last executing test programs: 2m19.120825262s ago: executing program 0 (id=65): r0 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) r1 = add_key$user(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x1}, &(0x7f00000003c0)="aebc", 0x2, r0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000140)=@keyring={'key_or_keyring:', r1}) keyctl$link(0x8, r1, r0) 2m18.35305179s ago: executing program 0 (id=70): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000fc0)={r1, 0xd1, 0x10}, &(0x7f0000001000)=0xc) 2m17.568069993s ago: executing program 0 (id=72): r0 = io_uring_setup(0x29e3, &(0x7f0000000180)={0x0, 0xbbf5, 0x40, 0x2, 0x1d7}) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) nanosleep(&(0x7f0000000280)={r1, r2+60000000}, 0x0) io_uring_register$IORING_REGISTER_IOWQ_AFF(r0, 0x11, &(0x7f0000000300)='E', 0x1) 2m16.164716008s ago: executing program 0 (id=81): syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000c40), 0x5, 0x4a7, &(0x7f0000001140)="$eJzs3EtvG0UcAPD/bl59hZhSXm2hhoKIeCRNWqAHJB4CqRckJDiUY0jTqjRtUBMkWkU0IFSOqJ+gcETiE3CCCwIkJBBXuCOkCuXS0gNatLY3dRI7OGkc0+T3k1zPeGZ3ZnY969mZbgLYssr5P0nEroj4LSIGqtHFGcrVtxvzs+N/z8+OJ5Flb/6VVPJdn58dL7IW2+2sRQbTiPSTJPY1KHf6wsUzY5OTE+dr8eGZs+8NT1+4+Mzps2OnJk5NnBs9evTI4ZHnnxt9dl3a2Z/Xde+HU/sfPPb2ldfHj19554ev8vruqqVfn5/tXbxFqQjsjYhs6f5eaqHMcpQXH8s6j6+u+v97/XXhpLuDFWFVuiIiP109lf4/EF1x6+QNxGsfR6QdrR/QPlmWZX3LPs2vCtvzwFwGbGJJdLoGQGcUv/j5fXzx2uAhSEdde7l6A5S3+0btVU3prtz5lEvVe6P+NpVfjgMRcfPq8bmbV2PJfAoAQDt8k49/nm40/kvjvrp8d9XWhkoRcXdE7I6IeyJiT0TcG1HJe39EPNBqwUnjpZHl459ftq+xaS3Jx38v1Na2Fo//Fua9S121WH+l/T3JydOTE4dqx2Qwevry+MgKZXz76q+fNUsrR0Q+9iteefnFWLBWjz+7l0zQnRibGbudNte7diBib3ej9icLKwFJbFvz/vNjdvrJL/c3S//v9q9gHdaZsi8inqie/7lY0v5CsvL65PC2mJw4NFx8K5b78efLbzQr/7bavw6ufRSxo+H3f6H9paR+vXZ61UV0X/7906b3NGv9/vcmb1XCxaLtB2MzM+dHInqTueWfj97atogX+fP2Dx5s3P93R/zzeW27fRGRf4kfioiHIyp3bXndH4mIRyPi4AoH4PtXHns3f/9pTe1vr7z9J1Z1/usDPbH0k0aBrjPffd2s/NbO/5FKaLD2SSvXv2rhxXWreQXXetwAAADgTpJW/g98kkRU50121aXtiR3p5NT0zFMnp94/d6KaVoqetJjpGqibDx2pzQ0X8dEl8cOVeeMsy7LtlfjQ+NRku9bUgdbsrPb/dGjhWpCmQ0PVtD+6Fud9sSM1BNpqVetozZ5oA+5IrfV/HR82o4X+v/xJwILOD5tUtf93DXS6HsDG8/daYOtq1P8vRdzoQFWADeb3H7Yu/R+2rtX2/1Kb6gFsPL//sCUtfiS+N1p4nL+lwO5j67OfzR/o6nQ1+ta2eaQdP3TLA0mDpLRB5rTlPfeuS8VipTx9EdHqDi/FRh3MTl+ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1se/AQAA//++KOKq") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) 2m14.734870711s ago: executing program 0 (id=90): open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000040000000110000007"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000300)={&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xa, r0}, 0x38) 2m12.5136069s ago: executing program 0 (id=99): io_setup(0x5, &(0x7f0000000000)=0x0) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = dup(r1) io_submit(r0, 0x1, &(0x7f0000000240)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) 2m9.571320378s ago: executing program 32 (id=99): io_setup(0x5, &(0x7f0000000000)=0x0) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = dup(r1) io_submit(r0, 0x1, &(0x7f0000000240)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) 1m51.951568667s ago: executing program 2 (id=171): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000d62b00006110600000000000c6000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB='&'], 0x10) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000003c0)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="05"], 0x10) 1m51.142298946s ago: executing program 2 (id=172): r0 = io_uring_setup(0x40b0, &(0x7f0000000080)={0x0, 0xe9ce, 0x2, 0x20001, 0x175}) r1 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, r1) 1m50.412984885s ago: executing program 2 (id=176): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x18) bpf$ENABLE_STATS(0x20, 0x0, 0x0) brk(0x400000ffc000) 1m49.515082325s ago: executing program 2 (id=180): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00') read$FUSE(r0, &(0x7f0000000980)={0x2020}, 0x2020) 1m48.718051027s ago: executing program 2 (id=182): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_merged\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r0, 0x0) ftruncate(r0, 0xc17a) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0xf1, 0x1c, 0x10, 0x1a001000000}, [@ldst={0x5, 0x0, 0x5, 0x0, 0x0, 0x0, 0xe6d61e00}]}, &(0x7f0000000080)='GPL\x00', 0x2, 0x3f7, &(0x7f000000cf3d)=""/195}, 0x48) 1m47.918605481s ago: executing program 2 (id=186): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x40) ptrace(0x10, r0) ptrace$setsig(0x4203, r0, 0x4, &(0x7f0000000040)={0x15, 0xa, 0x1e0000}) 1m45.321932891s ago: executing program 33 (id=186): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x40) ptrace(0x10, r0) ptrace$setsig(0x4203, r0, 0x4, &(0x7f0000000040)={0x15, 0xa, 0x1e0000}) 44.496114208s ago: executing program 4 (id=421): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000000)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000280)={0x1c, r1, 0x1, 0xfffffffd, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x1c}}, 0x0) 43.816894068s ago: executing program 4 (id=426): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x6, 0x4, 0x1, 0x0, r0}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0xc, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x40}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94) 43.316009782s ago: executing program 4 (id=430): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000700)=@newtaction={0x7c, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x68, 0x1, [@m_tunnel_key={0x64, 0x1, 0x0, 0x0, {{0xf}, {0x34, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0xb, @loopback={0x400000004000000}}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x7c}}, 0x0) 42.793760053s ago: executing program 4 (id=432): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x901095, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x202) 42.249550528s ago: executing program 4 (id=436): openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 41.534451847s ago: executing program 4 (id=439): r0 = syz_usb_connect(0x3, 0x24, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000bde5a44070275290f515010203010902120001000000000904"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000006c0)={0x44, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 39.13265801s ago: executing program 34 (id=439): r0 = syz_usb_connect(0x3, 0x24, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000bde5a44070275290f515010203010902120001000000000904"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000006c0)={0x44, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 5.548036462s ago: executing program 7 (id=557): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$NLBL_CALIPSO_C_REMOVE(0xffffffffffffffff, 0x0, 0x8080) ptrace(0x10, r0) ptrace$PTRACE_SETSIGMASK(0x420b, r0, 0x8, &(0x7f00000004c0)={[0x6]}) 4.596906402s ago: executing program 7 (id=562): r0 = semget$private(0x0, 0x6, 0x40d) semtimedop(r0, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0) semop(r0, &(0x7f00000000c0)=[{0x2}], 0x1) semctl$IPC_RMID(r0, 0x0, 0x0) 4.281437054s ago: executing program 6 (id=563): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0) copy_file_range(r0, 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x0) 4.096914925s ago: executing program 3 (id=564): r0 = add_key$keyring(&(0x7f0000000340), &(0x7f00000004c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000980)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000180)=@keyring={'key_or_keyring:', r0}) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000500)=@chain={'key_or_keyring:', r1}) 4.010853883s ago: executing program 1 (id=565): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = socket(0x2, 0x80805, 0x0) setsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000)=@int=0x40, 0x4) 3.981308158s ago: executing program 5 (id=566): r0 = socket(0x11, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@newqdisc={0xb0, 0x24, 0xf0b, 0x0, 0x1000000, {0x0, 0x0, 0x12, r1, {0x0, 0x300}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x80, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4], [0x0, 0x0, 0x0, 0x0, 0xd645, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffff]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x14, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x3f0000}]}, {0x4, 0x3f}]}]}}]}, 0xb0}, 0x1, 0x7a00}, 0x4000000) 3.703402412s ago: executing program 7 (id=567): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000000000000001000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000000)=@newtaction={0x14, 0x12, 0xbf68af9d17701201, 0x2, 0x25dfdbfd, {0x7}}, 0x14}}, 0x0) 3.667168737s ago: executing program 1 (id=568): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='hugetlbfs\x00', 0xa08000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1) 3.606865904s ago: executing program 6 (id=569): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='hugetlbfs\x00', 0xa08000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) 3.463470656s ago: executing program 5 (id=570): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x8042, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) write$P9_RSTATu(r0, &(0x7f0000000580)={0x208, 0x2, 0x0, {{0x500, 0xf8, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x1d, '\xd2\x99\x98\x80\x14\x98l\xe9\x82\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e\x97\xa5\x9ad', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x239) 3.442193022s ago: executing program 3 (id=571): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000200)=[@in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0xfe, 0x0}}]}, &(0x7f0000000080)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000000c0)={r1, @in={{0x2, 0x0, @empty}}, 0x80000000, 0x1f4, 0x0, 0x0, 0xce024d}, 0x9c) 3.141590661s ago: executing program 1 (id=572): r0 = socket$netlink(0x10, 0x3, 0x4) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}]}, &(0x7f0000000180)=0x10) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000000)="480000001400190d09004beafd0d36020a8429000b4e230f00000000a2bc5603ca00000f7f89004e002050da742dac0000000101ff05020003000200000000000100000000005839", 0x48}], 0x1) 3.064935648s ago: executing program 6 (id=573): r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000004000)={0xffffffffffffffff}) close(r0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000000)) 2.917736297s ago: executing program 7 (id=574): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x70bd2c, 