zj6la2v/3Usf0izi7OR+nnr21zqsYGVg4Pxezl1A/XLzI7szw5mh7LpbKrp+PzYgfrxX11bu607snhbgw23dXlth/zokb1xDQPhMV7fdFtz1xm9fks2/uMfPbL3g595+bJ2s9Oj0Hx9+To3rKut81PhlHytA9nK9JjEdQ42rPPyNs/JUNM6B+qXq/29dZ1nFrnOobllnletz/loNlj/+4v1x2m48dt66XG6PJz2k6uyLDs1t+zWY866rWwwW910yuDc8zOa78jaddS20tuy4XPap2sXsU9rc9/65n3a+pqIz//acLnhedbQ+DS9/skVZz3v57pPo9q9nu+10roHl/q10it7MO6LF+t3+om2e3B9uP+PXD3/Hmy7d9rswXS/G/bguk57cHDFUH3N6UkYqF9mbg9ubDp+qH5LA/X52tUL78HJE4ePTc489PANBw/vOTB9YPrIlqmpbZu3b53aPjW5/+Ch6fBnwUe7963OBtNrYF147OJr4JqWYxu36uznl+51OLrA63Cs5dilfh0Ot965gfPzgjx7T+evjXtqD/rok4PZPK+x+vNzXfevw3S/G16Hww2vw7afU9q8DocX8TqsHXPsusV9zTLc8F+7NSzX54Kxhj3Y+vVI6x5c6q9HemUPjoZ98a/Xzf+54PKw3icmzvXrkaGz9mC6u+G9p3ZK+np/9Kb6aLcvL6udccGK7OTM9PEbH9xz4sTxjVkY58XbG/ZK635d3XCfsrP26+A579ddj3/r25e1OX0sPFajN9T+GJ33uaods+XGhZ+r+me39o9n06mbsjCW2Pl+PNt9Nq89nilLLvB41o751GT3X4unWNnw/jsyz/tvzP0/r9/O+nRVjw2NDOev36H06Iw0vR83P1XD9feugfptn5lc3PvxSPjvfL8fX7zA+/GalmOX+v14pPXOxffjgU7f7ehO6/M5GvbJoamF349rx6zZdK57cnjB9+OrwhwIj/+1ISmkXNSwd+bbt+m2hodHwv0ajrfQvE83Nx0/ErJZ7bae21Rsn264Kr+uoXTv5pyvfTrecuxS79P0fjXfPh3o9N23Ylqfz9GwLy7evPA+rR1zekv3752r4l8b3jtXdNqDI0MramseSZswf7+fXRX34I3Z3uxodijbVz93RX0/DdRva2Lr4vbgivDf+X6vXLPAHtzQcuxS78H0eWy+vTcwfPadXwKtz+do2BdPb114D9aOuX370n7tuiGcko5p+Nq19ftr833P67KWh2k5v+dVW+c/bF/4e7O1Yw7ddK45c+HH6fpwygVtHqfW1+98r6l92fl5nNaEdf7wpvkfp9p6asd8esci99OuLMu+fNeu+vd7w7+vfOnkd7/S9O8uu/LzXtgxd11nfdXR7t99vnzXrtP/fOdPz+U+AtDbfl7/c/3q/HNdw79MLebf/wEAAIC+EHP/YJiJ/A8AAAClEXN//L/CE/kfAAAASiPm/uEwk4rk/yf+7ZL7f/Zolpr5s0E8Pz4Mx17Jj4sd12fCx+Ozc2qn3/rsP37ro48u7rYHsyz72Z3/0vb4J16J68o9FdY5/r3m08+y5nuLuv2P3Tt3XGMHcCxcf7w/rdvgq//9Sv1y4zvyefrO0/X5oVNPPFY7/8yO/OPYnXztf/Lj/iKUeXft/3rT5Te8lN/e+pcWvl/xcl/8wKq73vmRuduLlxtYd2H9bjz93vx648+9eeq2/Pgz4bj51v/3f/LcF2vHP/ju9ut/dLD9+l8L1/tqmD99Iz+98TGtfRwv90dh/fH24uVu/MLX2q7/+ffnxz8fnpdnwmxd/y1/9q43Gh+vuP54O7tezi8Xb3/qb/6jfrl4ffH6W9c/evMrTY9H6/Wf/lJ+PTs/8b9DjcfH0+PtpH33cvPzXLuexv0WPffHp5se5+zf88v9bcv64/Ude7n9+q9vWeexjavrl5+vMv7Z6Vfb3t+4nl1//WLT/Xn+B+Hxu/Xu+vWO/iTsx3D+/z2VX1/rT0t48QfN7yfx+GfG8tdlvL7JlvU/1bL+U1fWHrvO67/jx/n6n7/5G83Px3/m69j1ej47rf/A577TdPnPfzd/Po4/MHHk6MzJg7FDPRZ+9s+x7+fXt3J01eoL3vLWCy8K75WtH+8+euK+6ePjU+NTWTbehz8Sb7nX/4Uw/ysfp5b6+h/JsuyBhs9r170v33/ZFWf+9Mo7nr0vHvdPt+enP3lX/nnrmnDcU+H0U+H5jtfz2c/knw+7XX+8nflmWu8infzm49sWdWC4/0+vvbT+Khs4nZ/c+n5VVHydv3xJ8+v+pXvy+UJ4XGfDT2Zed+k368e13n782QhPfjh/fcev5OLlu13/X4Xn++5X8+uP15vWG76O+dqa5vfH+Py88GjLTxoYy3+Kx6nw/pGdys+PR8WvqZ48c+m5LHNeMw/NTB46eOTkg5MnpmdOTM489PDuw0dPHjmxu/6zOXd/vNPl517fq+uv733T27Zk9Vf70Xwsszd7/cfu3btv+9TV+6b37zm5/8S9x6aPH9g7M7N3et/M1Xv2759+oNPlD+7buXHTjs3bN00cOLhv5007dmzeMXHwyNHaMvJFdbBt6v6JI8d31y8ys3PLjo1bt26Zmjh8dN/0zu1TUxMnO12+/rlponbpT0wcnz6058TBw9MTMwcfnt65cce2bZs6/nS/w8f2z4xPHj95ZPLkzPTxyfy+jJ+on1z73Nfp8lAz87lVbT9PDYSv3jdevy39fNaaZz8571Xlh7T8ANEfhp9F8+2//POti/k45v6RMJOK5H8AAACogpj7V4SZyP8AAABQGjH3rwwzkf8BAACgNGLuHw0zqUj+1//X/69a/39E/1//Pz4f+v9LQv9f/78I/X/9/35Yv/6//j/d67X+f8z9q7KskvkfAAAAqiDm/tVhJvI/AAAAlEbM/ReEmcj/AAAAUBox978lzKQi+V//vz/7/0PhMdf/9/v/9f87r1//f3np/+v/F6H/r//fD+vX/9f/p3u91v+Puf+tYSYVyf8AAABQBTH3XxhmIv8DAABAacTcf1GYifwPAAAApRFz/1iYSUXyv/5/f/b//f5//X/9f/3/XqH/r/9fhP6//n8/rF//X/+f7vVa/z/m/l8IM6lI/gcAAIAqiLn/bWEm8j8AAACURsz9bw8zkf8BAACgNGLuvzjMpCL5X/9f/1//X/8/0v/X/y9C/1//vwj9f/3/fli//r/+P93rtf5/zP2XhJlUJP8DAABAFcTcf2mYifwPAAAApRFz/zvCTOR/AAAAKI2Y+9eEmVQk/+v/6//r/+v/R/r/+v9F6P/r/xeh/6//3w/r1//X/6d7vdb/j7n/F8NMKpL/AQAAoApi7r8szET+BwAAgNKIuf+dYSbyPwAAAJRGzP2Xh5lUJP/r/+v/6//r/0f6//r/Rej/6/8Xof+v/98P69f/1/+ne73W/4+5/11hJhXJ/wAAAFAFMfdfEWYyf/7/+vKvCgAAAFhKMfdfGWbi3/8BAACgNGLuHw8zqUj+1//X/++5/v+4/r/+v/5/P9H/1/8vQv9f/78f1q//r/9P93qt/x9z/9owk4rkfwAAAKiCmPvXhZnI/wAAAFAaMfdfFWYi/wMAAEBpxNy/PsykIvlf/1//v+f6/37/v/6//n9f0f/X/y9C/1//vx/Wr/+v/0/3eq3/H3P/u8NMKpL/AQAAoApi7r86zET+BwAAgNKIuf+aMBP5HwAAAEoj5v4NYSYVyf/6//r/+v/6/5H+v/5/Efr/+v9F6P/r//fD+vX/9f/pXq/1/2PuvzbMpCL5HwAAAKog5v7rwkzkfwAAACiNmPuvDzOR/wEAAKA0Yu6fCDOpSP7X/y95//+N2dlZ/X/9f/1//f9lpP+v/1+E/r/+fz+sX/9f/5/u9Vr/P+b+G8JMKpL/AQAAoApi7r8xzET+BwAAgNKIuX8yzET+BwAAgNKIuX8qzKQi+V//v7/7/1nm9//r/+v/d1q//v/y0v/X/y9C/1//vx/Wr/+v/0/3eq3/H3P/xjCTiuR/AAAAqIKY+zeFmcj/AAAAUBox928OM5H/AQAAoDRi7t8SZlKR/K//39/9/46//1//X/9f/1//f5np/+v/F6H/r//fD+vX/9f/p3u91v+PuX9rmElF8j8AAABUQcz928JM5H8AAAAojZj7t4eZyP8AAABQGjH33xRmUpH8r/+v/6//r/8f6f/r/xeh/6//X4T+v/5/P6xf/1//n+71Wv8/5v4dYSYVyf8AAABQBTH3vyfMRP4HAACA0oi5/5fCTOR/AAAAKI2Y+385zKQi+V//X/9f/3+x/f9TZ12//v957f+vzPT/e5L+v/5/Efr/+v/9sH79f/1/utdr/f+Y+3eGmVQk/wMAAEAVxNz/3jAT+R8AAABKI+b+m8NM5H8AAAAojZj7d4WZVCT/6//r/+v/+/3/UY/3//3+/x6l/6//X4T+v/5/P6xf/1//n+71Wv8/5v5bwkwqkv8BAACgCmLuvzXMRP4HAACA0oi5/7YwE/kfAAAASiPm/tvDTCqS//X/9f/1//X/I/1//f8i9P/1/4vQ/9f/74f1H1uR6f/r/9OlXuv/x9z/vjCTiuR/AAAAqIKY+38lzET+BwAAgNKIuf/9YSbyPwAAAJRGzP13hJlUJP/r/y9t/3+V/r/+v/6//r/+/5LS/9f/z/T/C3uz+/P9vn6//1//n+71Wv8/5v5fDTOpSP4HAACAKoi5/84wE/kfAAAASiPm/rvCTOR/AAAAKI2Y+z8QZlKR/K//7/f/6//r/0f6/73Q/181z7PTu/T/9f+L0P/X/++H9ev/6//TvV7r/8fcf3eYSUXyPwAAAFRBzP2/FmYi/wMAAEBpxNz/62Em8j8AAACURsz9HwwzqUj+1//X/9f/1/+P9P97of8/z5PTw/T/9f+L0P/X/++H9ev/6//TvV7r/8fc/xthJhXJ/wAAAFAFMfd/KMxE/gcAAIDSiLn/w2Em8j8AAACURsz994SZVCT/6//r/+v/6/9H+v/6/0Xo/+v/F1GW/n98w9X/Xx5v9vr1//X/6V6v9f9j7r83zKQi+R8AAACqIOb+j4SZyP8AAABQGjH3/2aYifwPAAAApRFz/2+FmVQk/+v/6//r/+v/R/r/+v9F6P/r/xdRlv6/3/+/vN7s9ev/6//TvV7r/8fc/9thJhXJ/wAAAFAFMfd/NMxE/gcAAIDSiLn/d8JM5H8AAAAojZj7fzfMpCL5X/9f/1//X/8/0v/X/y9C/1//vwj9f/3/fli//r/+P93rtf5/zP2/F2ZSkfwPAAAAVRBz/++Hmcj/AAAAUBox9+8OM5H/AQAAoDRi7v9YmElF8r/+v/6//r/+f6T/r/9fhP6//n8R+v/6//2wfv1//X+612v9/5j794SZVCT/AwAAQBXE3P8HYSbyPwAAAJRGzP17w0zkfwAAACiNmPv3hZlUJP/r/+v/6//r/0f6//r/Rej/6/8Xof+v/98P669S/7/1c3Wm/88S6bX+f8z902EmFcn/AAAAUAUx9+8PM5H/AQAAoDRi7j8QZiL/AwAAQGnE3H9fmElF8r/+v/6//r/+f6T/r/9fhP6//n8R+v/6//2w/ir1/9vR/2cp9Fr/P+b+g2EmFcn/AAAAUAUx9388zET+BwAAgNKIuf/+MBP5HwAAAEoj5v5DYSYVyf/6//r/+v/6/5H+v/5/Efr/+v9F6P/r//fD+vX/9f/pXq/1/2PuPxxmUpH8DwAAAFUQc/+RMBP5HwAAAEoj5v6jYSbyPwAAAJRGzP3Hwkwqkv/1//X/W/v/A/r/+v8tp+v/5/T/29P/1/8vQv9f/78f1q//r/9P93qt/x9z/x+GmVQk/wMAAEAVxNx/PMxE/gcAAIDSiLl/JsxE/gcAAIDSiLn/RJhJRfK//r/+v9//r/8f6f/r/xeh/3+e+/+1Dar////s3VXP4EcVx/ElIWn6Hki45v1wCS8Ddy1a3Iu7u7u7Fne34m4JBHrOSZcsCztTsjNzPp+b0z5pmnl60eSXzTf/ov+/vKvdz+/+fv2//p95q/X/ufvvErc02f8AAADQQe7+u8Yt9j8AAAAcI3f/3eIW+x8AAACOkbv/7nFLk/2v/9f/6//1/0n/r/8fof/3/f8R+n/9/w7v1//r/5m3Wv+fu/8ecUuT/Q8AAAAd5O6/Z9xi/wMAAMAxcvffK26x/wEAAOAYufvvHbc02f/6f/3/zv3/HS/o//X///39+v//L/2//n+E/l//v8P79f/6f+at1v/n7r9P3NJk/wMAAEAHufvvG7fY/wAAAHCM3P33i1vsfwAAADhG7v77xy1N9r/+X/+/c//v+//6/y79/50u/eMl6P/1/yP0//r/Hd6v/9f/M2+1/j93/wPilib7HwAAADrI3f/AuMX+BwAAgGPk7n9Q3GL/AwAAwDFy9z84bmmy//X/+n/9v/4/6f/X7f9Xpv/X/4+Y6P8v+m+o/7+8q93P7/5+/b/+n3mr9f+5+x8StzTZ/wAAANBB7v6Hxi32PwAAABwjd/91cYv9DwAAAMfI3f+wuKXJ/tf/6//1//r/pP/X/4/Q/+v/R/j+v/5/h/fr//X/zFut/8/d//C4pcn+BwAAgA5y9z8ibrH/AQAA4Bi5+x8Zt9j/AAAAcIzc/Y+KW5rsf/2//l//r/9P+n/9/wj9v/5/hP5f/7/D+/X/+n/mrdb/5+5/dNzSZP8DAABAB7n7r49b7H8AAAA4xvUXLlzzz93/mH/9nf0PAAAAJ8rd/9i4pcn+1//r//X/+v+k/9f/j9D/6/9H6P/1/zu8X/+v/2feav1/7v7HxS1N9j8AAAB0kLv/8XGL/Q8AAADHyN3/hLjF/gcAAICt3XSL8it3/xPjlib7X/+v/9f/79n/3/6C/l//vwb9v/5/hP5f/7/D+/X/+n/mrdb/5+5/UtzSZP8DAABAB7n7nxy32P8AAABwjNz9T4lb7H8AAAA4Ru7+p8YtTfa//l//r//fs//3/X/9/yr0//r/Efp//f8O79f/6/+Zt1r/n7v/aXFLk/0PAAAAHeTuf3rcYv8DAADAMXL3PyNusf8BAADgGLn7b4hbmux//b/+X/+v/0/6f/3/CP2//n+E/l//v8P79f/6f+at1v/n7n9m3NJk/wMAAEAHufufFbfY/wAAAHCM3P3PjlvsfwAAADhG7v7nxC1N9r/+X/+v/9f/J/2//n+E/l//P0L/r//f4f36f/0/81br/3P3PzduabL/AQAAoIPc/c+LW+x/AAAAOEbu/ufHLfY/AAAAHCN3/wvilib7X/+v/9f/6/+T/l//P0L/r/8fof/X/+/wfv2//p95q/X/uftfGLc02f8AAADQQe7+F8Ut9j8AAAAcI3f/i+MW+x8AAACOkbv/JXFLk/2v/9f/6//1/0n/r/8fof/X/4/Q/w/0/7e9kpff7Gr387Ou9vv1//p/5q3W/+fuf2nc0mT/AwAAQAe5+18Wt9j/AAAAcIzc/S+PW+x/AAAAOEbu/lfELU32v/5f/798/3+t/l//r/9fmf5f/z9C/+/7/zu8X/+v/2feav1/7v5Xxi1N9j8AAAB0kLv/VXGL/Q8AAADHyN3/6rjF/gcAAIBj5O5/TdzSZP/r//X/y/f/vv+v/9f/L03/f9n+/w5/n3y//v/mf17/P+Zq9/O7v1//r/9n3mr9f+7+18YtTfY/AAAAdJC7/3Vxi/0PAAAAx8jd//q4xf4HAACAY+Tuf0Pc0mT/6//1//p//X/S/+v/R+j/ff9/hP5f/7/D+/X/+n/mrdb/5+5/Y9zSZP8DAABAB7n73xS32P8AAABwjNz9b45b7H8AAAA4Ru7+t8QtTfa//l//r//X/6cO/f+1t/i5/v/Wof/X/49Ysf+/8RI/0//r//X/+n/mrNb/5+5/a9zSZP8DAABAB7n73xa32P8AAABwjNz9b49b7H8AAAA4Ru7+d8QtTfa//l//r//X/6cO/b/v/9/69P/6/xEr9v+Xov/X/+v/9f/MWa3/z93/zrilyf4HAACADnL3vytusf8BAADgGLn73x232P8AAABwjNz974lbmux//b/+X/+v/0/6f/3/CP2//n+E/l//v8P79f/6f+at1v/n7n9v3NJk/wMAAEAHufvfF7fY/wAAAHCM3P3vj1vsfwAAADhG7v4PxC1N9r/+X/+v/9f/J/2//n+E/l//P0L/r//f4f36f/0/81br/3P3fzBuabL/AQAAoIPc/R+KW+x/AAAAOEbu/g/HLfY/AAAAHCN3/0filib7X/+v/9f/6/+T/l//P0L/r/8fof/X/+/w/n/r/2+IH+v/9f9cgdX6/9z9H41bmux/AAAA6CB3/8fiFvsfAAAAjpG7/+Nxi/0PAAAAx8jd/4m4pcn+1//r//X/+v+k/9f/j9D/6/9H6P/1/zu83/f/9f/MW63/z93/ybilyf4HAACADnL3fypusf8BAADgGLn7Px232P8AAABwjNz9n4lbmux//b/+X/+v/0/6f/3/CP2//n+E/l//v8P79f/6f+at1v/n7v9s3NJk/wMAAEAHufs/F7fY/wAAAHCM3P03xi32PwAAABwjd//n45Ym+1//r//X/+v/k/5f/z9C/6//H6H/1//v8H79v/6feav1/7n7vxC3NNn/AAAA0EHu/i/GLfY/AAAAHCN3/5fiFvsfAAAAjpG7/8txS5P9r//X/+v/9f9J/6//H6H/1/+P0P8v3f9fl3+h/9f/6/+ZtVr/n7v/K3FLk/0PAAAAHeTu/2rcYv8DAADAMXL3fy1usf8BAADgGLn7vx63NNn/+n/9v/5f/5/0//r/Efp//f8I/f/S/X/R/+v/9f/MWq3/z93/jbilyf4HAACADnL3fzNusf8BAADgGLn7vxW32P8AAABwjNz9345bmux//b/+X/+v/0/6f/3/CP2//n+E/l//v8P79f/6f+at1v/n7v9O3NJk/wMAAEAHufu/G7fY/wAAAHCM3P3fi1vsfwAAADhG7v7vxy1N9r/+X/+v/9f/J/2//n+E/l//P6JR/3/x/5L0/1u9X/+v/2feav1/7v4fxC1N9j8AAAB0kLv/h3GL/Q8AAADHyN3/o7jF/gcAAIBj5O7/cdzSZP/r//X/+n/9f9L/6/9H6P+79/93vt0V/DqlUf9/8b9Q/7/V+5fs/2+j/2cvq/X/uft/Erc02f8AAADQQe7+n8Yt9j8AAAAcI3f/TXGL/Q8AAADHyN3/s7ilyf7X/+v/9f/6/6T/1/+P0P937//H6P/1/zu8f8n+3/f/2cxq/X/u/p/HLU32PwAAAHSQu/8XcYv9DwAAAMfI3f/LuMX+BwAAgGPk7v9V3NJk/+v/9f/6f/1/0v/r/0fo//X/I/T/+v8d3q//1/8zb7X+P3f/r+OWJvsfAAAAOsjd/5u4xf4HAACAY+Tu/23cYv8DAADAMXL3/y5uabL/9f/6f/2//j/p//X/I/T/+v8R+n/9/w7v1//r/5m3Wv+fu//3cct/2P/X/E+/JQAAALCS3P1/iFua/Pk/AAAAdJC7/49xi/0PAAAAx8jd/6e4pcn+1//r//X/+v+k/9f/j9D/6/9H6P/1/zu8X/+v/2feav1/7v4/xy1N9j8AAAB0kLv/L3GL/Q8AAADHyN3/17jF/gcAAIBj5O7/W9zSZP/r//X/+n/9f9L/6/9H6P/1/yP0//r/Hd6v/9f/M2+1/j93/z8CAAD//wlxcUc=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000000), 0x0, 0x0, 0x0) 1.348159293s ago: executing program 4 (id=5016): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000600)={0x1c, &(0x7f0000000500)={0x0, 0xa, 0x2, "21e4"}, 0x0, 0x0}) 1.154569412s ago: executing program 1 (id=5019): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000004, 0x10012, r0, 0x0) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SG_SET_DEBUG(r1, 0x227e, 0x0) 1.112724408s ago: executing program 1 (id=5020): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) setreuid(0xee00, 0xee00) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) 1.051873634s ago: executing program 0 (id=5021): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r0, 0x26, &(0x7f0000000000)) fcntl$lock(r0, 0x26, &(0x7f0000000140)={0x1, 0x0, 0x3}) fcntl$lock(r0, 0x26, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7e3}) 1.011101174s ago: executing program 1 (id=5022): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0x14, 0x5, 0x0, 0x1, [@IFLA_BRPORT_PROXYARP={0x5}, @IFLA_BRPORT_BCAST_FLOOD={0x5}]}}}]}, 0x4c}}, 0x0) 972.86789ms ago: executing program 2 (id=5023): r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x29c780}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf) 941.923416ms ago: executing program 0 (id=5024): r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000340)=[{&(0x7f00000000c0)="390000001000111867090707a640400f0021ff3f30000000170a001700000000040037000900030001632564b758b9a64411f6bb744dc48f57", 0x39}], 0x1) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x51, &(0x7f0000000100)=[{&(0x7f00000006c0)="5c00000013006bcd9e3fe3dc6e48aa310b6b8703310000001f03000000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 877.570251ms ago: executing program 1 (id=5025): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002025252700000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x70000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 771.535175ms ago: executing program 1 (id=5026): r0 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f00000014c0)={0x11, 0x800, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) syz_emit_ethernet(0xfdef, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x42e2, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0x600, @empty}, {0x0, 0x0, 0x18, 0x0, @wg=@data}}}}}, 0x0) 640.111397ms ago: executing program 1 (id=5027): openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r1 = socket$inet6_sctp(0xa, 0x1, 0x84) mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 424.574185ms ago: executing program 0 (id=5028): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x2) syz_emit_ethernet(0x6e, &(0x7f0000000140)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x38, 0x6, 0x0, @dev, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xe, 0xc2, 0x0, 0x0, 0x0, {[@md5sig={0x13, 0x12, "231054ae47620b13b0c5a7a10f147909"}, @generic={0x0, 0x2}, @timestamp={0x8, 0xa, 0x0, 0x2}, @exp_smc={0xfe, 0x6}]}}}}}}}}, 0x0) 300.928838ms ago: executing program 0 (id=5029): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000140)=0x3) 218.114658ms ago: executing program 0 (id=5030): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000500)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000180)=[{&(0x7f0000000240)=""/52, 0x34}], 0x1, 0x0, 0x0) 184.251086ms ago: executing program 2 (id=5031): r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=@newqdisc={0xb8, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x88, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x2c, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0xfffffff7}]}, {0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x81}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0xffff}]}]}]}}]}, 0xb8}}, 0x0) 87.039194ms ago: executing program 0 (id=5032): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) semget(0x2, 0x0, 0x284) 86.407945ms ago: executing program 2 (id=5033): r0 = socket(0x21, 0x2, 0x10000000000002) sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000}, 0x5}], 0x1, 0x0) r1 = socket$rxrpc(0x21, 0x2, 0x2) bind$rxrpc(r1, &(0x7f0000000000)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x0, @multicast1}}, 0x24) 0s ago: executing program 2 (id=5034): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="38000000100001000100"/20, @ANYRES32=r2, @ANYBLOB="000000004001040014001680100001800c0004"], 0x38}}, 0x0) kernel console output (not intermixed with test programs): 82931][ T54] Bluetooth: hci3: command tx timeout [ 669.986734][T18410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 669.986755][T18410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 669.986773][T18410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 669.986788][T18410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 669.988114][T18410] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 670.011530][T18550] xt_hashlimit: size too large, truncated to 1048576 [ 670.015549][T18410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 670.058494][T18410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 670.068432][T18410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 670.079090][T18410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 670.089039][T18410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 670.099760][T18410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 670.109872][T18410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 670.124675][T18410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 670.134992][T18410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 670.145647][T18410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 670.155638][T18410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 670.166163][T18410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 670.177249][T18410] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 670.186991][T18410] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 670.196322][T18410] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 670.205080][T18410] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 670.214180][T18410] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 670.348317][ T2932] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 670.380878][ T2932] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 670.498240][ T2932] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 670.524830][T18551] loop0: detected capacity change from 0 to 2048 [ 670.572411][ T2932] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 670.633294][T18551] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 670.956873][ T5346] rc_core: IR keymap rc-hauppauge not found [ 670.963006][ T5346] Registered IR keymap rc-empty [ 670.968533][ T5346] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 671.000041][ T5346] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input35 [ 671.043133][ T5346] usb 5-1: USB disconnect, device number 29 acpid: input device has been disconnected, fd 3 [ 671.593516][T18562] loop2: detected capacity change from 0 to 32768 [ 