0x25dfdbff, {0x2, 0x0, 0x20}, [@FRA_SRC={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x1a}}]}, 0x24}}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100"], 0x28}}, 0x0) 2.458163348s ago: executing program 3 (id=575): rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffdeffffe]}, 0x0, 0x8) r0 = gettid() tkill(r0, 0x29) rt_sigprocmask(0x2, &(0x7f0000000100)={[0x2]}, 0x0, 0x8) 2.320891966s ago: executing program 6 (id=576): syz_mount_image$udf(&(0x7f0000000100), &(0x7f0000000040)='./bus\x00', 0x14444, &(0x7f0000000fc0)=ANY=[@ANYBLOB='iocharset=cp860,noadinicb,session=00000000000000000004,unhide,volume=00000000000000052123,umask=00000000000000000000002,shortad,rootdir=00000000000000000003,uid=', @ANYRESDEC=0xee01, @ANYBLOB="2c00052d5440669c78bffc3a3fa4eab3b729e3e111d3842a7ecce1f114be2380a2d1a62a4dc8ec11f76344a7e56ac10de6d7e3d66851cbc9c02da38318fa82c0ce928a0bc43a9e691a213a18ee3532f23d07027881f0ddc4c60b16f1b943bfbc0ad44a99e7e44e8fa4e9c8181751240e3d6b3de4b645bcd60146d24d9d2e95140225efcbc328699b608222ffff36db306021f3c213e2e2014ff850bfe3b43f8abb3d7506c67389b990b7a00a1f7022fb60ea96dcf49eae0900000000000000fbccb6059a73fd1c8b8d44350b5700004035dc7ba9ef0f4528a7cfde84bda823a07d804780da1a7258567a90916b5a1d297a9096931f481e050e47cfdcf04485a2179a6f9f3f84238ecb9b3581fa6e1851277782b4e1ec9199e6d272d6364c1f1773f8b62400ad0ad8a33dfb6a23168d69228dd78cca270bf8a0b69f84eab104130edec400b891f3f294fb0127b515f197056d0737269a"], 0xfe, 0xc22, &(0x7f00000002c0)="$eJzs3UFsHNd9B+D/Gy1FSm4rJk5Uu43bTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmCIJkmpkI22YXnroIUBR9JATgdYokKKB0RRBj2zrAsnFhyKnnogWNoKiB7YIkFPAYGbfikuKsmhTpCj7+2zqNzvz3sx7M+sZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxO+/fOnMc+lhtwIAOEhXxr985qznPwB8rFz1//8AAAAAAAAAAAAAAHDYpSji8Ugxf2U9TVafOwYut2dv3Z4YGd252rFU1TxSlS9/Bp47e+78F54fvtDN96//oD0Zr45fvVR/ae7m/EJrcbE1XZ+YbU/NTbd2vYe91t9uqDoB9Zuv3Zq+fn2xfvbZc1s23x58r/+xk4MXh58+/VS37MTI6Oh4T5la34c++l3uNcLjaBRxOlI8890fp2ZEFLH3c3Gf785+O1Z1YqjqxMTIaNWRmXZzdqncONY9EUVEvadSo3uODuBa7EkjYrlsftngobJ74/PNhea1mVZ9rLmw1F5qz82OpU5ry/7Uo4gLKWIlItb6795dXxRRixTfPrGerkXEke55+Hw1MPje7Sj2sY+7ULaz3hexUjwC1+wQ648iXokUP3m7iKnynOWf+FzEK2V+P+LNMl+MSOUX43zEuzt8j3g01aKIvyiv/8X1NB0RGyc660frl79S/9Ls9bmest37yiP/fDhIh/zeNBBFNKs7/nr68L/ZAQAAAAAAAAAAAAAAAOBBOxZFPBkpXv6PP67GFUc1Lv3ExeE/GPzF3jHjT9xnP2XZZyNiudjdmNyjeQjxWBpL6SGPJf44G4gi/iSP//vmw24MAAAAAAAAAAAAAAAAAADAx1oRP4oUL7xzKq1E75zi7dkb9avNazOdWWG7c/9250zf2NjYqKdONnJO5lzOuZJzNedazihy/ZyNnJM5l3Ou5FzNuZYzjuT6ORs5J3Mu51zJuZpzLWfUcv2cjZyTOZdzruRczbmWMw7J3L0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8lRRTxs0jxra+tp0gR0YiYjE6u9nfLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPU38q4nuRov6HjTvrahGRqn87TpW/nI/G0TI/GY3hMl+MxqWczSprjW/e92hpX/rAh9eXivhhpOgfeOvO1cnXv6/zafOavfn1zU+/Uuvkke7Gwff6Hzt54uLw6K89ca/lHa/+0OX27K3b9YmR0dHxntW1fPRP9qwbzMctHkzXiYjF1994rTkz01qw8PFYqHUWanFI2nNQC/l+FYelPdsXGoejGZsLD/nGxIEon//vRorfeec/uw/87vP/Fzqf7jzh46d/uvn8f2H7jvbp+f94z7oX8u9G+moRA0s35/tORgwsvv7G6fbN5o3Wjdbs+TNnvjg8/MVzZ/qORgxcb8+0epb2fKoAAAAAAAAAAAAAAAAADlYq4vciRfOH66keEber8VqDF4efPv3UkThSjbfaMm7r1fGrl+ovzd2cX2gtLram6xOz7am56dZuDzdQDfeaGBndl87c17F9bv+xgZfm5l9faN/4o6Udtx8fuHRtcWmhObXz5jgWRUSjd81Q1eCJkdGq0TPt5mxVdewBvUqhLxXxX5Fi6nw9fTavy+P/to/w3zL+f3n7jvZp/N8netaVx0ypiJ9Git/+yyfis1U7j8dd5yyX+9tIMXThM7lcHC3LddvQea9AZ2RgWfb/IsU//mxr2e54yMc3yz636xP7iCiv/4lI8b0//078Rl639f0PO1//49t3tE/X/1M9645veV/BnrtOvv6nI8WLj78Vv5nXvd/7P4rY2Nj4RsSpXPjO+zn26fp/umfdYHSO+1sPrvsAAAAAAAAAAACPrL5UxN9FiqdGa+n5vG43f/9vevuO9unvf/1yz7rpA5qvaM8nFQAAAAAOib5UxI8ixY2lt+6Mod46/rtn/Ofvbs69PpK2ba3+nO+XqvcGPMg//+s1mI87ufduAwAAAAAAAAAAAAAAAAAAwKGSUhHP5/nUJ+8zn/pqpHj5f57J5dLJslx3HvjB6teBK3Ozpy/NzMxNNZea12Za9fH55lSrrPupSLH+N5/JdYtqfvXufPOdOd4HNrpzsS9EitG/75btzMXenZu8Mx94Zy72suwnIsV//8PWst15rD+9WfZsWfavI8VX/3nnsic3y54ry34nUvzgq/Vu2eNl2e77UTvvJB2oxUzr2am5mbtehQoAAAAAAAAAAAAAAAAAAAAfVF8q4s8ixf/eXInlPOw/z//fnYG/1i375td75vvf5nY1z/9gNf//vZY/zPz/gw+spwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8OhIUcQbkWL+ynpa7S8/dwxcbs/euj0xMrpztWOpqnmkKl/+DDx39tz5Lzw/fKGb71//QXsyXh2/eqn+0tzN+YXW4mJruj4x256am27teg97rb956jqGqhNQv/narenr1xfrZ589t2Xz7cH3+h87OXhx+OnTT3XLToyMjo73lKn1fYCjf6DGbToaRfxVpHjmuz9O/9IfUcTez8V9vjv77VjViaGqExMjo1VHZtrN2aVy41j3RBQR9Z5Kje45OoBrsSeNiOWy+WWDh8rujc83F5rXZlr1sebCUnupPTc7ljqtLftTjyIupIiViFjrv3t3fVHEa5Hi2yfW07/2RxzpnofPXxn/8pmz925HsY993IWynfW+iJXiEbhmh1h/FPFPkeInb5+Kf+uPqEXnJz4X8UqZ3494s8wXI1KK2PhGxLs7fI94NNWiiP8vr//F9fR2f3k/6N5XLn+l/qXZ63M9Zbv3lV09H3793sd86M+Hg3TI700DUcQPqjv+evp3/10DAAAAAAAAAAAAAAAAHCJF/GqkeOGdU6kaH3xnTHF79kb9avPaTGdYX3fsX3fM9MbGxkY9dbKRczLncs6VnKs513JGkevnbOSczLmccyXnas61nHEk18/ZyDmZcznnSs7VnGs5o5br52zknMy5nHMl52rOtZxxSMbuAQAAAAAAAAAAAAAAAAAAHy1F9U+Kb31tPW30d+aXnoxOrpoP9CPv5wEAAP//N4D+uw==") creat(0x0, 0xd931d3864d39dcdb) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) utimensat(r0, 0x0, &(0x7f0000000040)={{0x0, 0x2710}, {0x0, 0x3ffffffe}}, 0x0) 2.269196921s ago: executing program 5 (id=577): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="12000000060000000400000002"], 0x48) r1 = socket$kcm(0xa, 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0}, &(0x7f0000000080)=0x1000000, &(0x7f0000000180)=r1}, 0x20) recvmsg$kcm(r1, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x40000140) 2.012916874s ago: executing program 7 (id=578): r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/sctp\x00') open_tree(r0, &(0x7f0000000640)='\x00', 0x89901) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]}) close_range(r1, 0xffffffffffffffff, 0x0) 1.960246899s ago: executing program 5 (id=579): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000340)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0) futex_waitv(&(0x7f0000000180)=[{0x0, &(0x7f0000000000), 0x2}], 0x1, 0x0, 0x0, 0x1) 1.909912451s ago: executing program 3 (id=580): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x18) bpf$ENABLE_STATS(0x20, 0x0, 0x0) epoll_wait(0xffffffffffffffff, 0x0, 0x0, 0x100) 1.535920437s ago: executing program 1 (id=581): r0 = socket$kcm(0xa, 0x1, 0x106) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011) sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4e24, 0x0, @dev, 0x2}, 0x80, 0x0}, 0xe07e872420dfefca) close(r0) 1.487863065s ago: executing program 5 (id=582): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000040)='./file1\x00', 0x810, &(0x7f00000001c0), 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=") lremovexattr(&(0x7f0000000000)='./file1\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="62747266732eb997"]) 1.441709306s ago: executing program 7 (id=583): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@newlink={0x34, 0x10, 0x403, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x0, 0x7d043}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x0) syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a44000010203010902bf0002010650000900000000020d00000524060001082400a9b30d240f010a0000000300ff000606241a05001407240a050905580c240c00000000a90c0900030424020204240200042402024424"], 0x0) syz_usb_connect$cdc_ecm(0x6, 0x4d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x1, 0x30, 0x7, [{{0x9, 0x4, 0x0, 0x9f, 0x2, 0x2, 0x6, 0x0, 0x5, {{0x5}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0xc, 0x6, 0x5, 0xf}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x10, 0x2, 0xaf, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xf, 0x6, 0x2}}}}}]}}]}}, 0x0) syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104000000080000000006241a03000a05240101070424020a1524120009a317a88b045e4f01a607c0ffcb7e392a09044c03003a92a2010a240109000102010205240401050c2402"], 0x0) 1.364203605s ago: executing program 6 (id=584): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x21, &(0x7f00000006c0)=0x7baf14b8, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) 1.346332299s ago: executing program 3 (id=585): unshare(0x400) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x141842, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0) ioctl$FICLONE(r0, 0x40049409, r1) 601.594856ms ago: executing program 1 (id=586): r0 = socket$inet6(0xa, 0x2, 0x3a) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e20, 0x6, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x2}, 0x1c) r1 = dup(r0) bind$unix(r1, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e) 331.890668ms ago: executing program 6 (id=587): r0 = syz_io_uring_setup(0x1f85, &(0x7f0000000340)={0x0, 0x0, 0x13580}, &(0x7f0000000100), &(0x7f0000000300)) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) open$dir(&(0x7f0000000000)='./file0\x00', 0x40400, 0x4) ppoll(&(0x7f0000000040)=[{r0}], 0x1, 0x0, 0x0, 0x0) 328.97176ms ago: executing program 3 (id=588): select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x2}) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000140)='./file1\x00', 0x1008400, &(0x7f0000000480)=ANY=[@ANYRES8=r0, @ANYRES16=r1, @ANYRES16=r1, @ANYRESHEX, @ANYRES16=r0, @ANYRESHEX=r1, @ANYRESHEX=r1, @ANYBLOB="8e74223893a1120dc721ea1a18da0c6512129b0288e71cbf7487c1e3e2dbd90ff05d32e0a17dfa7a976cc894e9d0a1fb291bb6451ccd39b0deb2e6535e0f7f5e06f38817d29e6b293ce74ffc30a0ee2ac00b7a4d03b6f202b34b595e749b4e4d6228fedc8fc34d16885088bc51fcbbc1c528cefaadcbd64be14cf4ef293c4c5ae028c0a1c6b7528cfae74f63380864b2b742d0ee89020679ef8b40a95e5a5342a19e3f46df4310a3bf708ccb30f5ca0f71b309f49b0a22716fd5d5231811b61402abbe5fb9175b962748edeebb5310", @ANYRES16], 0x85, 0x676, &(0x7f0000000800)="$eJzs3c1vHGcdB/DvbNZONpTUbZM2RZUSNRIgIhI7Vgrm0oAQyqFCVTlwthInsbJJi+0it0LUvF97yB9QDr5xQEjcI8qFC9x69bESgksvmNOimZ1db/y6bhOvHT6favw8M888z/ye387s7EujDfB/6/rFNB+myPWLbyyX62ur0+211el7vXqS40kaSbNbpPhPp9P5OLmW7pKXy431cMVOx3kwP/PWJ5+tfdpda9ZLtX9jt37DWamXnE9yrC4f13g39hrvxF7DFf0Zlgm70EscjNpYkk7lXw+6W37yt2f6LQNa2/Xe88wHjoCie9/cYiI5WV/o5euA7l2xe88+0lZGHQAAAAAcgGfXs57lnBp1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCU1L//X9RLo1c/n6L3+//j9bbU9cPl3P52f/ik4gAAAAAAAACAA3RuPetZzqneeqeovvN/tVo5Xf39Ut7NYuaykEtZzmyWspSFTCWZGBhofHl2aWlhqt+z938GbO15ZdueV/YI9Hhdth7HrAEAAAAAAADgqfPLXN/4/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6DIjnWLarldK8+kUYzyYkk4+V+K8k/evWj7OGoAwAAAIAvoDPkfs+uZz3LOdXvV1Tv+V+s3vefyLu5n6XMZyntzOVm9VlA911/Y211ur22On2vXLaO+91/7yvcasR0P3vY/shnqz1auZX5asul3MjbKYqbaVQ9S2d78Wwf1y/KmIrXu8aGjOxmXZYz/7Aut/hgX5PdyT4/TJmoMjLWz8hkHVuZjed2z8Q+H53NR5pKox/s6U1H2jSJR3L++pDHO1mX5Xx+u1POR2JzJq4MnH0v7p7z5Gt//sOP77Tv371za/Hi4ZnScI7VZfd5pbU1E9MDmXjpac7EFpNVJs7016/nB/lRLuZ83sxC5vPTzGYpczmf71e12fp8LgYu+R0yde2RtTf3imS8PkO7D9ajMWWPmF6t+p7KfH6Yt3Mzc3mt+u9KpvKtXM3VzAw8wmeGeKZt7HDVd768bfAXvl5XWkl+V5eV2829Jv6ElXl9biCvg8+5E1Xb4JaNLD2/j/tRL0t/3D2U5lfqSnmMX9Xl4bA5E1MDmXhh90z8vnpaWWzfv7twZ/ad4Q73/Id1pbyOfnOo7hLl+fJ8+WBVa4+eHWXbC3XbWLVs5Gu8/sal26+xpe1Mv617pa7seKWO16/hto50pWp7adu26art7EDb5tdb7f7roafhyx+Ap9bJb5wcb/2z9ffWR61ft+603jjxvePfPv7KeMb+Ovad5uSxrzZeKf6Uj/Lzjff/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA57f43vt3Z9vtuYVNlU6n88EOTUe50vs5swM86MvPJKOa8niSw5H5/3Y6nXpLcRji2b3SKR1P53N2/0uS4XZuJtmu6dzokzDiJybgibu8dO+dy4vvvf/N+Xuzt+duz92fuXp1ZnLm6mvTl2/Nt+cmu39HHSXwJGzc9EcdCQAAAAAAAAAAADCsg/jnBDsf/cRBThUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4oq5fTPNhikxNXpos19dWp9vl0qtv7NlM0khS/CwpPk6upbtkYmC4YqfjPJifeeuTz9Y+3Rir2du/sVu/4azUS84nOVaXj2u8G194vKI/wzJhF3qJg1H7XwAAAP//DJEGHw==") openat(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x105042, 0x189) unlink(&(0x7f0000001a80)='./file2\x00') 127.798143ms ago: executing program 1 (id=589): r0 = syz_open_dev$sg(&(0x7f0000000580), 0x4000000040002, 0x82) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0xa0000004}) poll(&(0x7f00000000c0)=[{r1, 0x1009}], 0x1, 0x8000007) 0s ago: executing program 5 (id=590): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x800, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.65' (ED25519) to the list of known hosts. [ 177.961786][ T5767] cgroup: Unknown subsys name 'net' [ 178.099785][ T5767] cgroup: Unknown subsys name 'cpuset' [ 178.114213][ T5767] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 224.465768][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 224.472898][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 224.764756][ T5767] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 228.724248][ T5794] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 228.732694][ T5794] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 228.742046][ T5799] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 228.750042][ T5794] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 228.762079][ T5799] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 228.770737][ T5799] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 228.793168][ T5801] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 228.801735][ T5801] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 228.810596][ T5803] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 228.822686][ T5801] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 228.831230][ T5803] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 228.839275][ T5806] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 228.847193][ T5808] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 228.856500][ T5806] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 228.866007][ T5803] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 228.883972][ T5803] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 228.907764][ T5801] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 228.918101][ T5803] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 228.919100][ T5808] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 228.933621][ T5803] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 228.945170][ T5808] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 228.948236][ T5803] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 228.954892][ T5808] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 228.971686][ T5797] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 228.983340][ T5808] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 230.007566][ T5793] chnl_net:caif_netlink_parms(): no params data found [ 230.864351][ T5793] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.875804][ T5793] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.883944][ T5793] bridge_slave_0: entered allmulticast mode [ 230.893408][ T5793] bridge_slave_0: entered promiscuous mode [ 230.998482][ T5792] chnl_net:caif_netlink_parms(): no params data found [ 231.031501][ T5803] Bluetooth: hci1: command tx timeout [ 231.037169][ T5803] Bluetooth: hci4: command tx timeout [ 231.041825][ T5791] chnl_net:caif_netlink_parms(): no params data found [ 231.067045][ T5793] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.074704][ T5793] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.082546][ T5793] bridge_slave_1: entered allmulticast mode [ 231.092167][ T5793] bridge_slave_1: entered promiscuous mode [ 231.093794][ T5803] Bluetooth: hci0: command tx timeout [ 231.104172][ T5799] Bluetooth: hci3: command tx timeout [ 231.109795][ T5799] Bluetooth: hci2: command tx timeout [ 231.117932][ T5790] chnl_net:caif_netlink_parms(): no params data found [ 231.490941][ T5793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 231.514684][ T5793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 231.742177][ T5793] team0: Port device team_slave_0 added [ 231.750059][ T5789] chnl_net:caif_netlink_parms(): no params data found [ 231.807877][ T5793] team0: Port device team_slave_1 added [ 232.224565][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 232.233227][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 232.260644][ T5793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 232.326077][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.333861][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.342238][ T5792] bridge_slave_0: entered allmulticast mode [ 232.351715][ T5792] bridge_slave_0: entered promiscuous mode [ 232.376264][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 232.384562][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 232.412049][ T5793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 232.615758][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.623609][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.631339][ T5792] bridge_slave_1: entered allmulticast mode [ 232.640832][ T5792] bridge_slave_1: entered promiscuous mode [ 232.654810][ T5791] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.664681][ T5791] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.672528][ T5791] bridge_slave_0: entered allmulticast mode [ 232.682198][ T5791] bridge_slave_0: entered promiscuous mode [ 232.699380][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.707334][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.715179][ T5790] bridge_slave_0: entered allmulticast mode [ 232.724732][ T5790] bridge_slave_0: entered promiscuous mode [ 232.778789][ T5791] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.787280][ T5791] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.795450][ T5791] bridge_slave_1: entered allmulticast mode [ 232.805189][ T5791] bridge_slave_1: entered promiscuous mode [ 232.816503][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.824451][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.832210][ T5790] bridge_slave_1: entered allmulticast mode [ 232.842142][ T5790] bridge_slave_1: entered promiscuous mode [ 233.055276][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 233.093095][ T5808] Bluetooth: hci4: command tx timeout [ 233.100872][ T5808] Bluetooth: hci1: command tx timeout [ 233.113738][ T5791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 233.170783][ T5808] Bluetooth: hci0: command tx timeout [ 233.176474][ T5808] Bluetooth: hci2: command tx timeout [ 233.182354][ T5808] Bluetooth: hci3: command tx timeout [ 233.206347][ T5793] hsr_slave_0: entered promiscuous mode [ 233.215564][ T5793] hsr_slave_1: entered promiscuous mode [ 233.234777][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 233.253484][ T5791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 233.303643][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 233.324673][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 233.406001][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.413794][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.422291][ T5789] bridge_slave_0: entered allmulticast mode [ 233.431192][ T5789] bridge_slave_0: entered promiscuous mode [ 233.612840][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.620758][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.628382][ T5789] bridge_slave_1: entered allmulticast mode [ 233.637161][ T5789] bridge_slave_1: entered promiscuous mode [ 233.669192][ T5790] team0: Port device team_slave_0 added [ 233.682725][ T5792] team0: Port device team_slave_0 added [ 233.696960][ T5791] team0: Port device team_slave_0 added [ 233.712249][ T5791] team0: Port device team_slave_1 added [ 233.789049][ T5790] team0: Port device team_slave_1 added [ 233.805067][ T5792] team0: Port device team_slave_1 added [ 233.884825][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 234.086861][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 234.153580][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 234.161655][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.188149][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 234.203451][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 234.210872][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.237266][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 234.251313][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 234.258478][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.284967][ T5791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 234.344589][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 234.351946][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.378430][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 234.394529][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 234.401899][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.428558][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 234.442817][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 234.449977][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.476505][ T5791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 234.511076][ T5789] team0: Port device team_slave_0 added [ 234.634535][ T5789] team0: Port device team_slave_1 added [ 234.843720][ T5792] hsr_slave_0: entered promiscuous mode [ 234.857024][ T5792] hsr_slave_1: entered promiscuous mode [ 234.864824][ T5792] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 234.872776][ T5792] Cannot create hsr debugfs directory [ 235.022871][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 235.030030][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 235.057107][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 235.113617][ T5790] hsr_slave_0: entered promiscuous mode [ 235.123732][ T5790] hsr_slave_1: entered promiscuous mode [ 235.132502][ T5790] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 235.140245][ T5790] Cannot create hsr debugfs directory [ 235.170260][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 235.177604][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 235.190733][ T5803] Bluetooth: hci1: command tx timeout [ 235.203952][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 235.209302][ T5808] Bluetooth: hci4: command tx timeout [ 235.239803][ T5791] hsr_slave_0: entered promiscuous mode [ 235.249718][ T5791] hsr_slave_1: entered promiscuous mode [ 235.258546][ T5791] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 235.266467][ T5791] Cannot create hsr debugfs directory [ 235.273514][ T5808] Bluetooth: hci3: command tx timeout [ 235.274166][ T5803] Bluetooth: hci2: command tx timeout [ 235.279035][ T5808] Bluetooth: hci0: command tx timeout [ 235.839285][ T5789] hsr_slave_0: entered promiscuous mode [ 235.849283][ T5789] hsr_slave_1: entered promiscuous mode [ 235.857023][ T5789] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 235.864885][ T5789] Cannot create hsr debugfs directory [ 236.245695][ T5793] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 236.339055][ T5793] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 236.362111][ T5793] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 236.513126][ T5793] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 236.749778][ T5792] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 236.776658][ T5792] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 236.799235][ T5792] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 236.851655][ T5792] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 237.155504][ T5790] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 237.235432][ T5790] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 237.252351][ T5799] Bluetooth: hci1: command tx timeout [ 237.267587][ T5799] Bluetooth: hci4: command tx timeout [ 237.289331][ T5790] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 237.328242][ T5790] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 237.342196][ T5799] Bluetooth: hci2: command tx timeout [ 237.347839][ T5799] Bluetooth: hci3: command tx timeout [ 237.352537][ T5808] Bluetooth: hci0: command tx timeout [ 237.369256][ T5791] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 237.405217][ T5791] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 237.466695][ T5791] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 237.612698][ T5791] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 237.666513][ T5789] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 237.698318][ T5789] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 237.813441][ T5789] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 237.882860][ T5789] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 238.006583][ T5793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.208154][ T5793] 8021q: adding VLAN 0 to HW filter on device team0 [ 238.304959][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.312659][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 238.441741][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.499918][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.507697][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.657452][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.754471][ T5792] 8021q: adding VLAN 0 to HW filter on device team0 [ 238.883638][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.891331][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 238.974927][ T5790] 8021q: adding VLAN 0 to HW filter on device team0 [ 238.985139][ T5793] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 239.036792][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.044465][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.092377][ T5791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 239.190589][ T3536] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.198292][ T3536] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.298107][ T3536] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.305758][ T3536] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.477106][ T5791] 8021q: adding VLAN 0 to HW filter on device team0 [ 239.545759][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 239.663674][ T3536] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.671440][ T3536] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.796065][ T5789] 8021q: adding VLAN 0 to HW filter on device team0 [ 239.870868][ T3536] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.878434][ T3536] bridge0: port 2(bridge_slave_1) entered forwarding state [ 240.058627][ T3536] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.066295][ T3536] bridge0: port 1(bridge_slave_0) entered forwarding state [ 240.202425][ T5791] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 240.317169][ T3536] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.324806][ T3536] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.178372][ T5793] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 241.622674][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 241.738916][ T5793] veth0_vlan: entered promiscuous mode [ 241.830221][ T5793] veth1_vlan: entered promiscuous mode [ 241.995369][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 242.170436][ T5793] veth0_macvtap: entered promiscuous mode [ 242.262065][ T5793] veth1_macvtap: entered promiscuous mode [ 242.483809][ T5791] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 242.511786][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 242.557605][ T5790] veth0_vlan: entered promiscuous mode [ 242.638090][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 242.690150][ T5793] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.699865][ T5793] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.711094][ T5793] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.720113][ T5793] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.799182][ T5790] veth1_vlan: entered promiscuous mode [ 242.821847][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 243.219160][ T5790] veth0_macvtap: entered promiscuous mode [ 243.241713][ T5791] veth0_vlan: entered promiscuous mode [ 243.297489][ T5790] veth1_macvtap: entered promiscuous mode [ 243.355456][ T5791] veth1_vlan: entered promiscuous mode [ 243.418687][ T5789] veth0_vlan: entered promiscuous mode [ 243.516858][ T5789] veth1_vlan: entered promiscuous mode [ 243.564746][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 243.637386][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 243.711746][ T5791] veth0_macvtap: entered promiscuous mode [ 243.755134][ T5790] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.764405][ T5790] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.773675][ T5790] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.782824][ T5790] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.847004][ T5791] veth1_macvtap: entered promiscuous mode [ 244.026362][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 244.079476][ T5789] veth0_macvtap: entered promiscuous mode [ 244.162929][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 244.183651][ T5789] veth1_macvtap: entered promiscuous mode [ 244.237694][ T5791] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.248733][ T5791] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.259217][ T5791] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.268367][ T5791] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.426722][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 244.497505][ T5792] veth0_vlan: entered promiscuous mode [ 244.544416][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 244.604504][ T5792] veth1_vlan: entered promiscuous mode [ 244.637745][ T5789] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.646933][ T5789] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.656109][ T5789] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.665227][ T5789] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.883879][ T5792] veth0_macvtap: entered promiscuous mode [ 244.968086][ T5792] veth1_macvtap: entered promiscuous mode [ 245.183890][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 245.253601][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 245.328598][ T5792] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.340835][ T5792] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.349839][ T5792] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.362180][ T5792] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.727051][ T3536] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 249.736077][ T3536] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 249.936301][ T4461] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 249.944580][ T4461] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 250.423412][ T5793] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 250.600620][ T3494] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 250.610884][ T3494] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 250.963647][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 250.972748][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 251.542035][ T5028] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 251.550103][ T5028] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 251.592972][ T1000] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 251.602133][ T1000] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 251.824982][ T1000] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 251.836109][ T1000] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 252.005291][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 252.013591][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 252.387087][ T5028] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 252.395850][ T5028] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 252.699840][ T1000] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 252.708232][ T1000] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 252.935350][ T5987] loop1: detected capacity change from 0 to 523 [ 252.982950][ T5987] ======================================================= [ 252.982950][ T5987] WARNING: The mand mount option has been deprecated and [ 252.982950][ T5987] and is ignored by this kernel. Remove the mand [ 252.982950][ T5987] option from the mount to