671.608452][T18562] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.4287 (18562) [ 671.667321][T18562] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 671.691623][T18562] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 671.707240][T18562] BTRFS info (device loop2): using free-space-tree [ 671.894153][T18571] loop3: detected capacity change from 0 to 32768 [ 671.904516][T18366] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 671.914025][T18268] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 671.925664][T18571] XFS: ikeep mount option is deprecated. [ 672.000791][T18571] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 672.061505][ T54] Bluetooth: hci3: command tx timeout [ 672.156210][T18571] XFS (loop3): Ending clean mount [ 672.166136][T18571] XFS (loop3): Quotacheck needed: Please wait. [ 672.181732][T18623] loop4: detected capacity change from 0 to 16 [ 672.248035][T18623] erofs: (device loop4): mounted with root inode @ nid 36. [ 672.255037][T18571] XFS (loop3): Quotacheck: Done. [ 672.471266][T18634] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4308'. [ 672.578778][T18410] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 672.667035][T18640] netlink: 'syz.2.4312': attribute type 1 has an invalid length. [ 672.674914][T18640] netlink: 148 bytes leftover after parsing attributes in process `syz.2.4312'. [ 672.684068][T18640] netlink: 'syz.2.4312': attribute type 2 has an invalid length. [ 672.686231][T18614] loop0: detected capacity change from 0 to 32768 [ 672.692258][T18640] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4312'. [ 672.819100][T18614] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 673.016821][T18614] XFS (loop0): Ending clean mount [ 673.157307][T18632] loop1: detected capacity change from 0 to 40427 [ 673.185681][T18632] F2FS-fs (loop1): invalid crc value [ 673.238309][T18614] XFS (loop0): Quotacheck needed: Please wait. [ 673.264679][T18614] XFS (loop0): Quotacheck: Done. [ 673.314727][T18366] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 673.359816][T18669] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 673.400579][T18632] F2FS-fs (loop1): Found nat_bits in checkpoint [ 673.516234][T18678] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4325'. [ 673.553723][T18632] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 673.587768][T18679] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4324'. [ 673.685136][T17859] syz-executor: attempt to access beyond end of device [ 673.685136][T17859] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 673.716945][T17859] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 673.839444][T18696] openvswitch: netlink: Actions may not be safe on all matching packets [ 674.087423][T18704] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 674.110542][T18704] pim6reg0: linktype set to 1 [ 674.423357][T18723] loop1: detected capacity change from 0 to 16 [ 674.446990][T18723] erofs: (device loop1): mounted with root inode @ nid 36. [ 674.487296][ T29] audit: type=1800 audit(1728498428.404:4607): pid=18723 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.4330" name="file1" dev="loop1" ino=86 res=0 errno=0 [ 674.508405][ T7762] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 674.622151][T18708] loop0: detected capacity change from 0 to 32768 [ 674.648919][T18708] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.4339 (18708) [ 674.674790][T18727] loop1: detected capacity change from 0 to 2048 [ 674.685449][T18708] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 674.707752][ T7762] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 674.718763][T18727] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 674.728103][ T7762] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 674.740124][T18708] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 674.750515][ T7762] usb 5-1: config 0 descriptor?? [ 674.765041][ T7762] cp210x 5-1:0.0: cp210x converter detected [ 674.775021][T18708] BTRFS info (device loop0): using free-space-tree [ 674.870676][T18708] BTRFS info (device loop0): rebuilding free space tree [ 674.962826][T18708] overlayfs: conflicting lowerdir path [ 675.114689][T18366] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 675.218985][ T9] IPVS: starting estimator thread 0... [ 675.230989][T18759] IPVS: sed: TCP 127.0.0.1:0 - no destination available [ 675.282700][T18758] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 675.291584][T18758] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 675.300391][T18758] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 675.306910][T18760] IPVS: using max 34 ests per chain, 81600 per kthread [ 675.309136][T18758] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 675.336188][ T7762] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 675.337104][T18716] loop3: detected capacity change from 0 to 32768 [ 675.359819][ T7762] usb 5-1: cp210x converter now attached to ttyUSB0 [ 675.378470][T18758] vxlan0: entered promiscuous mode [ 675.383807][T18758] vxlan0: entered allmulticast mode [ 675.392337][T18716] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 675.405210][T18716] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 675.430850][T18716] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 675.440056][ T5231] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 675.446985][ T5231] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 675.459839][T18758] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 675.469258][T18758] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 675.478208][T18758] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 675.487231][T18758] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 675.563718][ T5231] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 116ms [ 675.572939][ T9] usb 5-1: USB disconnect, device number 30 [ 675.581803][ T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 675.590653][ T5231] gfs2: fsid=syz:syz.0: jid=0: Done [ 675.595987][T18716] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 675.608969][ T9] cp210x 5-1:0.0: device disconnected [ 675.756850][ T7762] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 675.926863][ T7762] usb 1-1: Using ep0 maxpacket: 8 [ 675.944841][ T7762] usb 1-1: config index 0 descriptor too short (expected 115, got 27) [ 675.956443][ T7762] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 675.976799][ T7762] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 675.995238][ T7762] usb 1-1: Product: syz [ 676.005354][ T7762] usb 1-1: Manufacturer: syz [ 676.015479][ T7762] usb 1-1: SerialNumber: syz [ 676.105306][T18782] loop1: detected capacity change from 0 to 128 [ 676.131859][T18782] EXT4-fs: Ignoring removed mblk_io_submit option [ 676.146350][T18782] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a842c198, mo2=0002] [ 676.154827][T18782] System zones: 1-3, 19-19, 35-36 [ 676.162154][T18782] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 676.184996][T18782] ext4 filesystem being mounted at /59/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 676.233548][ T7762] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 39 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 676.251137][ T7762] usb 1-1: USB disconnect, device number 39 [ 676.261393][ T7762] usblp0: removed [ 676.339511][T18791] bridge_slave_0: left allmulticast mode [ 676.349668][T18791] bridge_slave_0: left promiscuous mode [ 676.358815][T18791] bridge0: port 1(bridge_slave_0) entered disabled state [ 676.485175][T18791] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 676.565210][T17859] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 677.331154][ T2634] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 677.530933][ T2634] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 677.540236][ T2634] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 677.551309][ T2634] usb 4-1: config 0 descriptor?? [ 677.560757][ T2634] cp210x 4-1:0.0: cp210x converter detected [ 677.645823][T18831] loop0: detected capacity change from 0 to 64 [ 677.680850][T18819] loop4: detected capacity change from 0 to 32768 [ 677.719249][T18819] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.4379 (18819) [ 677.749569][T18819] BTRFS info (device loop4): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 677.763249][T18819] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 677.791303][T18819] BTRFS info (device loop4): using free-space-tree [ 677.985468][ T2634] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 677.993746][ T2634] cp210x 4-1:0.0: GPIO initialisation failed: -524 [ 678.002458][ T2634] usb 4-1: cp210x converter now attached to ttyUSB0 [ 678.081754][ T29] audit: type=1804 audit(1728498431.994:4608): pid=18819 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.4379" name="/newroot/74/file0/bus" dev="loop4" ino=263 res=1 errno=0 [ 678.195866][ T7762] usb 4-1: USB disconnect, device number 29 [ 678.208541][ T7762] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 678.237125][ T7762] cp210x 4-1:0.0: device disconnected [ 678.287232][T17691] BTRFS info (device loop4): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 678.601492][T18849] loop2: detected capacity change from 0 to 32768 [ 678.681345][T18849] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 678.720837][T18854] loop0: detected capacity change from 0 to 32768 [ 678.863092][T18849] XFS (loop2): Ending clean mount [ 678.878220][T18849] XFS (loop2): Quotacheck needed: Please wait. [ 678.910603][T18849] XFS (loop2): Quotacheck: Done. [ 678.973135][T18268] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 679.643873][T18880] loop0: detected capacity change from 0 to 32768 [ 679.656176][T18898] loop1: detected capacity change from 0 to 1024 [ 679.712845][T18898] hfsplus: bad catalog entry type [ 679.723493][T18883] loop3: detected capacity change from 0 to 32768 [ 679.731673][T18880] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 679.779983][T18883] (syz.3.4397,18883,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 679.828865][ T7760] hfsplus: b-tree write err: -5, ino 4 [ 679.849034][T18883] (syz.3.4397,18883,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 679.878651][T18880] XFS (loop0): Ending clean mount [ 679.931157][T18889] loop2: detected capacity change from 0 to 32768 [ 679.944818][T18889] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.4396 (18889) [ 679.950616][T18883] JBD2: Ignoring recovery information on journal [ 679.967526][T18889] BTRFS info (device loop2): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 679.978791][T18889] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 679.987749][T18880] XFS (loop0): Quotacheck needed: Please wait. [ 679.994719][T18889] BTRFS info (device loop2): using free-space-tree [ 679.999598][T18880] XFS (loop0): Quotacheck: Done. [ 680.073162][T18883] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 680.219649][T18920] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4406'. [ 680.313618][T18410] ocfs2: Unmounting device (7,3) on (node local) [ 680.359526][T18366] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 680.379057][T18922] team0: Port device team_slave_0 removed [ 680.401888][ T2634] kernel write not supported for file /snd/seq (pid: 2634 comm: kworker/1:2) [ 680.630863][ T29] audit: type=1800 audit(1728498434.544:4609): pid=18889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.4396" name="bus" dev="loop2" ino=263 res=0 errno=0 [ 680.679197][T18943] loop3: detected capacity change from 0 to 128 [ 680.793067][T18268] BTRFS info (device loop2): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 680.821585][T18948] loop1: detected capacity change from 0 to 128 [ 680.861866][ T29] audit: type=1800 audit(1728498434.774:4610): pid=18948 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.4415" name="file0" dev="loop1" ino=1048959 res=0 errno=0 [ 680.991217][T18953] loop2: detected capacity change from 0 to 256 [ 681.350919][T18969] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4424'. [ 681.483883][T18973] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4426'. [ 681.681571][T18934] loop4: detected capacity change from 0 to 40427 [ 681.739385][T18966] loop1: detected capacity change from 0 to 32768 [ 681.752899][T18966] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.4423 (18966) [ 681.787846][T18966] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 681.798249][T18934] F2FS-fs (loop4): invalid crc value [ 681.803690][T18966] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 681.812569][T18966] BTRFS info (device loop1): using free-space-tree [ 681.846864][T18934] F2FS-fs (loop4): Found nat_bits in checkpoint [ 682.021055][T17859] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 682.039536][T19014] loop3: detected capacity change from 0 to 64 [ 682.055650][T18934] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 682.149980][T18934] syz.4.4411: attempt to access beyond end of device [ 682.149980][T18934] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 682.192692][T19020] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4440'. [ 682.209291][T18934] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 682.566834][ T9] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 682.742143][ T9] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 682.767582][ T9] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 682.789483][ T9] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 682.809620][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 682.839508][T19034] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 682.852205][ T9] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 683.118074][ T9] usb 3-1: USB disconnect, device number 37 [ 683.486041][T19049] loop1: detected capacity change from 0 to 32768 [ 683.500594][T19049] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.4452 (19049) [ 683.527366][T19049] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 683.556902][T19049] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 683.566880][ T9] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 683.574675][T19049] BTRFS info (device loop1): using free-space-tree [ 683.598446][T19053] loop3: detected capacity change from 0 to 32768 [ 683.676319][T19049] BTRFS info (device loop1): rebuilding free space tree [ 683.739656][ T9] usb 1-1: New USB device found, idVendor=1ac7, idProduct=0001, bcdDevice=cc.19 [ 683.766746][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 683.774791][ T9] usb 1-1: Product: syz [ 683.796836][ T9] usb 1-1: Manufacturer: syz [ 683.801838][ T9] usb 1-1: SerialNumber: syz [ 683.813644][ T9] usb 1-1: config 0 descriptor?? [ 684.057048][ T7762] usb 1-1: USB disconnect, device number 40 [ 684.234525][T19049] BTRFS info (device loop1 state M): allowing degraded mounts [ 684.242536][T19049] BTRFS info (device loop1 state M): turning on flush-on-commit [ 684.250461][T19049] BTRFS info (device loop1 state M): force clearing of disk cache [ 684.262924][T19049] BTRFS info (device loop1 state M): not using ssd optimizations [ 684.335371][T17859] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 684.934091][T19129] loop0: detected capacity change from 0 to 4096 [ 685.356912][ T2634] usb 1-1: new low-speed USB device number 41 using dummy_hcd [ 685.528163][ T2634] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 685.545823][ T2634] usb 1-1: config 0 has no interface number 0 [ 685.566971][ T2634] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 685.600301][ T2634] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 685.626811][ T2634] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 685.642388][ T2634] usb 1-1: config 0 descriptor?? [ 685.650062][T19115] loop1: detected capacity change from 0 to 65536 [ 685.661213][ T2634] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 685.734993][T19115] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 685.818466][T19115] XFS (loop1): Ending clean mount [ 685.842325][T19115] XFS (loop1): Quotacheck needed: Please wait. [ 685.875448][T19115] XFS (loop1): Quotacheck: Done. [ 685.898744][ T7762] usb 1-1: USB disconnect, device number 41 [ 685.944512][T19172] loop2: detected capacity change from 0 to 2048 [ 685.970032][T17859] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 685.988424][T19173] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 686.004651][ T29] audit: type=1800 audit(1728498439.914:4611): pid=19172 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.4500" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 686.031422][ T9] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 686.042221][T19172] CPU: 0 UID: 0 PID: 19172 Comm: syz.2.4500 Not tainted 6.12.0-rc2-next-20241008-syzkaller #0 [ 686.052534][T19172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 686.062632][T19172] Call Trace: [ 686.065940][T19172] [ 686.068920][T19172] dump_stack_lvl+0x241/0x360 [ 686.073647][T19172] ? __pfx_dump_stack_lvl+0x10/0x10 [ 686.078905][T19172] ? __se_sys_sendfile64+0x17c/0x1e0 [ 686.084249][T19172] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 686.090383][T19172] nilfs_btree_do_lookup+0xb7b/0xcf0 [ 686.095719][T19172] ? __pfx_nilfs_btree_do_lookup+0x10/0x10 [ 686.100265][ T29] audit: type=1800 audit(1728498439.954:4612): pid=19172 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.4500" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 686.101542][T19172] ? rcu_is_watching+0x15/0xb0 [ 686.123031][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.126964][T19172] ? kmem_cache_alloc_noprof+0x22d/0x380 [ 686.127009][T19172] nilfs_btree_lookup_contig+0x2b5/0xfc0 [ 686.134386][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.138852][T19172] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 686.138887][T19172] ? __pfx_stack_trace_save+0x10/0x10 [ 686.162534][T19172] ? down_read+0x82b/0xa40 [ 686.167004][T19172] ? __pfx_nilfs_btree_lookup_contig+0x10/0x10 [ 686.173210][T19172] ? filemap_write_and_wait_range+0x1cb/0x280 [ 686.179329][T19172] ? __pfx_down_read+0x10/0x10 [ 686.184175][T19172] ? rcu_is_watching+0x15/0xb0 [ 686.189017][T19172] ? lock_acquire+0xe3/0x550 [ 686.193642][T19172] nilfs_bmap_lookup_contig+0x8f/0x160 [ 686.199150][T19172] nilfs_get_block+0x245/0x8e0 [ 686.203974][T19172] ? __pfx_nilfs_get_block+0x10/0x10 [ 686.209300][T19172] ? iov_iter_extract_bvec_pages+0x533/0x5b0 [ 686.215336][T19172] ? __pfx_nilfs_get_block+0x10/0x10 [ 686.220674][T19172] __blockdev_direct_IO+0x1c8e/0x4890 [ 686.226230][T19172] ? __pfx___blockdev_direct_IO+0x10/0x10 [ 686.232029][T19172] ? __pfx_nilfs_get_block+0x10/0x10 [ 686.237439][T19172] ? __se_sys_sendfile64+0x17c/0x1e0 [ 686.242863][T19172] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 686.248993][T19172] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 686.255004][T19172] nilfs_direct_IO+0xe8/0x120 [ 686.259782][T19172] generic_file_read_iter+0x228/0x420 [ 686.265195][T19172] copy_splice_read+0x663/0xb60 [ 686.270175][T19172] ? __pfx_copy_splice_read+0x10/0x10 [ 686.275595][T19172] ? alloc_pipe_info+0x370/0x4d0 [ 686.280590][T19172] splice_direct_to_actor+0x4fa/0xc80 [ 686.286016][T19172] ? __pfx_direct_splice_actor+0x10/0x10 [ 686.291706][T19172] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 686.297649][T19172] ? __pfx_lock_release+0x10/0x10 [ 686.302707][T19172] do_splice_direct+0x289/0x3e0 [ 686.307591][T19172] ? __pfx_do_splice_direct+0x10/0x10 [ 686.313006][T19172] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 686.318940][T19172] ? bpf_lsm_file_permission+0x9/0x10 [ 686.324339][T19172] ? security_file_permission+0x74/0x280 [ 686.330003][T19172] ? rw_verify_area+0x1c3/0x6f0 [ 686.334886][T19172] do_sendfile+0x561/0xe10 [ 686.339349][T19172] ? __pfx_do_sendfile+0x10/0x10 [ 686.344331][T19172] __se_sys_sendfile64+0x17c/0x1e0 [ 686.349493][T19172] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 686.355177][T19172] ? rcu_is_watching+0x15/0xb0 [ 686.359983][T19172] ? rcu_is_watching+0x15/0xb0 [ 686.364798][T19172] do_syscall_64+0xf3/0x230 [ 686.369339][T19172] ? clear_bhb_loop+0x35/0x90 [ 686.374059][T19172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 686.379990][T19172] RIP: 0033:0x7fbbdff7dff9 [ 686.384435][T19172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 686.404080][T19172] RSP: 002b:00007fbbe0e24038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 686.412545][T19172] RAX: ffffffffffffffda RBX: 00007fbbe0135f80 RCX: 00007fbbdff7dff9 [ 686.420562][T19172] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005 [ 686.428671][T19172] RBP: 00007fbbdfff0296 R08: 0000000000000000 R09: 0000000000000000 [ 686.436672][T19172] R10: 0000000080000002 R11: 0000000000000246 R12: 0000000000000000 [ 686.444684][T19172] R13: 0000000000000000 R14: 00007fbbe0135f80 R15: 00007ffdec51e178 [ 686.452711][T19172] [ 686.468334][T19172] NILFS (loop2): btree level mismatch (ino=16): 1 != 7 [ 686.475393][T19172] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 686.496957][T19176] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4502'. [ 686.520183][T19172] Remounting filesystem read-only [ 686.620582][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 686.632173][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 686.662449][ T9] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 686.685835][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 686.706314][ T9] usb 4-1: config 0 descriptor?? [ 686.926067][T19190] loop2: detected capacity change from 0 to 1024 [ 687.006356][T19181] hfsplus: request for non-existent node 211 in B*Tree [ 687.024095][T19181] hfsplus: request for non-existent node 211 in B*Tree [ 687.125050][ T9] pyra 0003:1E7D:2CF6.004D: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.3-1/input0 [ 687.170814][ T11] hfsplus: b-tree write err: -5, ino 8 [ 687.207216][ T5231] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 687.239629][T19196] loop4: detected capacity change from 0 to 4096 [ 687.252252][T19196] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512). [ 687.273862][T19196] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 687.300584][T19196] ntfs3(loop4): Failed to load $Extend (-22). [ 687.312200][T19196] ntfs3(loop4): Failed to initialize $Extend. [ 687.370258][ T5231] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 687.386760][ T5231] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 687.396632][ T5231] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 687.415103][ T5231] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 687.432163][ T5231] usb 2-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 687.454367][ T5231] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 687.476553][ T5231] usb 2-1: config 0 descriptor?? [ 687.523576][ T9] pyra 0003:1E7D:2CF6.004D: couldn't init struct pyra_device [ 687.531775][T19209] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4515'. [ 687.532393][ T9] pyra 0003:1E7D:2CF6.004D: couldn't install mouse [ 687.569311][ T9] pyra 0003:1E7D:2CF6.004D: probe with driver pyra failed with error -71 [ 687.586224][T19210] loop2: detected capacity change from 0 to 1024 [ 687.598498][ T9] usb 4-1: USB disconnect, device number 30 [ 687.625730][T19210] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 687.696199][ T5231] hdpvr 2-1:0.0: firmware version 0x5b dated Ì7vi0ì [ 687.696199][ T5231] †Ã“‘êpY3¡€ÁLR›­º“ˆ<‡<è¬ü$ù4ãü [ 687.737482][T18268] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 687.759374][ T5231] hdpvr 2-1:0.0: untested firmware, the driver might not work. [ 687.817422][T19220] Failed to get privilege flags for destination (handle=0x2:0x0) [ 687.856981][T19222] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 687.935074][T19227] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 688.029702][T19230] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4526'. [ 688.113017][ T5231] hdpvr 2-1:0.0: Could not setup controls [ 688.128535][ T5231] hdpvr 2-1:0.0: registering videodev failed [ 688.149647][ T5231] hdpvr 2-1:0.0: probe with driver hdpvr failed with error -71 [ 688.159699][ T5231] usb 2-1: USB disconnect, device number 40 [ 688.231932][T19242] loop2: detected capacity change from 0 to 256 [ 688.273465][T19242] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d) [ 688.476570][T19255] loop2: detected capacity change from 0 to 2048 [ 688.713178][T19268] loop1: detected capacity change from 0 to 512 [ 688.737502][T19270] sch_fq: defrate 0 ignored. [ 688.761031][T19268] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 688.804332][T19268] ext4 filesystem being mounted at /86/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 688.885320][T17859] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 688.950867][T19284] loop3: detected capacity change from 0 to 64 [ 689.096256][T19292] loop4: detected capacity change from 0 to 1764 [ 689.106748][ T2634] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 689.153940][T19297] program syz.3.4555 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 689.198448][ T29] audit: type=1326 audit(1728498443.114:4613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19300 comm="syz.1.4557" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff9c1b7dff9 code=0x0 [ 689.278335][ T2634] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 689.289553][ T2634] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 689.298887][ T2634] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 689.311751][ T2634] usb 1-1: config 0 descriptor?? [ 689.390392][T19311] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.4561'. [ 689.400117][T19311] openvswitch: netlink: VXLAN extension 1 has unexpected len 6 expected 4 [ 689.733967][ T2634] keytouch 0003:0926:3333.004E: fixing up Keytouch IEC report descriptor [ 689.748185][ T2634] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.004E/input/input36 [ 690.446264][T19329] loop1: detected capacity change from 0 to 32768 [ 690.457217][T19329] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.4566 (19329) [ 690.478903][T19329] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 690.497679][T19329] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 690.506413][T19329] BTRFS info (device loop1): using free-space-tree [ 690.531082][ T2634] keytouch 0003:0926:3333.004E: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 690.546266][ T2634] usb 1-1: USB disconnect, device number 42 acpid: input device has been disconnected, fd 3 [ 690.652610][T19329] BTRFS info (device loop1): rebuilding free space tree [ 690.676181][T19354] loop4: detected capacity change from 0 to 1024 [ 690.750849][ T29] audit: type=1804 audit(1728498444.664:4614): pid=19329 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.4566" name="/newroot/91/bus/bus" dev="loop1" ino=263 res=1 errno=0 [ 690.800937][T17859] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 691.136181][T19364] 9p: Unknown access argument 18446744073709551615: -34 [ 691.172157][T19358] loop3: detected capacity change from 0 to 40427 [ 691.179922][T19358] F2FS-fs (loop3): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 691.188492][T19358] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 691.200306][T19358] F2FS-fs (loop3): invalid crc value [ 691.219172][T19358] F2FS-fs (loop3): Found nat_bits in checkpoint [ 691.451635][T19358] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 691.458859][T19358] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 691.467143][T19363] loop1: detected capacity change from 0 to 32768 [ 691.536834][T19363] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.4574 (19363) [ 691.567587][T18410] syz-executor: attempt to access beyond end of device [ 691.567587][T18410] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 691.581937][T18410] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 691.659121][T19380] netlink: 160 bytes leftover after parsing attributes in process `syz.4.4584'. [ 691.681286][T19363] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 691.715559][T19363] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 691.728792][T19363] BTRFS info (device loop1): using free-space-tree [ 691.997528][T17859] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 692.119419][T19407] syzkaller0: tun_chr_ioctl cmd 2147767511 [ 692.254924][T19401] loop2: detected capacity change from 0 to 32768 [ 692.306287][T19401] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 692.329773][T19412] netlink: 'syz.0.4593': attribute type 1 has an invalid length. [ 692.353399][T19412] netlink: 9328 bytes leftover after parsing attributes in process `syz.0.4593'. [ 692.388253][T19412] netlink: 'syz.0.4593': attribute type 2 has an invalid length. [ 692.396163][T19412] netlink: 'syz.0.4593': attribute type 1 has an invalid length. [ 692.403490][T19401] OCFS2: ERROR (device loop2): int __ocfs2_find_path(struct ocfs2_caching_info *, struct ocfs2_extent_list *, u32, path_insert_t *, void *): Owner 65 has empty extent list at depth 312 [ 692.432059][T19415] loop4: detected capacity change from 0 to 512 [ 692.485732][T19401] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 692.510183][T19401] OCFS2: File system is now read-only. [ 692.538505][T19415] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 692.556865][T19401] (syz.2.4588,19401,1):ocfs2_find_leaf:1940 ERROR: status = -30 [ 692.583528][T19401] (syz.2.4588,19401,1):ocfs2_get_clusters_nocache:421 ERROR: status = -30 [ 692.612921][T19401] (syz.2.4588,19401,1):ocfs2_fiemap:776 ERROR: status = -30 [ 692.626478][T19415] ext4 filesystem being mounted at /113/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 692.739936][T18268] ocfs2: Unmounting device (7,2) on (node local) [ 692.777511][T17691] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 692.901753][T19441] loop2: detected capacity change from 0 to 128 [ 692.942049][T19441] VFS: Found a Xenix FS (block size = 512) on device loop2 [ 692.961300][T19441] sysv_free_block: trying to free block not in datazone [ 692.968425][ T9] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 693.029393][T18268] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 693.136263][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 693.157934][ T9] usb 1-1: config 0 has no interfaces? [ 693.165137][ T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 693.176735][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 693.195301][ T9] usb 1-1: Product: syz [ 693.206703][ T9] usb 1-1: Manufacturer: syz [ 693.211435][ T9] usb 1-1: SerialNumber: syz [ 693.222367][ T9] usb 1-1: config 0 descriptor?? [ 693.405450][T19456] loop2: detected capacity change from 0 to 2048 [ 693.460775][T19456] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 693.508541][ T2634] usb 1-1: USB disconnect, device number 43 [ 693.602587][T18268] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 694.013898][T19477] loop4: detected capacity change from 0 to 1024 [ 694.074844][T19477] hfsplus: xattr searching failed [ 694.089888][T19480] tipc: Started in network mode [ 694.097446][T19480] tipc: Node identity 7f000001, cluster identity 4711 [ 694.105589][T19477] hfsplus: bad catalog folder thread [ 694.127258][T19480] tipc: Enabled bearer , priority 10 [ 694.257003][T19486] mkiss: ax0: crc mode is auto. [ 694.712397][T19504] sg_write: data in/out 32733/17 bytes for SCSI command 0x15-- guessing data in; [ 694.712397][T19504] program syz.2.4625 not setting count and/or reply_len properly [ 694.728942][T19503] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4620'. [ 694.767033][ T54] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0 [ 694.776190][ T54] Bluetooth: hci6: Injecting HCI hardware error event [ 694.783817][ T54] Bluetooth: hci6: hardware error 0x00 [ 694.865264][T19512] loop3: detected capacity change from 0 to 4096 [ 694.907316][T19512] EXT4-fs: Ignoring removed nobh option [ 694.915291][T19512] EXT4-fs: Ignoring removed i_version option [ 694.947551][T19512] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 694.992162][T19522] loop4: detected capacity change from 0 to 512 [ 695.017596][T18410] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 695.043762][T19522] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 695.083602][T19522] ext4 filesystem being mounted at /123/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 695.120253][T19522] EXT4-fs error (device loop4): ext4_do_update_inode:5121: inode #2: comm syz.4.4631: corrupted inode contents [ 695.207839][T19530] loop3: detected capacity change from 0 to 512 [ 695.214717][T19530] EXT4-fs: Invalid journal IO priority (must be 0-7) [ 695.252953][ T2634] tipc: Node number set to 2130706433 [ 695.312908][T19522] EXT4-fs error (device loop4): ext4_dirty_inode:5984: inode #2: comm syz.4.4631: mark_inode_dirty error [ 695.360527][T19522] EXT4-fs error (device loop4): ext4_do_update_inode:5121: inode #2: comm syz.4.4631: corrupted inode contents [ 695.486955][ T5231] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 695.522501][T17691] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 695.610541][T19542] tipc: Started in network mode [ 695.616971][T19542] tipc: Node identity 74725f6c656e3a2, cluster identity 4711 [ 695.630418][T19542] tipc: Enabling of bearer rejected, failed to enable media [ 695.658286][ T5231] usb 4-1: Using ep0 maxpacket: 16 [ 695.678636][ T5231] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 695.712240][ T5231] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 695.745268][ T5231] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 695.783534][ T5231] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 695.809680][ T5279] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 695.822209][ T5231] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 695.870337][ T5231] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 695.885196][ T5231] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 695.895317][ T5231] usb 4-1: Manufacturer: syz [ 695.905986][ T5231] usb 4-1: config 0 descriptor?? [ 695.969724][ T5279] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 695.997760][ T5279] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 696.018724][ T5279] usb 2-1: config 1 has no interface number 0 [ 696.024903][ T5279] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 696.063127][ T5279] usb 2-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 696.084806][ T5279] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 696.106726][ T5279] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 696.126831][ T5279] usb 2-1: Product: syz [ 696.131172][ T5279] usb 2-1: Manufacturer: syz [ 696.135922][ T5279] usb 2-1: SerialNumber: syz [ 696.161403][T19564] loop2: detected capacity change from 0 to 128 [ 696.201947][ T5231] rc_core: IR keymap rc-hauppauge not found [ 696.212942][ T5231] Registered IR keymap rc-empty [ 696.233176][T18268] sysv_free_block: flc_count > flc_size [ 696.239940][ T5231] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 696.256923][T18268] sysv_free_block: flc_count > flc_size [ 696.262799][T18268] sysv_free_block: flc_count > flc_size [ 696.269967][T18268] sysv_free_block: flc_count > flc_size [ 696.276773][ T5231] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 696.285904][T18268] sysv_free_block: flc_count > flc_size [ 696.301929][T18268] sysv_free_block: flc_count > flc_size [ 696.312861][ T5231] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 696.334992][T18268] sysv_free_block: flc_count > flc_size [ 696.342363][ T5231] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input37 [ 696.350909][T19548] loop0: detected capacity change from 0 to 32768 [ 696.363459][T18268] sysv_free_block: flc_count > flc_size [ 696.369705][T18268] sysv_free_block: flc_count > flc_size [ 696.387274][ T5231] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 696.394543][T18268] sysv_free_block: flc_count > flc_size [ 696.404587][T18268] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 696.428406][ T5231] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 696.460570][ T5231] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 696.488383][T19548] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 696.498150][ T5231] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 696.517817][ T5231] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 696.555617][ T5231] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 696.607571][ T5231] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 696.641202][T18366] ocfs2: Unmounting device (7,0) on (node local) [ 696.656932][ T5231] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 696.700360][ T5231] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 696.728325][ T5231] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 696.762129][ T5231] mceusb 4-1:0.0: Registered with mce emulator interface version 1 [ 696.781206][ T5231] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 696.801643][ T5231] usb 4-1: USB disconnect, device number 31 acpid: input device has been disconnected, fd 3 [ 696.850759][ T54] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 696.987358][ T5279] cdc_ncm 2-1:1.1: bind() failure [ 696.995008][ T5279] usb 2-1: USB disconnect, device number 41 [ 697.001037][ T9] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 697.156710][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 697.166970][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 697.180498][ T9] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 697.200099][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 697.227413][ T9] usb 3-1: config 0 descriptor?? [ 697.278804][T19578] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4654'. [ 697.449755][ T9] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 697.624788][T19590] loop0: detected capacity change from 0 to 256 [ 697.640578][T19587] loop3: detected capacity change from 0 to 4096 [ 697.653377][T19587] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512). [ 697.711365][T19587] ntfs3(loop3): Failed to initialize $Extend/$Reparse. [ 697.770521][T18410] ntfs3(loop3): ino=1a, ntfs_sync_fs failed, -22. [ 698.074989][T19602] loop0: detected capacity change from 0 to 4096 [ 698.075774][T19608] netlink: 'syz.1.4669': attribute type 8 has an invalid length. [ 698.092712][T19602] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512). [ 698.172759][T19602] ntfs3(loop0): failed to convert "c46c" to iso8859-13 [ 698.252902][T19614] loop3: detected capacity change from 0 to 128 [ 698.264524][T19614] affs: No valid root block on device loop3 [ 698.383778][T19614] loop3: detected capacity change from 0 to 4096 [ 698.722449][T19626] loop3: detected capacity change from 0 to 2048 [ 698.743375][T19626] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 698.775791][T19626] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 698.842159][T18410] UDF-fs: warning (device loop3): udf_evict_inode: Inode 1367 (mode 120777) has inode size 70 different from extent length 512. Filesystem need not be standards compliant. [ 698.895322][T19616] loop1: detected capacity change from 0 to 40427 [ 698.936978][T19616] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 698.944786][T19616] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 698.973296][T19616] F2FS-fs (loop1): invalid crc value [ 699.017878][T19566] loop4: detected capacity change from 0 to 131072 [ 699.026829][T19566] F2FS-fs (loop4): Test dummy encryption mode enabled [ 699.034683][T19616] F2FS-fs (loop1): Found nat_bits in checkpoint [ 699.044029][T19566] F2FS-fs (loop4): invalid crc value [ 699.088787][T19566] F2FS-fs (loop4): Found nat_bits in checkpoint [ 699.106203][T19616] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 699.116469][T19640] loop3: detected capacity change from 0 to 128 [ 699.116778][ T2634] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 699.133111][T19616] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 699.155880][T19640] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 699.195693][T19640] ext4 filesystem being mounted at /91/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 699.236772][T19566] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 699.316716][ T2634] usb 1-1: Using ep0 maxpacket: 16 [ 699.328400][ T2634] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 699.340334][ T2634] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 699.355494][T18410] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 699.357126][ T2634] usb 1-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 699.393940][ T2634] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 699.407949][ T2634] usb 1-1: config 0 descriptor?? [ 699.770820][ T5279] usb 3-1: USB disconnect, device number 38 [ 699.819858][T19628] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 699.831481][T19628] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 700.059467][ T2634] usb 1-1: string descriptor 0 read error: -71 [ 700.104024][ T2634] usb 1-1: Max retries (5) exceeded reading string descriptor 200 [ 700.131126][ T2634] letsketch 0003:6161:4D15.004F: probe with driver letsketch failed with error -32 [ 700.152062][ T2634] usb 1-1: USB disconnect, device number 44 [ 700.284819][T19649] loop3: detected capacity change from 0 to 32768 [ 700.348238][T19649] ERROR: (device loop3): dbAlloc: unable to allocate blocks [ 700.348238][T19649] [ 700.381192][T19651] loop1: detected capacity change from 0 to 40427 [ 700.402420][T19651] F2FS-fs (loop1): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 700.417364][T19651] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 700.427638][T19651] F2FS-fs (loop1): build fault injection attr: rate: 18446, type: 0x1fffff [ 700.452220][T19651] F2FS-fs (loop1): invalid crc value [ 700.459212][T19651] F2FS-fs (loop1): Found nat_bits in checkpoint [ 700.533198][T19651] F2FS-fs (loop1): Start checkpoint disabled! [ 700.552881][T19651] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 700.562462][T19651] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 700.643491][T19664] loop3: detected capacity change from 0 to 1024 [ 700.699887][T19664] hfsplus: xattr searching failed [ 700.715694][ T2932] kworker/u8:7: attempt to access beyond end of device [ 700.715694][ T2932] loop1: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 700.782910][ T2932] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 700.787291][ T11] hfsplus: bad catalog file entry [ 700.795344][ T11] hfsplus: b-tree write err: -5, ino 3 [ 700.795444][ T2932] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 700.831377][ T2932] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 701.004837][T19675] loop2: detected capacity change from 0 to 256 [ 701.038220][T19679] loop0: detected capacity change from 0 to 512 [ 701.125050][T19675] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 701.215400][T19679] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 701.259162][T19679] ext4 filesystem being mounted at /75/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 701.303934][T19661] loop4: detected capacity change from 0 to 40427 [ 701.390993][T19679] EXT4-fs error (device loop0): ext4_get_first_dir_block:3532: inode #12: comm syz.0.4696: Directory hole found for htree leaf block 0 [ 701.439941][T19661] F2FS-fs (loop4): Found nat_bits in checkpoint [ 701.591998][T18366] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 701.693959][T19704] (unnamed net_device) (uninitialized): (slave team_slave_0): Device is not bonding slave [ 701.726206][T19711] loop2: detected capacity change from 0 to 1024 [ 701.726878][T19704] (unnamed net_device) (uninitialized): option active_slave: invalid value (team_slave_0) [ 701.762619][T19711] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 701.787236][T19711] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 701.867291][T19714] loop0: detected capacity change from 0 to 1024 [ 701.898875][T19661] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 701.910254][T18268] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 702.001056][T19717] loop3: detected capacity change from 0 to 4096 [ 702.036627][T19717] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 702.198486][ T29] audit: type=1804 audit(1728498455.994:4615): pid=19661 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.4684" name="/newroot/129/file2/file0" dev="loop4" ino=10 res=1 errno=0 [ 702.295890][T18410] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 702.324226][T19728] loop1: detected capacity change from 0 to 1024 [ 702.332340][T19726] loop0: detected capacity change from 0 to 32768 [ 702.349695][T17691] syz-executor: attempt to access beyond end of device [ 702.349695][T17691] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 702.386824][T17691] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 702.550801][T19725] loop2: detected capacity change from 0 to 32768 [ 702.569870][T19725] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.4716 (19725) [ 702.587873][T19725] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 702.601091][T19725] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 702.610016][T19725] BTRFS info (device loop2): using free-space-tree [ 702.696120][T19728] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 702.748261][T17859] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 702.759273][T19726] XFS (loop0): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 702.952040][T19726] XFS (loop0): Ending clean mount [ 703.052436][T18366] XFS (loop0): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 703.487079][T12270] Bluetooth: hci4: command 0x0405 tx timeout [ 703.619603][T19766] netlink: 'syz.0.4720': attribute type 1 has an invalid length. [ 703.645884][T18268] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 703.657132][T19766] netlink: 9372 bytes leftover after parsing attributes in process `syz.0.4720'. [ 703.666308][T19766] netlink: 'syz.0.4720': attribute type 1 has an invalid length. [ 703.753402][T19757] loop1: detected capacity change from 0 to 40427 [ 703.773844][T19757] F2FS-fs (loop1): Small segment_count (9 < 1 * 24) [ 703.790720][T19757] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 703.839533][T19757] F2FS-fs (loop1): Found nat_bits in checkpoint [ 703.849608][T19772] lo: entered allmulticast mode [ 703.870164][T19772] tunl0: entered allmulticast mode [ 703.892298][T19772] gre0: entered allmulticast mode [ 703.923128][T19772] gretap0: entered allmulticast mode [ 703.949802][T19757] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 703.958739][T19772] erspan0: entered allmulticast mode [ 703.976072][T19757] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 703.983803][T19772] ip_vti0: entered allmulticast mode [ 703.993633][T19772] ip6_vti0: entered allmulticast mode [ 704.009492][T19772] sit0: entered allmulticast mode [ 704.025484][T19772] ip6tnl0: entered allmulticast mode [ 704.033231][T19772] ip6gre0: entered allmulticast mode [ 704.066152][T19772] syz_tun: entered allmulticast mode [ 704.078418][T17859] syz-executor: attempt to access beyond end of device [ 704.078418][T17859] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 704.115439][T19772] ip6gretap0: entered allmulticast mode [ 704.126296][T19772] bridge0: port 2(bridge_slave_1) entered disabled state [ 704.130118][T17859] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 704.133780][T19772] bridge0: port 1(bridge_slave_0) entered disabled state [ 704.156863][T19772] bridge0: entered allmulticast mode [ 704.188093][T19772] vcan0: entered allmulticast mode [ 704.277277][T19772] bond0: entered allmulticast mode [ 704.284180][T19772] bond_slave_0: entered allmulticast mode [ 704.290235][T19772] bond_slave_1: entered allmulticast mode [ 704.322858][T19772] team0: entered allmulticast mode [ 704.331626][T19772] team_slave_0: entered allmulticast mode [ 704.352873][T19759] loop4: detected capacity change from 0 to 32768 [ 704.369128][T19772] team_slave_1: entered allmulticast mode [ 704.369993][T19759] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.4717 (19759) [ 704.406841][T19772] dummy0: entered allmulticast mode [ 704.433083][T19772] nlmon0: entered allmulticast mode [ 704.452155][T19772] caif0: entered allmulticast mode [ 704.471959][T19772] batadv0: entered allmulticast mode [ 704.508063][T19772] vxcan0: entered allmulticast mode [ 704.518146][T19772] vxcan1: entered allmulticast mode [ 704.540503][T19772] veth0: entered allmulticast mode [ 704.570408][T19772] veth1: entered allmulticast mode [ 704.603069][T19772] wg0: entered allmulticast mode [ 704.656028][T19772] wg1: entered allmulticast mode [ 704.711605][T19772] wg2: entered allmulticast mode [ 704.754963][T19772] veth0_to_bridge: entered allmulticast mode [ 704.790414][T19772] veth1_to_bridge: entered allmulticast mode [ 704.803079][T19780] loop2: detected capacity change from 0 to 32768 [ 704.830235][T19772] veth0_to_bond: entered allmulticast mode [ 704.840844][T19789] syz.1.4730 (19789): /proc/19788/oom_adj is deprecated, please use /proc/19788/oom_score_adj instead. [ 704.860429][T19772] veth1_to_bond: entered allmulticast mode [ 704.875856][T19780] MetaData crosses page boundary!! [ 704.885811][T19772] veth0_to_team: entered allmulticast mode [ 704.894046][T19780] lblock = 631800, size = 28672 [ 704.918079][T19780] CPU: 0 UID: 0 PID: 19780 Comm: syz.2.4724 Not tainted 6.12.0-rc2-next-20241008-syzkaller #0 [ 704.928596][T19780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 704.938852][T19780] Call Trace: [ 704.942186][T19780] [ 704.945132][T19780] dump_stack_lvl+0x241/0x360 [ 704.949841][T19780] ? __pfx_dump_stack_lvl+0x10/0x10 [ 704.955064][T19780] ? __pfx__printk+0x10/0x10 [ 704.959684][T19780] __get_metapage+0xa24/0xef0 [ 704.964401][T19780] dtSearch+0x582/0x2520 [ 704.968697][T19780] jfs_lookup+0x17f/0x410 [ 704.973047][T19780] ? __pfx_jfs_lookup+0x10/0x10 [ 704.977920][T19780] ? d_alloc_parallel+0x14a8/0x1600 [ 704.983329][T19780] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 704.989175][T19780] ? rcu_is_watching+0x15/0xb0 [ 704.993969][T19780] ? __pfx_d_alloc_parallel+0x10/0x10 [ 704.999393][T19780] ? lock_release+0xbf/0xa30 [ 705.004013][T19780] ? __init_waitqueue_head+0xae/0x150 [ 705.009423][T19780] __lookup_slow+0x28c/0x3f0 [ 705.014057][T19780] ? __pfx___lookup_slow+0x10/0x10 [ 705.019225][T19780] lookup_slow+0x53/0x70 [ 705.023503][T19780] link_path_walk+0x99b/0xea0 [ 705.028220][T19780] path_lookupat+0xa9/0x450 [ 705.032759][T19780] filename_lookup+0x256/0x610 [ 705.037561][T19780] ? __pfx_filename_lookup+0x10/0x10 [ 705.042892][T19780] ? rcu_is_watching+0x15/0xb0 [ 705.047682][T19780] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 705.053084][T19780] ? getname_kernel+0x140/0x2f0 [ 705.057982][T19780] kern_path+0x35/0x50 [ 705.062099][T19780] unix_find_other+0x123/0x910 [ 705.066948][T19780] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 705.072710][T19780] ? __pfx_unix_find_other+0x10/0x10 [ 705.078113][T19780] ? tomoyo_check_unix_address+0x15a/0x880 [ 705.083972][T19780] ? __pfx_tomoyo_check_unix_address+0x10/0x10 [ 705.090171][T19780] unix_dgram_sendmsg+0xae0/0x1f80 [ 705.095406][T19780] ? aa_sk_perm+0x96d/0xab0 [ 705.100051][T19780] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 705.105629][T19780] ? aa_sock_msg_perm+0x91/0x160 [ 705.110614][T19780] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 705.116189][T19780] __sock_sendmsg+0x221/0x270 [ 705.120912][T19780] ____sys_sendmsg+0x52a/0x7e0 [ 705.125712][T19780] ? __pfx_____sys_sendmsg+0x10/0x10 [ 705.131125][T19780] ? rcu_is_watching+0x15/0xb0 [ 705.136019][T19780] ? __might_fault+0xaa/0x120 [ 705.140717][T19780] __sys_sendmmsg+0x3ab/0x730 [ 705.145452][T19780] ? __pfx___sys_sendmmsg+0x10/0x10 [ 705.150693][T19780] ? futex_hash+0x1e/0x1f0 [ 705.155131][T19780] ? futex_wait+0x285/0x360 [ 705.159667][T19780] ? __pfx_futex_wait+0x10/0x10 [ 705.164556][T19780] ? rcu_is_watching+0x15/0xb0 [ 705.169371][T19780] ? __pfx_lock_acquire+0x10/0x10 [ 705.174423][T19780] ? alloc_file_pseudo+0x21f/0x290 [ 705.179789][T19780] ? __pfx_lock_release+0x10/0x10 [ 705.184865][T19780] ? do_futex+0x33b/0x560 [ 705.189241][T19780] ? fd_install+0x9c/0x5d0 [ 705.193693][T19780] ? fd_install+0x35c/0x5d0 [ 705.198246][T19780] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 705.204624][T19780] ? rcu_is_watching+0x15/0xb0 [ 705.209425][T19780] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 705.215794][T19780] ? rcu_is_watching+0x15/0xb0 [ 705.220599][T19780] __x64_sys_sendmmsg+0xa0/0xb0 [ 705.225488][T19780] do_syscall_64+0xf3/0x230 [ 705.230023][T19780] ? clear_bhb_loop+0x35/0x90 [ 705.234840][T19780] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 705.240784][T19780] RIP: 0033:0x7fbbdff7dff9 [ 705.245217][T19780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 705.264849][T19780] RSP: 002b:00007fbbe0e24038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 705.273392][T19780] RAX: ffffffffffffffda RBX: 00007fbbe0135f80 RCX: 00007fbbdff7dff9 [ 705.281390][T19780] RDX: 0000000000000002 RSI: 0000000020000e80 RDI: 0000000000000006 [ 705.289391][T19780] RBP: 00007fbbdfff0296 R08: 0000000000000000 R09: 0000000000000000 [ 705.297386][T19780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 705.305373][T19780] R13: 0000000000000000 R14: 00007fbbe0135f80 R15: 00007ffdec51e178 [ 705.313374][T19780] [ 705.378288][T19772] veth1_to_team: entered allmulticast mode [ 705.407047][T19780] bread failed! [ 705.410998][T19780] jfs_lookup: dtSearch returned -5 [ 705.416498][T19759] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 705.442912][T19793] loop1: detected capacity change from 0 to 512 [ 705.446798][T19759] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 705.452531][T19793] EXT4-fs (loop1): can't mount with both data=journal and delalloc [ 705.467453][T19759] BTRFS info (device loop4): using free-space-tree [ 705.494555][T19793] loop1: detected capacity change from 0 to 512 [ 705.502465][T19772] veth0_to_batadv: entered allmulticast mode [ 705.513239][T19793] EXT4-fs: Ignoring removed oldalloc option [ 705.521992][T19772] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 705.533197][T19772] batadv_slave_0: entered allmulticast mode [ 705.537204][T19793] EXT4-fs (loop1): unsupported inode size: 0 [ 705.545331][T19772] veth1_to_batadv: entered allmulticast mode [ 705.546960][T19793] EXT4-fs (loop1): blocksize: 4096 [ 705.560609][T19772] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 705.579447][T19772] batadv_slave_1: entered allmulticast mode [ 705.604207][T19772] xfrm0: entered allmulticast mode [ 705.612274][T19772] veth0_to_hsr: entered allmulticast mode [ 705.632645][T19772] hsr_slave_0: entered allmulticast mode [ 705.648055][T19772] veth1_to_hsr: entered allmulticast mode [ 705.656318][T19772] hsr_slave_1: entered allmulticast mode [ 705.669044][T19772] hsr0: entered allmulticast mode [ 705.676193][T19772] veth1_virt_wifi: entered allmulticast mode [ 705.691567][T19772] veth0_virt_wifi: entered allmulticast mode [ 705.700199][T19772] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 705.711506][T19772] veth1_vlan: entered allmulticast mode [ 705.735736][T19772] veth0_vlan: entered allmulticast mode [ 705.753925][T19772] vlan0: entered allmulticast mode [ 705.764472][T19772] vlan1: entered allmulticast mode [ 705.764468][T19759] BTRFS error (device loop4): target device is invalid! [ 705.782400][T19772] macvlan0: entered allmulticast mode [ 705.790854][T19772] macvlan1: entered allmulticast mode [ 705.798713][T19772] ipvlan0: entered allmulticast mode [ 705.805354][T19772] ipvlan1: entered allmulticast mode [ 705.817179][T17691] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 705.833347][T19772] veth1_macvtap: entered allmulticast mode [ 705.841993][T19772] veth0_macvtap: entered allmulticast mode [ 705.855943][T19772] macvtap0: entered allmulticast mode [ 705.864273][T19772] macsec0: entered allmulticast mode [ 705.878538][T19772] geneve0: entered allmulticast mode [ 705.886245][T19772] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 705.896594][T19772] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 705.905661][T19772] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 705.914938][T19772] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 705.925513][T19772] geneve1: entered allmulticast mode [ 705.940628][T19772] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 705.954128][T19772] netdevsim netdevsim0 netdevsim1: entered allmulticast mode [ 705.967529][T19772] netdevsim netdevsim0 netdevsim2: entered allmulticast mode [ 705.983749][T19772] netdevsim netdevsim0 netdevsim3: entered allmulticast mode [ 706.002437][T19772] mac80211_hwsim hwsim50 wlan0: entered allmulticast mode [ 706.022142][T19772] mac80211_hwsim hwsim51 wlan1: entered allmulticast mode [ 706.186454][T19813] netlink: 'syz.1.4736': attribute type 4 has an invalid length. [ 706.363382][T19834] loop2: detected capacity change from 0 to 512 [ 706.372530][T19834] EXT4-fs: Ignoring removed mblk_io_submit option [ 706.396847][T19834] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.4745: corrupted in-inode xattr: invalid ea_ino [ 706.419595][T19834] EXT4-fs error (device loop2): ext4_orphan_get:1393: comm syz.2.4745: couldn't read orphan inode 15 (err -117) [ 706.431842][ T9] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 706.456170][T19834] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 706.564863][T18268] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 706.599081][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 706.618340][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 706.637185][ T9] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 706.647025][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 706.656858][ T25] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 706.658140][T19845] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4749'. [ 706.674270][ T9] usb 4-1: config 0 descriptor?? [ 706.681702][ T9] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 706.817941][ T25] usb 1-1: Using ep0 maxpacket: 8 [ 706.835179][ T25] usb 1-1: config index 0 descriptor too short (expected 6427, got 27) [ 706.846747][ T25] usb 1-1: config 0 has an invalid interface number: 21 but max is 0 [ 706.866328][ T25] usb 1-1: config 0 has no interface number 0 [ 706.886536][ T25] usb 1-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 706.906739][ T25] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 706.927898][ T25] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 706.962479][ T25] usb 1-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 706.979315][ T25] usb 1-1: New USB device strings: Mfr=31, Product=0, SerialNumber=0 [ 706.996832][ T25] usb 1-1: Manufacturer: syz [ 707.005373][ T25] usb 1-1: config 0 descriptor?? [ 707.146794][ T5279] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 707.256243][T19858] loop4: detected capacity change from 0 to 4096 [ 707.265931][T19858] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512). [ 707.298359][ T5279] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 707.306944][T19854] loop2: detected capacity change from 0 to 40427 [ 707.315996][ T5279] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 707.319332][T19854] F2FS-fs (loop2): invalid crc value [ 707.334890][ T5279] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 707.345178][T19854] F2FS-fs (loop2): Found nat_bits in checkpoint [ 707.346370][ T5279] usb 2-1: config 0 descriptor?? [ 707.416634][T19858] ntfs3(loop4): Failed to initialize $Extend/$Reparse. [ 707.423967][T19854] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 707.450511][T19858] ntfs3(loop4): ino=1d, "file1" failed to parse mft record [ 707.473904][T19858] ntfs3(loop4): ino=1d, "file1" attr_set_size [ 707.483678][T18268] syz-executor: attempt to access beyond end of device [ 707.483678][T18268] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 707.500815][ T9] gspca_vc032x: reg_w err -71 [ 707.505623][ T9] vc032x 4-1:0.0: probe with driver vc032x failed with error -71 [ 707.513831][T18268] F2FS-fs (loop2): Remounting filesystem read-only [ 707.522794][ T9] usb 4-1: USB disconnect, device number 32 [ 707.573834][T17691] ntfs3(loop4): ino=1a, ntfs_sync_fs failed, -22. [ 707.633427][ T25] input: syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.21/input/input38 [ 707.645872][ T25] input: failed to attach handler kbd to device input38, error: -5 [ 707.776348][ T5279] keytouch 0003:0926:3333.0050: fixing up Keytouch IEC report descriptor [ 707.791264][ T5279] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0050/input/input39 [ 707.852079][ T7762] usb 1-1: USB disconnect, device number 45 [ 707.868572][ T5279] keytouch 0003:0926:3333.0050: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 708.077457][T19873] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4761'. [ 708.256932][ T7762] usb 2-1: USB disconnect, device number 42 [ 708.348148][T19871] loop2: detected capacity change from 0 to 32768 acpid: input device has been disconnected, fd 3 [ 708.394219][T19871] XFS (loop2): Mounting V5 Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 708.499981][T19865] loop4: detected capacity change from 0 to 40427 [ 708.509996][T19865] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504) [ 708.517308][T19865] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 708.725221][T19871] XFS (loop2): Ending clean mount [ 708.741700][T19865] F2FS-fs (loop4): invalid crc value [ 709.235264][T19898] netlink: 248 bytes leftover after parsing attributes in process `syz.1.4770'. [ 709.261101][T19877] loop3: detected capacity change from 0 to 32768 [ 709.311188][T19877] (syz.3.4763,19877,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 709.367958][T18268] XFS (loop2): Unmounting Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 709.416061][T19877] (syz.3.4763,19877,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 709.452014][T19865] F2FS-fs (loop4): Found nat_bits in checkpoint [ 709.458890][ T29] audit: type=1326 audit(1728498463.344:4616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19900 comm="syz.1.4771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9c1b7dff9 code=0x7ffc0000 [ 710.206865][ T29] audit: type=1326 audit(1728498463.344:4617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19900 comm="syz.1.4771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9c1b7dff9 code=0x7ffc0000 [ 710.242190][ T29] audit: type=1326 audit(1728498463.354:4618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19900 comm="syz.1.4771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff9c1b7dff9 code=0x7ffc0000 [ 710.315739][ T29] audit: type=1326 audit(1728498463.354:4619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19900 comm="syz.1.4771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9c1b7dff9 code=0x7ffc0000 [ 710.400666][T19877] JBD2: Ignoring recovery information on journal [ 710.419554][ T29] audit: type=1326 audit(1728498463.354:4620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19900 comm="syz.1.4771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9c1b7dff9 code=0x7ffc0000 [ 710.497453][T19877] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 710.586710][ T29] audit: type=1326 audit(1728498463.354:4621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19900 comm="syz.1.4771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff9c1b7dff9 code=0x7ffc0000 [ 710.667566][ T29] audit: type=1326 audit(1728498463.354:4622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19900 comm="syz.1.4771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9c1b7dff9 code=0x7ffc0000 [ 710.768508][T18410] ocfs2: Unmounting device (7,3) on (node local) [ 711.206903][ T29] audit: type=1326 audit(1728498463.354:4623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19900 comm="syz.1.4771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff9c1b74fa7 code=0x7ffc0000 [ 711.234624][T19911] loop2: detected capacity change from 0 to 512 [ 711.246366][T19911] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 711.255944][ T29] audit: type=1326 audit(1728498463.394:4624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19900 comm="syz.1.4771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff9c1b19959 code=0x7ffc0000 [ 711.332531][T19911] EXT4-fs error (device loop2): ext4_orphan_get:1388: inode #15: comm syz.2.4774: iget: bad extended attribute block 19 [ 711.346400][ T29] audit: type=1326 audit(1728498463.394:4625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19900 comm="syz.1.4771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=70 compat=0 ip=0x7ff9c1b7dff9 code=0x7ffc0000 [ 711.377296][T19903] loop1: detected capacity change from 0 to 32768 [ 711.505779][T19903] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.4772 (19903) [ 711.521894][T19911] EXT4-fs error (device loop2): ext4_orphan_get:1393: comm syz.2.4774: couldn't read orphan inode 15 (err -117) [ 711.535139][T19911] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 711.582359][T19911] EXT4-fs error (device loop2): ext4_readdir:261: inode #12: block 13: comm syz.2.4774: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=12, rec_len=0, size=4096 fake=0 [ 711.708377][T18268] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 711.843909][T19925] netlink: 'syz.4.4780': attribute type 1 has an invalid length. [ 711.889901][T19925] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4780'. [ 712.456567][T19903] BTRFS info (device loop1): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 712.490908][T19903] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 712.516628][T19903] BTRFS info (device loop1): disk space caching is enabled [ 712.536117][T19903] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 712.569062][T19903] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR [ 712.570331][T19903] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 712.594076][T19903] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 712.613992][T19903] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 712.635256][T19903] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 712.667107][T19903] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 712.689955][T19903] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 712.730464][T19903] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 712.751588][T19903] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 712.770871][T19903] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 712.795267][T19903] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 712.815861][T19903] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 712.836285][T19903] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 712.858185][T19903] BTRFS error (device loop1): open_ctree failed [ 713.157082][T19952] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4785'. [ 713.186622][T19952] tipc: Started in network mode [ 713.196113][T19952] tipc: Node identity