silence this warning. [ 252.982950][ T5987] ======================================================= [ 253.180726][ T5987] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 253.195038][ T5987] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 253.204572][ T5987] EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities [ 253.533983][ T5993] loop3: detected capacity change from 0 to 512 [ 253.691315][ T5993] EXT4-fs error (device loop3): ext4_iget_extra_inode:5035: inode #15: comm syz.3.11: corrupted in-inode xattr: overlapping e_value [ 253.818320][ T5993] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.11: couldn't read orphan inode 15 (err -117) [ 253.873310][ T5993] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 254.052346][ T5993] EXT4-fs error (device loop3): ext4_add_entry:2417: inode #2: comm syz.3.11: Directory hole found for htree leaf block 0 [ 254.171927][ T5853] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 254.339268][ T5853] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 254.350943][ T5853] usb 3-1: New USB device found, idVendor=28bd, idProduct=0933, bcdDevice= 0.00 [ 254.360297][ T5853] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.465133][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 254.499169][ T5853] usb 3-1: config 0 descriptor?? [ 255.098022][ T5853] input: HID 28bd:0933 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:28BD:0933.0001/input/input5 [ 256.036737][ T6012] loop0: detected capacity change from 0 to 32768 [ 256.069296][ T5853] uclogic 0003:28BD:0933.0001: input,hidraw0: USB HID vff.ff Mouse [HID 28bd:0933] on usb-dummy_hcd.2-1/input0 [ 256.112099][ T5853] usb 3-1: USB disconnect, device number 2 [ 256.166623][ T6019] loop3: detected capacity change from 0 to 512 [ 256.261769][ T6012] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=xxhash,data_checksum=xxhash,compression=lz4,str_hash=crc64,norecovery,reconstruct_alloc [ 256.261901][ T6012] allowing incompatible features above 0.0: (unknown version) [ 256.261990][ T6012] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 256.270782][ T6019] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 256.280772][ T6012] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 256.322522][ T6012] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 256.331555][ T6012] bcachefs (loop0): Version upgrade from 1.19: autofix_errors to 1.7: mi_btree_bitmap incomplete [ 256.331555][ T6012] Doing compatible version upgrade from 1.19: autofix_errors to 1.28: inode_has_case_insensitive [ 256.331555][ T6012] running recovery passes: check_extents_to_backpointers,check_inodes [ 256.367361][ T6012] bcachefs (loop0): dropping and reconstructing all alloc info [ 256.377115][ T6019] EXT4-fs (loop3): 1 truncate cleaned up [ 256.387081][ T6019] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 256.437882][ T6023] warning: `syz.4.20' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 256.477918][ T6012] bcachefs (loop0): invalid bkey in btree_node btree=inodes level=0: u64s 18 type inode_v3 0:4098:U32_MAX len 0 ver 0: [ 256.478024][ T6012] mode=0 [ 256.478083][ T6012] flags=(15300000) [ 256.478146][ T6012] journal_seq=4 [ 256.478208][ T6012] hash_seed=ece93825deac2443 [ 256.478274][ T6012] hash_type=siphash [ 256.478341][ T6012] bi_size=0 [ 256.478400][ T6012] bi_sectors=0 [ 256.478460][ T6012] bi_version=0 [ 256.478521][ T6012] bi_atime=2770562249 [ 256.478584][ T6012] bi_ctime=2780562352 [ 256.478647][ T6012] bi_mtime=2780562352 [ 256.478711][ T6012] bi_otime=2770562249 [ 256.478773][ T6012] bi_uid=0 [ 256.478832][ T6012] bi_gid=0 [ 256.478889][ T6012] bi_nlink=0 [ 256.478948][ T6012] bi_generation=0 [ 256.479006][ T6012] bi_dev=0 [ 256.479064][ T6012] bi_data_checksum=0 [ 256.479126][ T6012] bi_compression=0 [ 256.479188][ T6012] bi_project=0 [ 256.479249][ T6012] bi_background_compression=0 [ 256.479321][ T6012] bi_data_replicas=0 [ 256.479384][ T6012] bi_promote_target=0 [ 256.479449][ T6012] bi_foreground_target=0 [ 256.479513][ T6012] bi_background_target=0 [ 256.479577][ T6012] bi_erasure_code=0 [ 256.479639][ T6012] bi_fields_set=0 [ 256.479701][ T6012] bi_dir=4096 [ 256.479762][ T6012] bi_dir_offset=189491840996961599 [ 256.479829][ T6012] bi_subvol=0 [ 256.479889][ T6012] bi_parent_subvol=0 [ 256.479951][ T6012] bi_nocow=0 [ 256.480010][ T6012] bi_depth=0 [ 256.480070][ T6012] bi_inodes_32bit=0 [ 256.480132][ T6012] bi_casefold=0 [ 256.480196][ T6012] invalid fields_start (got 18, min 6 max 13), deleting [ 256.627168][ T6019] fscrypt (loop3, inode 18): Unsupported encryption flags (0x08) [ 256.736408][ T6012] bcachefs (loop0): accounting_read... done [ 256.751332][ T6012] bcachefs (loop0): alloc_read... done [ 256.759334][ T6012] bcachefs (loop0): snapshots_read... done [ 256.777832][ T6012] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean [ 256.789575][ T6012] bcachefs (loop0): done starting filesystem [ 256.962729][ T6012] bcachefs (loop0): dirent to missing inode: [ 256.962816][ T6012] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir [ 257.122605][ T5790] bcachefs (loop0): shutting down [ 257.193009][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 257.252538][ T5790] bcachefs (loop0): shutdown complete [ 258.641133][ T6034] fido_id[6034]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 259.530937][ T6053] netlink: 96 bytes leftover after parsing attributes in process `syz.1.33'. [ 259.540202][ T6053] netlink: 'syz.1.33': attribute type 5 has an invalid length. [ 259.548182][ T6053] netlink: 44 bytes leftover after parsing attributes in process `syz.1.33'. [ 259.726640][ T6057] bond0: mtu greater than device maximum [ 260.737862][ T6062] Bluetooth: MGMT ver 1.23 [ 262.746231][ T6090] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 262.981252][ T6082] loop2: detected capacity change from 0 to 40427 [ 263.079350][ T6082] F2FS-fs (loop2): invalid crc value [ 263.450552][ T6082] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 263.821838][ T6102] tun0: tun_chr_ioctl cmd 1074025677 [ 263.827726][ T6102] tun0: linktype set to 805 [ 264.192482][ T6105] netlink: 8 bytes leftover after parsing attributes in process `syz.1.54'. [ 264.742539][ T6109] xt_CT: No such helper "snmp" [ 264.992361][ T6121] mmap: syz.1.60 (6121) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 266.498408][ T5853] kernel write not supported for file /sg0 (pid: 5853 comm: kworker/1:5) [ 267.581037][ T6154] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 268.943257][ T6173] loop0: detected capacity change from 0 to 512 [ 269.101275][ T6173] EXT4-fs error (device loop0): ext4_orphan_get:1419: comm syz.0.81: bad orphan inode 13 [ 269.140199][ T6173] ext4_test_bit(bit=12, block=4) = 1 [ 269.147506][ T6173] is_bad_inode(inode)=0 [ 269.152134][ T6173] NEXT_ORPHAN(inode)=0 [ 269.156396][ T6173] max_ino=32 [ 269.159783][ T6173] i_nlink=1 [ 269.165861][ T6173] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 269.365967][ T6173] EXT4-fs warning (device loop0): dx_probe:801: inode #2: comm syz.0.81: Unrecognised inode hash code 20 [ 269.378470][ T6173] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.81: Corrupt directory, running e2fsck is recommended [ 269.772342][ T6191] netlink: 20 bytes leftover after parsing attributes in process `syz.1.87'. [ 269.834093][ T5790] EXT4-fs warning (device loop0): dx_probe:801: inode #2: comm syz-executor: Unrecognised inode hash code 20 [ 269.846274][ T5790] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz-executor: Corrupt directory, running e2fsck is recommended [ 269.941713][ T5790] EXT4-fs error (device loop0): ext4_readdir:264: inode #2: block 13: comm syz-executor: path /14/file0: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 270.133427][ T5790] EXT4-fs error (device loop0): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 270.235372][ T5790] EXT4-fs error (device loop0): ext4_lookup:1787: inode #16: comm syz-executor: iget: bad i_size value: 880468304680 [ 270.351815][ T5790] EXT4-fs error (device loop0): ext4_lookup:1787: inode #16: comm syz-executor: iget: bad i_size value: 880468304680 [ 271.444411][ T6201] loop2: detected capacity change from 0 to 32768 [ 271.485707][ T6201] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.92 (6201) [ 271.517789][ T6201] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 271.528425][ T6201] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 271.538253][ T6201] BTRFS info (device loop2): using free-space-tree [ 271.629393][ T53] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 271.752564][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 271.824846][ T53] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 271.899604][ T6201] BTRFS info (device loop2): rebuilding free space tree [ 272.024826][ T53] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.165775][ T5793] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 272.357279][ T53] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.634437][ T6230] netlink: 'syz.3.101': attribute type 21 has an invalid length. [ 272.642868][ T6230] netlink: 156 bytes leftover after parsing attributes in process `syz.3.101'. [ 273.045719][ T6236] netlink: 24 bytes leftover after parsing attributes in process `syz.2.98'. [ 273.211771][ T53] bridge_slave_1: left allmulticast mode [ 273.217943][ T53] bridge_slave_1: left promiscuous mode [ 273.225086][ T53] bridge0: port 2(bridge_slave_1) entered disabled state [ 273.396300][ T53] bridge_slave_0: left allmulticast mode [ 273.403180][ T53] bridge_slave_0: left promiscuous mode [ 273.409900][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 274.353138][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 274.402470][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 274.429473][ T53] bond0 (unregistering): Released all slaves [ 275.084103][ T53] hsr_slave_0: left promiscuous mode [ 275.110804][ T53] hsr_slave_1: left promiscuous mode [ 275.118913][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 275.126926][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 275.174141][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 275.187435][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 275.332335][ T53] veth1_macvtap: left promiscuous mode [ 275.338146][ T53] veth0_macvtap: left promiscuous mode [ 275.344419][ T53] veth1_vlan: left promiscuous mode [ 275.350011][ T53] veth0_vlan: left promiscuous mode [ 276.650766][ T6267] loop3: detected capacity change