memory.en, cluster identity 8 [ 713.371370][T19932] loop4: detected capacity change from 0 to 32768 [ 713.397067][T19956] loop1: detected capacity change from 0 to 512 [ 713.428312][T19932] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.4783 (19932) [ 713.937874][T19956] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 713.956820][T19956] ext4 filesystem being mounted at /135/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 714.075271][T17859] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 715.697139][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 715.697160][ T29] audit: type=1326 audit(1728498469.604:4630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19975 comm="syz.3.4796" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa20ff7dff9 code=0x0 [ 715.880585][ T29] audit: type=1326 audit(1728498469.794:4631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19982 comm="syz.3.4799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20ff7dff9 code=0x7ffc0000 [ 715.947600][ T29] audit: type=1326 audit(1728498469.814:4632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19982 comm="syz.3.4799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa20ff7dff9 code=0x7ffc0000 [ 716.040064][ T29] audit: type=1326 audit(1728498469.814:4633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19982 comm="syz.3.4799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20ff7dff9 code=0x7ffc0000 [ 716.109696][ T29] audit: type=1326 audit(1728498469.814:4634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19982 comm="syz.3.4799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20ff7dff9 code=0x7ffc0000 [ 716.242971][ T29] audit: type=1326 audit(1728498469.814:4635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19982 comm="syz.3.4799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fa20ff7dff9 code=0x7ffc0000 [ 716.346903][ T29] audit: type=1326 audit(1728498469.814:4636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19982 comm="syz.3.4799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20ff7dff9 code=0x7ffc0000 [ 716.466770][ T29] audit: type=1326 audit(1728498469.814:4637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19982 comm="syz.3.4799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20ff7dff9 code=0x7ffc0000 [ 716.586998][ T29] audit: type=1326 audit(1728498469.814:4638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19982 comm="syz.3.4799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=297 compat=0 ip=0x7fa20ff7dff9 code=0x7ffc0000 [ 716.709491][ T29] audit: type=1326 audit(1728498469.814:4639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19982 comm="syz.3.4799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20ff7dff9 code=0x7ffc0000 [ 717.449557][T19932] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 717.477037][T19932] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 717.490275][T19932] BTRFS info (device loop4): disk space caching is enabled [ 717.505209][T19932] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 717.518753][T19999] loop3: detected capacity change from 0 to 32768 [ 717.602151][T20009] netlink: 'syz.2.4808': attribute type 11 has an invalid length. [ 717.662089][T19932] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR [ 717.662628][T19932] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 718.018076][T20016] loop2: detected capacity change from 0 to 4096 [ 718.197382][T20018] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 718.217118][T19932] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 718.217713][T19932] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 718.228735][T19932] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 718.238991][T19932] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 718.249106][T19932] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 718.259340][T19932] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 718.269359][T19932] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 718.279446][T19932] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 718.290093][T19932] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 718.300773][T19932] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 718.328984][T19999] XFS (loop3): DAX unsupported by block device. Turning off DAX. [ 718.357377][T19999] XFS (loop3): Mounting V5 filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 in no-recovery mode. Filesystem will be inconsistent. [ 718.651232][T19932] BTRFS error (device loop4): open_ctree failed [ 718.677639][T20038] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4812'. [ 718.751410][T19999] XFS (loop3): Quotacheck needed: Please wait. [ 718.766241][T19999] XFS (loop3): Quotacheck: Done. [ 718.769978][T20042] netlink: 216 bytes leftover after parsing attributes in process `syz.1.4814'. [ 718.885813][T18410] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 719.077687][T20050] loop1: detected capacity change from 0 to 64 [ 719.179196][T12270] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 719.206668][T12270] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 719.261056][T12270] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 719.270494][T12270] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 719.279005][T12270] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 719.286582][T12270] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 719.572884][T20066] program syz.2.4823 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 719.632017][T20062] loop3: detected capacity change from 0 to 4096 [ 719.656022][ T35] bridge_slave_1: left promiscuous mode [ 719.674621][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 719.690734][T20062] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512). [ 719.700915][ T35] bridge_slave_0: left promiscuous mode [ 719.709716][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 719.724841][T20062] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 719.803811][T20062] ntfs3(loop3): ino=1e, "file1" failed to open parent directory r=30005 to update [ 719.847236][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 719.860511][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 719.871871][ T35] bond0 (unregistering): Released all slaves [ 719.881745][T20070] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4824'. [ 719.903766][T20048] chnl_net:caif_netlink_parms(): no params data found [ 719.974148][ T35] tipc: Left network mode [ 720.114857][T20048] bridge0: port 1(bridge_slave_0) entered blocking state [ 720.135601][T20048] bridge0: port 1(bridge_slave_0) entered disabled state [ 720.157996][T20048] bridge_slave_0: entered allmulticast mode [ 720.175235][T20048] bridge_slave_0: entered promiscuous mode [ 720.186102][T20048] bridge0: port 2(bridge_slave_1) entered blocking state [ 720.207231][T20048] bridge0: port 2(bridge_slave_1) entered disabled state [ 720.214539][T20048] bridge_slave_1: entered allmulticast mode [ 720.225352][T20048] bridge_slave_1: entered promiscuous mode [ 720.250588][T20059] loop4: detected capacity change from 0 to 32768 [ 720.257603][ T35] hsr_slave_0: left promiscuous mode [ 720.263514][ T35] hsr_slave_1: left promiscuous mode [ 720.272206][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 720.280087][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 720.288546][ T5346] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 720.328696][T20059] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 720.343301][T20059] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 720.415534][T20059] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 720.434741][ T25] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 720.444156][ T25] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 720.492018][ T25] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 47ms [ 720.499854][ T5346] usb 3-1: Using ep0 maxpacket: 8 [ 720.505088][ T25] gfs2: fsid=syz:syz.0: jid=0: Done [ 720.511449][ T35] team0 (unregistering): Port device team_slave_1 removed [ 720.511583][ T5346] usb 3-1: config 0 has an invalid interface number: 52 but max is 0 [ 720.522018][T20059] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 720.532327][ T5346] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 720.545635][ T5346] usb 3-1: config 0 has no interface number 0 [ 720.552758][ T35] team0 (unregistering): Port device team_slave_0 removed [ 720.556224][ T5346] usb 3-1: config 0 interface 52 has no altsetting 0 [ 720.583640][ T5346] usb 3-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 720.593311][ T5346] usb 3-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35 [ 720.607407][ T5346] usb 3-1: Product: syz [ 720.620615][ T5346] usb 3-1: Manufacturer: syz [ 720.631933][ T5346] usb 3-1: SerialNumber: syz [ 720.650525][ T5346] usb 3-1: config 0 descriptor?? [ 720.759206][T20088] loop3: detected capacity change from 0 to 32768 [ 720.769510][T20088] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.4832 (20088) [ 720.798920][T20088] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 720.811402][T20088] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 720.827293][T20088] BTRFS info (device loop3): using free-space-tree [ 720.848271][T20048] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 720.883140][T20048] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 720.944970][T20048] team0: Port device team_slave_0 added [ 720.956991][T20048] team0: Port device team_slave_1 added [ 721.015326][T20088] BTRFS info (device loop3): rebuilding free space tree [ 721.030347][T20048] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 721.055574][T20048] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 721.133865][ T5346] usb 3-1: USB disconnect, device number 39 [ 721.146937][T20048] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 721.161349][T20048] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 721.181372][T20048] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 721.197962][T18410] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 721.255674][T20048] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 721.326980][T12270] Bluetooth: hci0: command tx timeout [ 721.364577][T20048] hsr_slave_0: entered promiscuous mode [ 721.391139][T20048] hsr_slave_1: entered promiscuous mode [ 721.421675][T20125] netlink: 188 bytes leftover after parsing attributes in process `syz.1.4841'. [ 721.438481][T20048] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 721.459879][T20125] netlink: 'syz.1.4841': attribute type 1 has an invalid length. [ 721.467775][T20048] Cannot create hsr debugfs directory [ 721.485895][T20125] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4841'. [ 721.656327][T20137] loop4: detected capacity change from 0 to 64 [ 721.955989][T20133] loop3: detected capacity change from 0 to 32768 [ 721.991087][T20133] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 722.029367][T20133] XFS (loop3): Ending clean mount [ 722.074857][T20133] XFS (loop3): Quotacheck needed: Please wait. [ 722.119689][T20133] XFS (loop3): Quotacheck: Done. [ 722.238174][T20048] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 722.252139][T20048] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 722.263494][T20048] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 722.270507][T18410] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 722.286506][T20048] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 722.344779][T20048] 8021q: adding VLAN 0 to HW filter on device bond0 [ 722.364489][T20048] 8021q: adding VLAN 0 to HW filter on device team0 [ 722.375310][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 722.382478][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 722.402795][ T2894] bridge0: port 2(bridge_slave_1) entered blocking state [ 722.409959][ T2894] bridge0: port 2(bridge_slave_1) entered forwarding state [ 722.708350][T20179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.767215][T20179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.779253][T20161] loop1: detected capacity change from 0 to 32768 [ 722.787128][T20161] btrfs: Deprecated parameter 'usebackuproot' [ 722.791891][T20179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.793228][T20161] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 722.827821][T20161] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.4855 (20161) [ 722.850586][T20179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.876911][T20179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.906824][T20179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.909917][T20161] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 722.925285][T20179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.938537][T20161] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 722.966764][T20161] BTRFS info (device loop1): using free-space-tree [ 722.968965][T20179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.990904][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 722.990924][ T29] audit: type=1326 audit(1728498476.894:4641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20182 comm="syz.3.4863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20ff7dff9 code=0x7ffc0000 [ 723.048456][T20179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 723.071042][T20179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.083958][ T29] audit: type=1326 audit(1728498476.904:4642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20182 comm="syz.3.4863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20ff7dff9 code=0x7ffc0000 [ 723.112369][ T29] audit: type=1326 audit(1728498476.904:4643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20182 comm="syz.3.4863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa20ff7c990 code=0x7ffc0000 [ 723.132110][T20179] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 723.140538][ T29] audit: type=1326 audit(1728498476.904:4644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20182 comm="syz.3.4863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20ff7dff9 code=0x7ffc0000 [ 723.171361][ T29] audit: type=1326 audit(1728498476.904:4645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20182 comm="syz.3.4863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20ff7dff9 code=0x7ffc0000 [ 723.198057][T20179] batadv_slave_0: entered promiscuous mode [ 723.220257][ T11] BTRFS warning (device loop1): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 723.243993][T20161] BTRFS error (device loop1): failed to load root extent [ 723.252126][T20161] BTRFS warning (device loop1): try to load backup roots slot 1 [ 723.253929][T20048] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 723.267371][ T2894] BTRFS warning (device loop1): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 723.317804][T20161] BTRFS warning (device loop1): couldn't read tree root [ 723.324849][T20161] BTRFS warning (device loop1): try to load backup roots slot 2 [ 723.337428][ T11] BTRFS error (device loop1): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 723.350757][T20161] BTRFS warning (device loop1): couldn't read tree root [ 723.359390][T20161] BTRFS warning (device loop1): try to load backup roots slot 3 [ 723.381411][T20204] loop3: detected capacity change from 0 to 2048 [ 723.410927][T12270] Bluetooth: hci0: command tx timeout [ 723.416530][T20207] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 723.427795][T20048] veth0_vlan: entered promiscuous mode [ 723.433838][T20161] BTRFS info (device loop1): rebuilding free space tree [ 723.474299][T20048] veth1_vlan: entered promiscuous mode [ 723.484112][T20161] BTRFS info (device loop1): checking UUID tree [ 723.504072][T20208] loop4: detected capacity change from 0 to 512 [ 723.525081][T20207] NILFS (loop3): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 723.550087][ T29] audit: type=1800 audit(1728498477.454:4646): pid=20161 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.4855" name="file1" dev="loop1" ino=257 res=0 errno=0 [ 723.572424][T20207] NILFS error (device loop3): nilfs_bmap_propagate: broken bmap (inode number=4) [ 723.586707][T20048] veth0_macvtap: entered promiscuous mode [ 723.601546][T20207] Remounting filesystem read-only [ 723.609456][T20048] veth1_macvtap: entered promiscuous mode [ 723.632350][T20208] EXT4-fs error (device loop4): ext4_orphan_get:1388: inode #15: comm syz.4.4868: casefold flag without casefold feature [ 723.645845][T18410] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer [ 723.674269][T20048] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 723.714619][T20220] loop2: detected capacity change from 0 to 128 [ 723.724289][T20048] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.736204][T20220] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 723.747520][T20208] EXT4-fs error (device loop4): ext4_orphan_get:1393: comm syz.4.4868: couldn't read orphan inode 15 (err -117) [ 723.754831][T20048] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 723.766435][T20220] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 723.808421][T20048] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.823820][T20208] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 723.836150][T20048] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 723.869850][T20048] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.886507][T20048] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 723.906725][T20048] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.922270][T20048] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 723.936821][T20048] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.958639][T20048] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 723.964851][T17859] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 723.999495][T20048] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 724.024736][T20048] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.045972][T20048] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 724.072516][T20048] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.096883][T20048] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 724.113659][T20048] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.129736][T20048] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 724.141118][T20048] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.154322][T20048] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 724.165749][T20048] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.175841][T20048] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 724.186490][T20048] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.232617][T20048] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 724.247583][T17691] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 724.334879][T20048] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 724.343813][T20048] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 724.352584][T20048] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 724.361570][T20048] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 724.423308][T20234] netlink: 'syz.3.4879': attribute type 1 has an invalid length. [ 724.431526][T20234] netlink: 9312 bytes leftover after parsing attributes in process `syz.3.4879'. [ 724.467738][T20234] netlink: 'syz.3.4879': attribute type 1 has an invalid length. [ 724.520064][ T2932] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 724.527078][T20236] loop4: detected capacity change from 0 to 1024 [ 724.535159][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 724.555501][T20236] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 724.563680][ T2932] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 724.585751][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 724.658063][T20242] netlink: 'syz.3.4881': attribute type 11 has an invalid length. [ 724.750652][T17691] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 724.906087][T20249] wg1 speed is unknown, defaulting to 1000 [ 724.935724][T20249] wg1 speed is unknown, defaulting to 1000 [ 724.963836][T20249] wg1 speed is unknown, defaulting to 1000 [ 725.056144][T20231] loop1: detected capacity change from 0 to 32768 [ 725.226957][T20238] loop2: detected capacity change from 0 to 40427 [ 725.234594][T20238] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 725.242779][T20238] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 725.258262][T20238] F2FS-fs (loop2): invalid crc value [ 725.280202][T20238] F2FS-fs (loop2): Found nat_bits in checkpoint [ 725.293772][T20231] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 725.343301][T20261] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 725.375262][T20249] infiniband syz1: set active [ 725.382129][ T29] audit: type=1800 audit(1728498479.294:4647): pid=20231 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.4873" name="bus" dev="loop1" ino=17058 res=0 errno=0 [ 725.404864][T20249] infiniband syz1: added wg1 [ 725.405444][ T937] wg1 speed is unknown, defaulting to 1000 [ 725.494684][T12270] Bluetooth: hci0: command tx timeout [ 725.502872][T20238] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 725.517683][T20238] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 725.551637][T20249] RDS/IB: syz1: added [ 725.574286][T20249] smc: adding ib device syz1 with port count 1 [ 725.617190][T20249] smc: ib device syz1 port 1 has pnetid SYZ0 (user defined) [ 725.662404][T17859] ocfs2: Unmounting device (7,1) on (node local) [ 725.671592][ T25] wg1 speed is unknown, defaulting to 1000 [ 725.678515][T20249] wg1 speed is unknown, defaulting to 1000 [ 725.704976][T20272] loop3: detected capacity change from 0 to 256 [ 725.765829][ T29] audit: type=1800 audit(1728498479.674:4648): pid=20272 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.4890" name="bus" dev="loop3" ino=1048972 res=0 errno=0 [ 725.849740][T20275] mkiss: ax0: crc mode is auto. [ 725.885480][T20277] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4889'. [ 726.166082][T20249] wg1 speed is unknown, defaulting to 1000 [ 726.309598][T20297] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4901'. [ 726.321841][T20300] IPVS: fo: FWM 4 0x00000004 - no destination available [ 726.329545][ T5346] IPVS: starting estimator thread 0... [ 726.417299][T20302] IPVS: using max 41 ests per chain, 98400 per kthread [ 726.525775][T20311] loop1: detected capacity change from 0 to 128 [ 726.600096][T20311] VFS: Found a Xenix FS (block size = 512) on device loop1 [ 726.606906][T20249] wg1 speed is unknown, defaulting to 1000 [ 726.618818][T20311] sysv_free_block: trying to free block not in datazone [ 726.696544][T17859] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 726.723854][T20317] loop2: detected capacity change from 0 to 1024 [ 726.743736][T20317] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 726.784994][T20317] EXT4-fs (loop2): The Hurd can't support 64-bit file systems [ 726.814945][T20295] loop0: detected capacity change from 0 to 32768 [ 726.855607][T20295] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.4900 (20295) [ 726.896836][T20295] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 726.921645][T20295] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 726.943291][T20295] BTRFS info (device loop0): using free-space-tree [ 726.951227][T20249] wg1 speed is unknown, defaulting to 1000 [ 727.106964][T20048] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 727.285738][T20249] wg1 speed is unknown, defaulting to 1000 [ 727.297504][T20313] loop3: detected capacity change from 0 to 40427 [ 727.327710][T20313] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 727.338185][ T5346] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 727.356723][T20313] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 727.415233][T20313] F2FS-fs (loop3): Found nat_bits in checkpoint [ 727.429228][T20345] loop0: detected capacity change from 0 to 4096 [ 727.456807][T20345] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512). [ 727.485897][T20313] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 727.493505][T20313] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 727.501890][ T5346] usb 3-1: Using ep0 maxpacket: 32 [ 727.509805][ T5346] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 727.521375][ T5346] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 727.536793][ T5346] usb 3-1: New USB device found, idVendor=056a, idProduct=00cc, bcdDevice= 0.00 [ 727.547580][ T5346] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 727.559353][ T5346] usb 3-1: config 0 descriptor?? [ 727.567400][T12270] Bluetooth: hci0: command tx timeout [ 727.597154][T20313] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 727.597831][T20249] wg1 speed is unknown, defaulting to 1000 [ 727.625581][T20313] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 727.675235][T20343] loop1: detected capacity change from 0 to 32768 [ 727.720877][T20249] wg1 speed is unknown, defaulting to 1000 [ 727.735767][T20343] JBD2: Ignoring recovery information on journal [ 727.857804][T20343] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 727.874162][T20355] loop0: detected capacity change from 0 to 1024 [ 727.964465][T17859] ocfs2: Unmounting device (7,1) on (node local) [ 728.004828][ T5346] wacom 0003:056A:00CC.0051: unknown main item tag 0x0 [ 728.032326][ T5346] wacom 0003:056A:00CC.0051: hidraw0: USB HID v0.00 Device [HID 056a:00cc] on usb-dummy_hcd.2-1/input0 [ 728.119176][T20361] vlan2: entered promiscuous mode [ 728.134488][T20361] mac80211_hwsim hwsim54 wlan0: entered promiscuous mode [ 728.180885][T20361] mac80211_hwsim hwsim54 wlan0: left promiscuous mode [ 728.239267][ T5346] usb 3-1: USB disconnect, device number 40 [ 728.738251][T20379] loop3: detected capacity change from 0 to 32768 [ 728.745294][T20379] XFS: ikeep mount option is deprecated. [ 728.794910][T20379] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 728.942257][T20379] XFS (loop3): Ending clean mount [ 728.950256][T20379] XFS (loop3): Quotacheck needed: Please wait. [ 728.990464][T20379] XFS (loop3): Quotacheck: Done. [ 729.055475][ T29] audit: type=1800 audit(1728498482.964:4649): pid=20379 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.4929" name="file1" dev="loop3" ino=9286 res=0 errno=0 [ 729.172703][T20411] loop4: detected capacity change from 0 to 764 [ 729.226174][T20411] rock: directory entry would overflow storage [ 729.244321][T20392] loop0: detected capacity change from 0 to 32768 [ 729.245096][T20411] rock: sig=0x4654, size=5, remaining=4 [ 729.289959][T18410] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 729.309817][T20392] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode. [ 729.380057][T20403] loop1: detected capacity change from 0 to 32768 [ 729.677022][T20048] ocfs2: Unmounting device (7,0) on (node local) [ 730.088069][T20449] loop0: detected capacity change from 0 to 64 [ 730.343675][T20454] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 730.350243][T20454] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 730.386484][T20454] vhci_hcd vhci_hcd.0: Device attached [ 730.396221][T20457] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(6) [ 730.402788][T20457] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 730.415501][T20447] loop2: detected capacity change from 0 to 32768 [ 730.423132][T20447] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.4957 (20447) [ 730.426918][T20457] vhci_hcd vhci_hcd.0: Device attached [ 730.444812][T20447] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 730.459598][T20447] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 730.472018][T20447] BTRFS info (device loop2): using free-space-tree [ 730.484702][T20454] vhci_hcd vhci_hcd.0: pdev(0) rhport(2) sockfd(5) [ 730.491264][T20454] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 730.506860][T20454] vhci_hcd vhci_hcd.0: Device attached [ 730.535919][T20454] vhci_hcd vhci_hcd.0: pdev(0) rhport(3) sockfd(9) [ 730.542538][T20454] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 730.556914][T20454] vhci_hcd vhci_hcd.0: Device attached [ 730.566766][ T937] vhci_hcd: vhci_device speed not set [ 730.576189][T20472] vhci_hcd: connection closed [ 730.576363][T20458] vhci_hcd: connection closed [ 730.581155][ T7760] vhci_hcd: stop threads [ 730.581366][T20462] vhci_hcd: connection closed [ 730.586248][ T7760] vhci_hcd: release socket [ 730.613724][T20455] vhci_hcd: connection closed [ 730.626820][ T937] usb 9-1: new full-speed USB device number 2 using vhci_hcd [ 730.636955][ T7760] vhci_hcd: disconnect device [ 730.647035][T20456] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 730.657568][ T7760] vhci_hcd: stop threads [ 730.667731][ T7760] vhci_hcd: release socket [ 730.683081][ T7760] vhci_hcd: disconnect device [ 730.731535][ T7760] vhci_hcd: stop threads [ 730.735840][ T7760] vhci_hcd: release socket [ 730.771773][T18268] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 730.786591][ T7760] vhci_hcd: disconnect device [ 730.799534][ T7760] vhci_hcd: stop threads [ 730.803831][ T7760] vhci_hcd: release socket [ 730.804862][T20486] loop3: detected capacity change from 0 to 512 [ 730.821361][ T7760] vhci_hcd: disconnect device [ 730.844398][T20486] EXT4-fs: Ignoring removed orlov option [ 730.860720][T20486] EXT4-fs: Ignoring removed nomblk_io_submit option [ 730.879378][T20486] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 730.902903][T20486] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 730.941006][T20486] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c040e118, mo2=0002] [ 730.969886][T20486] EXT4-fs (loop3): orphan cleanup on readonly fs [ 730.996177][T20486] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 731.005786][T20486] EXT4-fs warning (device loop3): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 731.021810][T20486] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 731.031928][T20494] loop4: detected capacity change from 0 to 2048 [ 731.038931][T20486] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.4962: bg 0: block 40: padding at end of block bitmap is not set [ 731.056716][T20486] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 731.073421][T20493] loop1: detected capacity change from 0 to 4096 [ 731.080008][T20486] EXT4-fs (loop3): 1 truncate cleaned up [ 731.086405][T20486] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 731.137997][T20493] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 731.179808][T20494] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 731.181342][T20493] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 731.207366][T20493] ntfs3(loop1): Failed to initialize $Extend/$Reparse. [ 731.261266][T20494] ext4 filesystem being mounted at /164/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 731.325576][T17859] ntfs3(loop1): ino=1a, ntfs_sync_fs failed, -22. [ 731.367118][ T29] audit: type=1800 audit(1728498485.284:4650): pid=20494 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.4966" name="file0" dev="loop4" ino=13 res=0 errno=0 [ 731.387738][ C1] vkms_vblank_simulate: vblank timer overrun [ 731.402193][T20494] fs-verity: sha256 using implementation "sha256-avx2" [ 731.451666][ T5346] kernel write not supported for file /391/timerslack_ns (pid: 5346 comm: kworker/1:6) [ 731.468714][T20494] fs-verity (loop4, inode 13): Error -22 reading file data [ 731.475981][T20494] fs-verity (loop4, inode 13): Error -22 building Merkle tree [ 731.637957][T17691] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 731.664981][T20517] loop1: detected capacity change from 0 to 16 [ 731.675460][T20517] erofs: (device loop1): mounted with root inode @ nid 36. [ 731.702290][T20520] loop2: detected capacity change from 0 to 2048 [ 731.755462][T18410] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 731.773417][ T2932] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.813810][T20520] loop2: p2 p3 p7 [ 731.914131][ C0] operation not supported error, dev loop2, sector 600 op 0x9:(WRITE_ZEROES) flags 0x10000800 phys_seg 0 prio class 0 [ 731.934258][ T5279] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 731.968160][ T2932] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 732.028549][ T2932] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 732.119074][ T5279] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 732.136935][ T5279] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 732.205147][ T2932] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 732.207036][ T5279] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 732.246703][ T5279] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 732.266690][ T5279] usb 1-1: Manufacturer: syz [ 732.287360][ T5279] usb 1-1: config 0 descriptor?? [ 732.318661][ T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 732.341346][ T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 732.404835][ T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 732.411350][ T5279] rc_core: IR keymap rc-hauppauge not found [ 732.428916][ T5279] Registered IR keymap rc-empty [ 732.436971][ T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 732.444771][ T5279] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 732.457369][ T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 732.464646][ T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 732.511130][ T5279] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input43 [ 732.539036][ T2932] bridge_slave_1: left allmulticast mode [ 732.544729][ T2932] bridge_slave_1: left promiscuous mode [ 732.571163][ T2932] bridge0: port 2(bridge_slave_1) entered disabled state [ 732.580530][ T2932] bridge_slave_0: left allmulticast mode [ 732.586510][ T2932] bridge_slave_0: left promiscuous mode [ 732.592525][ T2932] bridge0: port 1(bridge_slave_0) entered disabled state [ 732.603915][ T5279] usb 1-1: USB disconnect, device number 46 acpid: input device has been disconnected, fd 3 [ 732.770661][T20534] loop1: detected capacity change from 0 to 32768 [ 732.779323][T20534] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.4986 (20534) [ 732.799454][T20534] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 732.810178][ T2932] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 732.813087][T20534] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 732.830694][T20534] BTRFS info (device loop1): using free-space-tree [ 732.838063][ T2932] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 732.853059][ T2932] bond0 (unregistering): Released all slaves [ 732.870670][T20537] wg1 speed is unknown, defaulting to 1000 [ 732.970137][ T2932] tipc: Disabling bearer [ 732.977123][ T2932] tipc: Left network mode [ 732.989666][ T29] audit: type=1800 audit(1728498486.904:4651): pid=20534 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.4986" name="file1" dev="loop1" ino=260 res=0 errno=0 [ 733.003310][T20564] loop4: detected capacity change from 0 to 512 [ 733.106597][T17859] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 733.182157][T20571] netem: incorrect ge model size [ 733.198943][T20571] netem: change failed [ 733.494924][ T5346] usb 1-1: new full-speed USB device number 47 using dummy_hcd [ 733.540457][T20537] chnl_net:caif_netlink_parms(): no params data found [ 733.577771][T20592] loop1: detected capacity change from 0 to 256 [ 733.631957][ T2932] hsr_slave_0: left promiscuous mode [ 733.646357][T20594] loop2: detected capacity change from 0 to 2048 [ 733.657733][ T5346] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 733.687060][ T5346] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 733.700290][ T5346] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 733.710266][ T5346] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 733.720161][ T5346] usb 1-1: config 0 descriptor?? [ 733.725386][ T2932] hsr_slave_1: left promiscuous mode [ 733.733073][ T5346] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 733.740452][ T5346] dvb-usb: bulk message failed: -22 (3/0) [ 733.746403][ T2932] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 733.755475][ T5346] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 733.786841][ T2932] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 733.798705][ T5346] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 733.817166][ T2932] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 733.824717][ T5346] usb 1-1: media controller created [ 733.831760][ T2932] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 733.840728][ T5346] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 733.855086][ T2932] veth1_macvtap: left promiscuous mode [ 733.870793][T20594] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 733.891922][ T5346] dvb-usb: bulk message failed: -22 (6/0) [ 733.898352][ T2932] veth0_macvtap: left promiscuous mode [ 733.914234][ T2932] veth1_vlan: left promiscuous mode [ 733.919824][ T5346] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 733.942125][ T2932] veth0_vlan: left promiscuous mode [ 733.949279][ T5346] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input44 [ 733.961971][ T5346] dvb-usb: schedule remote query interval to 150 msecs. [ 733.969161][ T5346] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 734.004584][ T5346] usb 1-1: USB disconnect, device number 47 acpid: input device has been disconnected, fd 3 [ 734.070039][ T5346] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 734.457852][ T2932] team0 (unregistering): Port device team_slave_1 removed [ 734.462299][T20613] loop1: detected capacity change from 0 to 8192 [ 734.494791][ T2932] team0 (unregistering): Port device team_slave_0 removed [ 734.511564][T20613] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 734.528153][ T54] Bluetooth: hci3: command tx timeout [ 734.938206][T20615] loop2: detected capacity change from 0 to 32768 [ 734.983928][T20632] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5020'. [ 735.046920][ T7762] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 735.084247][T20537] bridge0: port 1(bridge_slave_0) entered blocking state [ 735.115290][T20537] bridge0: port 1(bridge_slave_0) entered disabled state [ 735.140648][T20537] bridge_slave_0: entered allmulticast mode [ 735.158896][T20537] bridge_slave_0: entered promiscuous mode [ 735.173881][T20641] netlink: 9 bytes leftover after parsing attributes in process `syz.0.5024'. [ 735.190792][T20641] 0·: renamed from hsr_slave_1 (while UP) [ 735.201423][T20641] 0·: entered allmulticast mode [ 735.216798][T20641] A link change request failed with some changes committed already. Interface c0· may have been left with an inconsistent configuration, please check. [ 735.236075][ T7762] usb 5-1: Using ep0 maxpacket: 16 [ 735.261978][ T7762] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 735.274958][ T7762] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 735.291127][T20537] bridge0: port 2(bridge_slave_1) entered blocking state [ 735.304526][T20537] bridge0: port 2(bridge_slave_1) entered disabled state [ 735.311981][T20537] bridge_slave_1: entered allmulticast mode [ 735.320184][ T7762] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 735.330531][T20537] bridge_slave_1: entered promiscuous mode [ 735.336792][ T7762] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 735.346016][T20644] netlink: 'syz.0.5024': attribute type 10 has an invalid length. [ 735.354191][ T7762] usb 5-1: Product: syz [ 735.356769][T20644] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5024'. [ 735.368962][ T7762] usb 5-1: Manufacturer: syz [ 735.380129][ T7762] usb 5-1: SerialNumber: syz [ 735.394591][T20644] hsr0: entered promiscuous mode [ 735.401705][ T7762] usb 5-1: config 0 descriptor?? [ 735.414810][T20644] hsr0: entered allmulticast mode [ 735.415648][ T7762] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 735.430422][T20644] hsr_slave_0: entered allmulticast mode [ 735.436331][ T7762] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 735.444049][T20644] bridge0: port 3(hsr0) entered blocking state [ 735.450664][T20644] bridge0: port 3(hsr0) entered disabled state [ 735.459230][T20644] bridge0: port 3(hsr0) entered blocking state [ 735.465510][T20644] bridge0: port 3(hsr0) entered forwarding state [ 735.533774][T20537] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 735.550723][ T2932] IPVS: stop unused estimator thread 0... [ 735.562816][T20537] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 735.610847][T20537] team0: Port device team_slave_0 added [ 735.624234][T20537] team0: Port device team_slave_1 added [ 735.666353][T20537] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 735.675687][T20537] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 735.735587][T20537] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 735.764075][T20537] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 735.773112][T20537] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 735.807148][ T937] vhci_hcd: vhci_device speed not set [ 735.821453][T20537] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 735.887430][T20537] hsr_slave_0: entered promiscuous mode [ 735.907591][T20537] hsr_slave_1: entered promiscuous mode [ 735.923046][T20537] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 735.943203][T20537] Cannot create hsr debugfs directory [ 735.967573][ T30] INFO: task syz.2.3420:15959 blocked for more than 143 seconds. [ 735.980275][ T30] Not tainted 6.12.0-rc2-next-20241008-syzkaller #0 [ 736.006212][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 736.036734][ T30] task:syz.2.3420 state:D stack:24688 pid:15959 tgid:15959 ppid:13139 flags:0x00000004 [ 736.059018][ T30] Call Trace: [ 736.062508][ T7762] em28xx 5-1:0.0: chip ID is em2750 [ 736.063622][ T30] [ 736.080041][ T30] __schedule+0x1895/0x4b30 [ 736.089044][ T30] ? __pfx_stack_trace_save+0x10/0x10 [ 736.100381][ T30] ? schedule+0x90/0x320 [ 736.109122][ T30] ? schedule+0x90/0x320 [ 736.116766][ T30] ? lock_release+0xbf/0xa30 [ 736.125838][ T30] ? __pfx___schedule+0x10/0x10 [ 736.136911][ T30] ? __pfx_lock_release+0x10/0x10 [ 736.148985][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 736.160119][ T30] ? mutex_spin_on_owner+0x26c/0x330 [ 736.171141][ T30] ? schedule+0x90/0x320 [ 736.179900][ T30] schedule+0x14b/0x320 [ 736.189666][ T30] schedule_preempt_disabled+0x13/0x30 [ 736.200819][ T30] __mutex_lock+0x6a7/0xd70 [ 736.209857][ T30] ? __mutex_lock+0x52a/0xd70 [ 736.220159][ T30] ? chaoskey_release+0x169/0x2f0 [ 736.230838][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 736.239305][ T30] ? chaoskey_release+0x12a/0x2f0 [ 736.250154][ T30] ? chaoskey_release+0x12a/0x2f0 [ 736.259759][ T30] chaoskey_release+0x169/0x2f0 [ 736.268038][ T30] ? __pfx_chaoskey_release+0x10/0x10 [ 736.273944][ T7762] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 736.279040][ T30] __fput+0x23f/0x880 [ 736.285595][ T7762] em28xx 5-1:0.0: AC97 chip type couldn't be determined [ 736.286015][ T30] task_work_run+0x24f/0x310 [ 736.308061][ T7762] em28xx 5-1:0.0: No AC97 audio processor [ 736.312358][ T30] ? __pfx_task_work_run+0x10/0x10 [ 736.324956][ T7762] usb 5-1: USB disconnect, device number 31 [ 736.328568][ T30] ? rcu_is_watching+0x15/0xb0 [ 736.338045][ T30] syscall_exit_to_user_mode+0x168/0x370 [ 736.339807][ T7762] em28xx 5-1:0.0: Disconnecting em28xx [ 736.350893][ T30] do_syscall_64+0x100/0x230 [ 736.364762][ T30] ? clear_bhb_loop+0x35/0x90 [ 736.365011][ T7762] em28xx 5-1:0.0: Freeing device [ 736.373260][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 736.399881][ T30] RIP: 0033:0x7f9c9817dff9 [ 736.410246][ T30] RSP: 002b:00007ffc93243478 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 736.431332][ T30] RAX: 0000000000000000 RBX: 000000000008f4f7 RCX: 00007f9c9817dff9 [ 736.446731][ T30] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 736.475942][ T30] RBP: 00007f9c98337a80 R08: 0000000000000001 R09: 00007ffc9324376f [ 736.486154][ T30] R10: 00007f9c98000000 R11: 0000000000000246 R12: 000000000008f9a3 [ 736.496217][ T30] R13: 00007ffc93243580 R14: 0000000000000032 R15: ffffffffffffffff [ 736.504403][ T30] [ 736.507666][ T30] INFO: lockdep is turned off. [ 736.512460][ T30] NMI backtrace for cpu 1 [ 736.516803][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc2-next-20241008-syzkaller #0 [ 736.526797][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 736.536857][ T30] Call Trace: [ 736.540151][ T30] [ 736.543086][ T30] dump_stack_lvl+0x241/0x360 [ 736.547789][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 736.552996][ T30] ? __pfx__printk+0x10/0x10 [ 736.557598][ T30] ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10 [ 736.564548][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 736.569493][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 736.574983][ T30] ? _printk+0xd5/0x120 [ 736.579152][ T30] ? __pfx_rcu_read_unlock_special+0x10/0x10 [ 736.585321][ T30] ? __pfx__printk+0x10/0x10 [ 736.589923][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 736.595918][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 736.601996][ T30] watchdog+0xff4/0x1040 [ 736.606262][ T30] ? watchdog+0x1ea/0x1040 [ 736.610698][ T30] ? __pfx_watchdog+0x10/0x10 [ 736.615389][ T30] kthread+0x2f0/0x390 [ 736.619638][ T30] ? __pfx_watchdog+0x10/0x10 [ 736.624416][ T30] ? __pfx_kthread+0x10/0x10 [ 736.629012][ T30] ret_from_fork+0x4b/0x80 [ 736.633437][ T30] ? __pfx_kthread+0x10/0x10 [ 736.638031][ T30] ret_from_fork_asm+0x1a/0x30 [ 736.642812][ T30] [ 736.647878][ T30] Sending NMI from CPU 1 to CPUs 0: [ 736.654206][ C0] NMI backtrace for cpu 0 [ 736.654220][ C0] CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.12.0-rc2-next-20241008-syzkaller #0 [ 736.654241][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 736.654253][ C0] Workqueue: events drain_vmap_area_work [ 736.654280][ C0] RIP: 0010:purge_vmap_node+0x1b5/0x8d0 [ 736.654304][ C0] Code: ff ff ff ff e8 ff ff 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 e7 e8 7f c0 10 00 49 8b 1c 24 <48> 81 fb 00 00 00 a0 0f 93 c2 48 81 fb 00 00 00 fe 0f 92 c1 48 89 [ 736.654320][ C0] RSP: 0018:ffffc900000d79e0 EFLAGS: 00000246 [ 736.654335][ C0] RAX: 1ffff11004cc4c34 RBX: ffffc90004e97000 RCX: dffffc0000000000 [ 736.654353][ C0] RDX: 0000000000000000 RSI: ffffc90004e97000 RDI: ffffc90004e98000 [ 736.654366][ C0] RBP: ffffc900000d7b20 R08: 0000000000000001 R09: 1ffffffff1d47365 [ 736.654380][ C0] R10: dffffc0000000000 R11: fffffbfff1d47366 R12: ffff8880266261a0 [ 736.654393][ C0] R13: ffff8880266261c8 R14: 1ffff1100358c64a R15: ffffe8ffffffffff [ 736.654408][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 736.654423][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 736.654436][ C0] CR2: 00007faac6308178 CR3: 00000000ab44a000 CR4: 00000000003526f0 [ 736.654452][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 736.654463][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 736.654475][ C0] Call Trace: [ 736.654481][ C0] [ 736.654489][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 736.654514][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 736.654533][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 736.654565][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 736.654590][ C0] ? nmi_handle+0x14f/0x5a0 [ 736.654609][ C0] ? nmi_handle+0x2a/0x5a0 [ 736.654628][ C0] ? purge_vmap_node+0x1b5/0x8d0 [ 736.654649][ C0] ? default_do_nmi+0x63/0x160 [ 736.654674][ C0] ? exc_nmi+0x123/0x1f0 [ 736.654697][ C0] ? end_repeat_nmi+0xf/0x53 [ 736.654723][ C0] ? purge_vmap_node+0x1b5/0x8d0 [ 736.654744][ C0] ? purge_vmap_node+0x1b5/0x8d0 [ 736.654766][ C0] ? purge_vmap_node+0x1b5/0x8d0 [ 736.654787][ C0] [ 736.654794][ C0] [ 736.654808][ C0] ? __pfx_purge_vmap_node+0x10/0x10 [ 736.654830][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 736.654853][ C0] ? __pfx_do_flush_tlb_all+0x10/0x10 [ 736.654875][ C0] ? __pfx_do_flush_tlb_all+0x10/0x10 [ 736.654896][ C0] __purge_vmap_area_lazy+0x708/0xae0 [ 736.654922][ C0] ? process_scheduled_works+0x976/0x1850 [ 736.654948][ C0] drain_vmap_area_work+0x27/0x40 [ 736.654969][ C0] process_scheduled_works+0xa63/0x1850 [ 736.655007][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 736.655033][ C0] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 736.655053][ C0] ? assign_work+0x364/0x3d0 [ 736.655079][ C0] worker_thread+0x870/0xd30 [ 736.655117][ C0] ? __kthread_parkme+0x169/0x1d0 [ 736.655145][ C0] ? __pfx_worker_thread+0x10/0x10 [ 736.655171][ C0] kthread+0x2f0/0x390 [ 736.655188][ C0] ? __pfx_worker_thread+0x10/0x10 [ 736.655232][ C0] ? __pfx_kthread+0x10/0x10 [ 736.655251][ C0] ret_from_fork+0x4b/0x80 [ 736.655277][ C0] ? __pfx_kthread+0x10/0x10 [ 736.655295][ C0] ret_from_fork_asm+0x1a/0x30 [ 736.655328][ C0] [ 736.985614][ T54] Bluetooth: hci3: command tx timeout [ 736.999881][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 737.006766][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc2-next-20241008-syzkaller #0 [ 737.016756][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 737.026826][ T30] Call Trace: [ 737.030130][ T30] [ 737.033063][ T30] dump_stack_lvl+0x241/0x360 [ 737.037774][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 737.043080][ T30] ? __pfx__printk+0x10/0x10 [ 737.047680][ T30] ? vscnprintf+0x5d/0x90 [ 737.052023][ T30] panic+0x349/0x880 [ 737.055927][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 737.062099][ T30] ? __pfx_panic+0x10/0x10 [ 737.066530][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 737.071909][ T30] ? __irq_work_queue_local+0x137/0x410 [ 737.077483][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 737.082860][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 737.089022][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 737.095191][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 737.101359][ T30] watchdog+0x1033/0x1040 [ 737.105700][ T30] ? watchdog+0x1ea/0x1040 [ 737.110128][ T30] ? __pfx_watchdog+0x10/0x10 [ 737.114816][ T30] kthread+0x2f0/0x390 [ 737.118907][ T30] ? __pfx_watchdog+0x10/0x10 [ 737.123593][ T30] ? __pfx_kthread+0x10/0x10 [ 737.128184][ T30] ret_from_fork+0x4b/0x80 [ 737.132611][ T30] ? __pfx_kthread+0x10/0x10 [ 737.137240][ T30] ret_from_fork_asm+0x1a/0x30 [ 737.142024][ T30] [ 737.145335][ T30] Kernel Offset: disabled [ 737.149655][ T30] Rebooting in 86400 seconds..