from 0 to 128 [ 276.672482][ T6260] netlink: 'syz.1.108': attribute type 21 has an invalid length. [ 276.779490][ T5799] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 276.789807][ T5799] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 276.800093][ T5799] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 276.814333][ T5799] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 276.831501][ T5799] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 276.983564][ T53] team0 (unregistering): Port device team_slave_1 removed [ 276.994019][ T6267] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 277.028790][ T6267] ext4 filesystem being mounted at /22/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 277.087475][ T53] team0 (unregistering): Port device team_slave_0 removed [ 277.539538][ T6274] process 'syz.4.112' launched '/dev/fd/3' with NULL argv: empty string added [ 277.766122][ T5789] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 277.789082][ T6260] netlink: 164 bytes leftover after parsing attributes in process `syz.1.108'. [ 278.349643][ T6278] bridge0: port 2(bridge_slave_1) entered disabled state [ 278.359497][ T6278] bridge0: port 1(bridge_slave_0) entered disabled state [ 278.629514][ T6278] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 278.655579][ T6278] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 278.855698][ T5799] Bluetooth: hci3: command tx timeout [ 279.016291][ T6278] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.026131][ T6278] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.036328][ T6278] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.045733][ T6278] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.934060][ T6301] netlink: 4 bytes leftover after parsing attributes in process `syz.2.118'. [ 280.930935][ T5799] Bluetooth: hci3: command tx timeout [ 281.027582][ T6266] chnl_net:caif_netlink_parms(): no params data found [ 282.114092][ T6335] loop3: detected capacity change from 0 to 256 [ 283.005670][ T6266] bridge0: port 1(bridge_slave_0) entered blocking state [ 283.013706][ T6266] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.021602][ T6266] bridge_slave_0: entered allmulticast mode [ 283.031216][ T6266] bridge_slave_0: entered promiscuous mode [ 283.032445][ T5799] Bluetooth: hci3: command tx timeout [ 283.121436][ T6266] bridge0: port 2(bridge_slave_1) entered blocking state [ 283.129113][ T6266] bridge0: port 2(bridge_slave_1) entered disabled state [ 283.137057][ T6266] bridge_slave_1: entered allmulticast mode [ 283.146784][ T6266] bridge_slave_1: entered promiscuous mode [ 283.549047][ T6355] vcan0: tx drop: invalid sa for name 0xfffffffffffffffc [ 283.573690][ T6266] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 283.705644][ T6266] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 284.019768][ T6363] loop3: detected capacity change from 0 to 256 [ 284.126315][ T6266] team0: Port device team_slave_0 added [ 284.188648][ T6363] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011f41, chksum : 0x31e44978, utbl_chksum : 0xe619d30d) [ 284.260965][ T6266] team0: Port device team_slave_1 added [ 284.358626][ T6367] loop1: detected capacity change from 0 to 16 [ 284.391731][ T30] audit: type=1800 audit(1750823877.585:2): pid=6363 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.140" name="file1" dev="loop3" ino=1048600 res=0 errno=0 [ 284.481636][ T6367] erofs (device loop1): rootino(nid 36) is not a directory(i_mode 66300) [ 284.667699][ T6266] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 284.676346][ T6266] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 284.706599][ T6266] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 284.954256][ T6266] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 284.961709][ T6266] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 284.988278][ T6266] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 285.114106][ T5799] Bluetooth: hci3: command tx timeout [ 285.440941][ T6380] loop3: detected capacity change from 0 to 256 [ 285.490920][ T6380] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 285.503023][ T6380] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 285.576895][ T6266] hsr_slave_0: entered promiscuous mode [ 285.587112][ T6266] hsr_slave_1: entered promiscuous mode [ 285.595997][ T6266] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 285.603870][ T6266] Cannot create hsr debugfs directory [ 285.684042][ T6380] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x108de57f, utbl_chksum : 0xe619d30d) [ 285.784463][ T30] audit: type=1800 audit(1750823878.995:3): pid=6380 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.144" name="file1" dev="loop3" ino=1048601 res=0 errno=0 [ 285.922515][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 285.929329][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 286.427311][ T6387] netlink: 8 bytes leftover after parsing attributes in process `syz.1.148'. [ 287.259065][ T6266] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 287.351843][ T6266] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 287.446008][ T6266] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 287.538610][ T6266] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 287.601813][ T6401] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.609422][ T6401] bridge0: port 1(bridge_slave_0) entered forwarding state [ 287.964464][ T6408] syz.3.156: attempt to access beyond end of device [ 287.964464][ T6408] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0 [ 287.979234][ T6408] syz.3.156: attempt to access beyond end of device [ 287.979234][ T6408] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0 [ 287.996646][ T6408] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 288.008290][ T6408] syz.3.156: attempt to access beyond end of device [ 288.008290][ T6408] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0 [ 288.021444][ T6408] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 288.042669][ T6408] syz.3.156: attempt to access beyond end of device [ 288.042669][ T6408] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0 [ 288.056144][ T6408] syz.3.156: attempt to access beyond end of device [ 288.056144][ T6408] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0 [ 288.069375][ T6408] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 288.079438][ T6408] syz.3.156: attempt to access beyond end of device [ 288.079438][ T6408] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 288.096322][ T6408] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 288.292069][ T6408] syz.3.156: attempt to access beyond end of device [ 288.292069][ T6408] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0 [ 288.305627][ T6408] syz.3.156: attempt to access beyond end of device [ 288.305627][ T6408] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 288.319015][ T6408] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 288.329199][ T6408] syz.3.156: attempt to access beyond end of device [ 288.329199][ T6408] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 288.342677][ T6408] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 288.422536][ T6408] syz.3.156: attempt to access beyond end of device [ 288.422536][ T6408] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 288.436016][ T6408] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 288.446159][ T6408] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 288.456665][ T6408] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1) [ 288.981214][ T6266] 8021q: adding VLAN 0 to HW filter on device bond0 [ 289.165044][ T6266] 8021q: adding VLAN 0 to HW filter on device team0 [ 289.239666][ T3536] bridge0: port 1(bridge_slave_0) entered blocking state [ 289.247351][ T3536] bridge0: port 1(bridge_slave_0) entered forwarding state [ 289.282614][ T5853] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 289.363295][ T6421] netlink: 'syz.3.160': attribute type 1 has an invalid length. [ 289.372777][ T6421] netlink: 4 bytes leftover after parsing attributes in process `syz.3.160'. [ 289.417773][ T3536] bridge0: port 2(bridge_slave_1) entered blocking state [ 289.425425][ T3536] bridge0: port 2(bridge_slave_1) entered forwarding state [ 289.532639][ T5853] usb 5-1: Using ep0 maxpacket: 32 [ 289.559162][ T6423] loop1: detected capacity change from 0 to 2048 [ 289.595223][ T5853] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 289.606026][ T5853] usb 5-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 289.616541][ T5853] usb 5-1: config 0 interface 0 has no altsetting 0 [ 289.692617][ T6423] UDF-fs: error (device loop1): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 289.816031][ T6423] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 289.827116][ T6423] UDF-fs: Scanning with blocksize 512 failed [ 289.850008][ T5853] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 289.859696][ T5853] usb 5-1: New USB device strings: Mfr=229, Product=1, SerialNumber=3 [ 289.868320][ T5853] usb 5-1: Product: syz [ 289.873598][ T5853] usb 5-1: Manufacturer: syz [ 289.878438][ T5853] usb 5-1: SerialNumber: syz [ 289.975215][ T5853] usb 5-1: config 0 descriptor?? [ 290.184045][ T6423] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 290.468050][ T5853] gs_usb 5-1:0.0: Configuring for 1 interfaces [ 290.671421][ T5853] gs_usb 5-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 290.716435][ T5853] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -22 [ 290.897806][ T42] usb 5-1: USB disconnect, device number 2 [ 291.509735][ T6437] loop3: detected capacity change from 0 to 164 [ 292.123946][ T6266] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 292.548484][ T6450] loop1: detected capacity change from 0 to 1024 [ 293.541755][ T3591] hfsplus: b-tree write err: -5, ino 4 [ 294.100232][ T6472] netlink: 'syz.1.174': attribute type 1 has an invalid length. [ 294.108524][ T6472] netlink: 'syz.1.174': attribute type 2 has an invalid length. [ 295.103284][ T6487] loop1: detected capacity change from 0 to 2048 [ 295.336987][ T6487] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 295.413530][ T6266] veth0_vlan: entered promiscuous mode [ 295.581650][ T6266] veth1_vlan: entered promiscuous mode [ 295.738605][ T6495] loop4: detected capacity change from 0 to 512 [ 295.937645][ T6495] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #15: comm syz.4.181: iget: bad i_size value: 38620345925642 [ 295.962993][ T6266] veth0_macvtap: entered promiscuous mode [ 296.053636][ T6495] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.181: couldn't read orphan inode 15 (err -117) [ 296.117585][ T6266] veth1_macvtap: entered promiscuous mode [ 296.153189][ T6495] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 296.347840][ T6502] input: syz0 as /devices/virtual/input/input6 [ 296.496377][ T6266] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 296.660012][ T5792] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 296.733543][ T6266] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 296.840121][ T6266] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.852680][ T6266] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.862727][ T6266] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.872536][ T6266] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.771869][ T3494] bridge_slave_1: left allmulticast mode [ 297.777802][ T3494] bridge_slave_1: left promiscuous mode [ 297.784689][ T3494] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.879515][ T3494] bridge_slave_0: left allmulticast mode [ 297.885560][ T3494] bridge_slave_0: left promiscuous mode [ 297.893832][ T3494] bridge0: port 1(bridge_slave_0) entered disabled state [ 298.288474][ T3494] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 298.325872][ T3494] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 298.343155][ T3494] bond0 (unregistering): Released all slaves [ 298.925769][ T3494] hsr_slave_0: left promiscuous mode [ 298.934194][ T3494] hsr_slave_1: left promiscuous mode [ 298.945834][ T3494] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 298.977708][ T3494] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 299.343418][ T3494] team0 (unregistering): Port device team_slave_1 removed [ 299.428915][ T3494] team0 (unregistering): Port device team_slave_0 removed [ 299.838290][ T6522] loop3: detected capacity change from 0 to 1024 [ 299.968702][ T6522] EXT4-fs: Ignoring removed nobh option [ 300.065319][ T6522] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 300.241602][ T6522] EXT4-fs error (device loop3): ext4_ext_check_inode:523: inode #11: comm syz.3.190: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 300.366857][ T6522] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.190: couldn't read orphan inode 11 (err -117) [ 300.469544][ T6522] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 300.697052][ T6522] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.190: Invalid block bitmap block 0 in block_group 0 [ 300.770267][ T6522] Quota error (device loop3): write_blk: dquota write failed [ 300.787925][ T6522] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 300.799460][ T6522] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.190: Failed to acquire dquot type 0 [ 300.914414][ T5808] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 300.925276][ T5808] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 300.941264][ T5808] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 300.974492][ T5808] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 300.986139][ T6522] syz.3.190 (6522) used greatest stack depth: 4792 bytes left [ 301.001917][ T5808] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 301.610847][ T4461] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm kworker/u8:19: Invalid inode table block 8589934593 in block_group 0 [ 301.719407][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 302.517404][ T6559] Bluetooth: hci1: Opcode 0x080f failed: -4 [ 302.635500][ T6537] chnl_net:caif_netlink_parms(): no params data found [ 302.685675][ T5143] udevd[5143]: worker [5956] terminated by signal 33 (Unknown signal 33) [ 302.757197][ T5143] udevd[5143]: worker [5956] failed while handling '/devices/virtual/block/loop3' [ 302.817764][ T5143] udevd[5143]: worker [6241] terminated by signal 33 (Unknown signal 33) [ 302.871758][ T5143] udevd[5143]: worker [6241] failed while handling '/devices/virtual/block/loop4' [ 303.092393][ T5808] Bluetooth: hci2: command tx timeout [ 304.474766][ T6537] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.482758][ T6537] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.491887][ T6537] bridge_slave_0: entered allmulticast mode [ 304.502523][ T6537] bridge_slave_0: entered promiscuous mode [ 304.530764][ T5808] Bluetooth: hci1: command 0x080f tx timeout [ 304.655101][ T6537] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.662911][ T6537] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.674530][ T6537] bridge_slave_1: entered allmulticast mode [ 304.689126][ T6537] bridge_slave_1: entered promiscuous mode [ 305.116202][ T6537] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 305.143213][ T3494] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 305.151349][ T3494] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 305.178030][ T5808] Bluetooth: hci2: command tx timeout [ 305.266152][ T6537] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 305.673151][ T4461] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 305.679087][ T6537] team0: Port device team_slave_0 added [ 305.681579][ T4461] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 305.784080][ T6537] team0: Port device team_slave_1 added [ 306.198641][ T6537] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 306.208369][ T6537] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 306.235474][ T6537] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 306.480002][ T6537] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 306.487409][ T6537] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 306.516472][ T6537] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 307.184868][ T6537] hsr_slave_0: entered promiscuous mode [ 307.196752][ T6537] hsr_slave_1: entered promiscuous mode [ 307.276589][ T5808] Bluetooth: hci2: command tx timeout [ 307.968259][ T6624] input: syz1 as /devices/virtual/input/input7 [ 308.649998][ T6633] loop3: detected capacity change from 0 to 256 [ 308.698728][ T6633] exfat: Deprecated parameter 'utf8' [ 308.704719][ T6633] exfat: Deprecated parameter 'namecase' [ 308.953779][ T6537] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 309.095804][ T6633] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 309.202231][ T6537] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 309.277087][ T6537] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 309.331358][ T5808] Bluetooth: hci2: command tx timeout [ 309.440700][ T6537] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 310.971241][ T6537] 8021q: adding VLAN 0 to HW filter on device bond0 [ 311.155709][ T6537] 8021q: adding VLAN 0 to HW filter on device team0 [ 311.299641][ T4461] bridge0: port 1(bridge_slave_0) entered blocking state [ 311.307418][ T4461] bridge0: port 1(bridge_slave_0) entered forwarding state [ 311.411847][ T5853] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 311.451024][ T4461] bridge0: port 2(bridge_slave_1) entered blocking state [ 311.458604][ T4461] bridge0: port 2(bridge_slave_1) entered forwarding state [ 311.695104][ T5853] usb 6-1: Using ep0 maxpacket: 8 [ 311.714046][ T5853] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 311.723647][ T5853] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 311.847769][ T5853] pvrusb2: Hardware description: Terratec Grabster AV400 [ 311.856951][ T5853] pvrusb2: ********** [ 311.862072][ T5853] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 311.872540][ T5853] pvrusb2: Important functionality might not be entirely working. [ 311.880800][ T5853] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 311.892999][ T5853] pvrusb2: ********** [ 312.182881][ T2332] pvrusb2: Invalid write control endpoint [ 312.333106][ T6665] pvrusb2: Invalid write control endpoint [ 312.364412][ T5853] usb 6-1: USB disconnect, device number 2 [ 312.561808][ T6675] loop1: detected capacity change from 0 to 512 [ 312.603607][ T6675] EXT4-fs: Ignoring removed bh option [ 312.666010][ T6675] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 312.807450][ T6675] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 312.853952][ T2332] pvrusb2: Invalid write control endpoint [ 312.859932][ T2332] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 312.874916][ T2332] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 312.884475][ T2332] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 312.894846][ T2332] pvrusb2: Device being rendered inoperable [ 312.901150][ T2332] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 312.908450][ T2332] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 312.915374][ T6675] EXT4-fs (loop1): 1 truncate cleaned up [ 312.918192][ T2332] pvrusb2: Attached sub-driver cx25840 [ 312.924140][ T6675] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 312.927473][ T2332] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 312.951038][ T2332] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 313.690961][ T5853] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 313.779813][ T5791] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 313.924916][ T5853] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 313.936658][ T5853] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 313.946146][ T5853] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 314.155414][ T5853] usb 5-1: config 0 descriptor?? [ 314.439211][ T6537] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 314.683372][ T5853] keytouch 0003:0926:3333.0002: fixing up Keytouch IEC report descriptor [ 314.693596][ T6691] loop5: detected capacity change from 0 to 32768 [ 314.900020][ T5853] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0002/input/input8 [ 315.140700][ T6697] loop3: detected capacity change from 0 to 256 [ 315.262247][ T6697] exfat: Deprecated parameter 'namecase' [ 315.340944][ T6697] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 315.352077][ T5853] keytouch 0003:0926:3333.0002: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 315.420273][ T5853] usb 5-1: USB disconnect, device number 3 [ 315.558018][ T6697] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x7f1fc68d, utbl_chksum : 0xe619d30d) [ 315.976557][ T6704] loop5: detected capacity change from 0 to 256 [ 317.149766][ T6709] fido_id[6709]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 318.482052][ T6726] loop1: detected capacity change from 0 to 32768 [ 318.502077][ T6726] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.249 (6726) [ 318.532847][ T6726] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 318.543559][ T6726] BTRFS info (device loop1): using sha256 (sha256-x86_64) checksum algorithm [ 318.555313][ T6726] BTRFS info (device loop1): using free-space-tree [ 319.142631][ T5791] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 319.299356][ T6537] veth0_vlan: entered promiscuous mode [ 319.477511][ T6537] veth1_vlan: entered promiscuous mode [ 320.038863][ T6537] veth0_macvtap: entered promiscuous mode [ 320.125401][ T6537] veth1_macvtap: entered promiscuous mode [ 320.207427][ T6763] loop4: detected capacity change from 0 to 128 [ 320.354879][ T6763] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 320.423124][ T6537] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 320.557360][ T6537] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 320.579263][ T6537] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.590256][ T6537] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.599358][ T6537] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.608529][ T6537] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.856162][ T6763] FAT-fs (loop4): FAT read failed (blocknr 128) [ 322.989478][ T6784] loop1: detected capacity change from 0 to 4096 [ 323.216918][ T6792] loop4: detected capacity change from 0 to 1024 [ 323.252896][ T6795] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 323.761357][ T6799] netlink: 4 bytes leftover after parsing attributes in process `syz.3.267'. [ 324.098314][ T3494] hfsplus: b-tree write err: -5, ino 4 [ 325.042045][ T6815] loop4: detected capacity change from 0 to 2048 [ 325.227076][ T6815] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 325.322589][ T6815] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 325.330887][ T6815] UDF-fs: Scanning with blocksize 512 failed [ 325.532590][ T6815] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 325.564203][ T5853] kernel write not supported for file /37/loginuid (pid: 5853 comm: kworker/1:5) [ 327.834567][ T6851] netlink: 8 bytes leftover after parsing attributes in process `syz.1.282'. [ 327.844113][ T6851] netlink: 12 bytes leftover after parsing attributes in process `syz.1.282'. [ 327.944878][ T6851] netlink: 8 bytes leftover after parsing attributes in process `syz.1.282'. [ 327.954452][ T6851] netlink: 12 bytes leftover after parsing attributes in process `syz.1.282'. [ 328.217771][ T6847] loop5: detected capacity change from 0 to 4096 [ 329.702746][ T3646] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 329.711387][ T3646] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 330.047824][ T3536] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 330.058446][ T3536] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 330.768085][ T6881] loop3: detected capacity change from 0 to 4096 [ 330.971989][ T6892] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 331.107684][ T6893] netlink: 36 bytes leftover after parsing attributes in process `syz.6.188'. [ 331.258228][ T6888] loop1: detected capacity change from 0 to 4096 [ 331.380274][ T6888] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 331.414457][ T5853] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 331.635429][ T5853] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 331.646839][ T5853] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 331.658803][ T5853] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 331.889238][ T5853] usb 6-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 331.899501][ T5853] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 331.907934][ T5853] usb 6-1: Product: syz [ 331.917293][ T5853] usb 6-1: Manufacturer: syz [ 331.923866][ T5853] usb 6-1: SerialNumber: syz [ 332.049686][ T5853] usb 6-1: config 0 descriptor?? [ 332.060742][ T6897] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 332.092160][ T6897] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 332.103724][ T5853] usb 6-1: ucan: probing device on interface #0 [ 332.156281][ T6888] ntfs3(loop1): ino=1e, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ni_find_attr [ 332.911353][ T5853] ucan 6-1:0.0: probe with driver ucan failed with error -22 [ 333.192339][ T11] usb 6-1: USB disconnect, device number 3 [ 333.772697][ T6915] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 335.469803][ T6935] binder: BINDER_SET_CONTEXT_MGR already set [ 335.476395][ T6935] binder: 6933:6935 ioctl 4018620d 200000000040 returned -16 [ 336.762650][ T6942] loop5: detected capacity change from 0 to 4096 [ 336.840697][ T6942] ntfs3(loop5): Different NTFS sector size (1024) and media sector size (512). [ 337.408872][ T6954] netlink: 188 bytes leftover after parsing attributes in process `syz.1.317'. [ 337.531043][ T6942] ntfs3(loop5): ino=1e, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ni_find_attr [ 337.827797][ T6957] loop4: detected capacity change from 0 to 2048 [ 337.917625][ T6957] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 338.051899][ T6957] bio_check_eod: 2 callbacks suppressed [ 338.051976][ T6957] syz.4.318: attempt to access beyond end of device [ 338.051976][ T6957] loop4: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 338.078929][ T6962] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 338.193921][ T6957] NILFS error (device loop4): nilfs_readdir: zero-length directory entry [ 338.262516][ T6957] Remounting filesystem read-only [ 338.492125][ T6964] netlink: 28 bytes leftover after parsing attributes in process `syz.1.321'. [ 339.955287][ T6976] loop1: detected capacity change from 0 to 32768 [ 340.097701][ T6976] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid label 246,noinodes_use_key_cache,journal_flush_delay=3,journal_reclaim_delay=1000,read_only,nocow [ 340.097859][ T6976] allowing incompatible features above 0.0: (unknown version) [ 340.097948][ T6976] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 340.152121][ T6976] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0 [ 340.160737][ T6976] bcachefs (loop1): initializing new filesystem [ 340.183122][ T6976] bcachefs (loop1): going read-write [ 340.387601][ T6989] ip6gretap0: entered promiscuous mode [ 340.442494][ T6976] bcachefs (loop1): marking superblocks [ 340.501978][ T6976] bcachefs (loop1): initializing freespace [ 340.538034][ T6976] bcachefs (loop1): done initializing freespace [ 340.559359][ T6976] bcachefs (loop1): reading snapshots table [ 340.565899][ T6976] bcachefs (loop1): reading snapshots done [ 340.631660][ T6976] bcachefs (loop1): going read-only [ 340.637176][ T6976] bcachefs (loop1): finished waiting for writes to stop [ 340.649840][ T6976] bcachefs (loop1): flushing journal and stopping allocators, journal seq 6 [ 340.909777][ T6998] netlink: 4 bytes leftover after parsing attributes in process `syz.3.331'. [ 340.919127][ T6998] netlink: 4 bytes leftover after parsing attributes in process `syz.3.331'. [ 341.141347][ T6976] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 11 [ 341.177585][ T6976] bcachefs (loop1): clean shutdown complete, journal seq 12 [ 341.187515][ T6976] bcachefs (loop1): marking filesystem clean [ 341.244959][ T6976] bcachefs (loop1): done starting filesystem [ 341.581495][ T6976] syz.1.326 (6976) used greatest stack depth: 1216 bytes left [ 341.592069][ T11] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 341.635301][ T5791] bcachefs (loop1): shutting down [ 341.770236][ T5791] bcachefs (loop1): shutdown complete [ 341.851121][ T11] usb 7-1: Using ep0 maxpacket: 32 [ 341.889020][ T11] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 341.917736][ T11] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 341.927699][ T11] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 341.936263][ T11] usb 7-1: Product: syz [ 341.940737][ T11] usb 7-1: Manufacturer: syz [ 341.948821][ T11] usb 7-1: SerialNumber: syz [ 342.078385][ T11] usb 7-1: config 0 descriptor?? [ 342.086431][ T7003] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 342.124741][ T11] hub 7-1:0.0: bad descriptor, ignoring hub [ 342.131258][ T11] hub 7-1:0.0: probe with driver hub failed with error -5 [ 342.506268][ T11] usb 7-1: USB disconnect, device number 2 [ 342.863153][ T5853] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 342.927906][ T7016] loop4: detected capacity change from 0 to 256 [ 343.098619][ T5853] usb 7-1: Using ep0 maxpacket: 32 [ 343.148358][ T5853] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 343.225429][ T5853] usb 7-1: string descriptor 0 read error: -22 [ 343.232663][ T5853] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 343.243026][ T5853] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 343.368070][ T5853] usb 7-1: config 0 descriptor?? [ 343.381529][ T7003] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 343.416673][ T5853] hub 7-1:0.0: bad descriptor, ignoring hub [ 343.423084][ T5853] hub 7-1:0.0: probe with driver hub failed with error -5 [ 343.771697][ T11] usb 7-1: USB disconnect, device number 3 [ 345.255960][ T7033] loop4: detected capacity change from 0 to 2048 [ 345.404565][ T7033] netlink: 4 bytes leftover after parsing attributes in process `syz.4.348'. [ 346.807886][ T7054] loop5: detected capacity change from 0 to 1024 [ 347.383562][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 347.390281][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 347.737950][ T7065] loop6: detected capacity change from 0 to 64 [ 347.839077][ T7062] loop1: detected capacity change from 0 to 2048 [ 348.073846][ T7062] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 348.535594][ T7063] loop4: detected capacity change from 0 to 8192 [ 348.628720][ T7063] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 349.336008][ T7077] loop3: detected capacity change from 0 to 256 [ 349.514484][ T7083] loop5: detected capacity change from 0 to 128 [ 349.546393][ T7077] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x987a2e96, utbl_chksum : 0xe619d30d) [ 349.573054][ T7083] EXT4-fs: Ignoring removed nobh option [ 349.649635][ T7083] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 349.682520][ T7085] bridge0: port 3(syz_tun) entered blocking state [ 349.689576][ T7085] bridge0: port 3(syz_tun) entered disabled state [ 349.697965][ T7085] syz_tun: entered allmulticast mode [ 349.740951][ T7083] ext4 filesystem being mounted at /35/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 349.845834][ T7085] syz_tun: entered promiscuous mode [ 349.854448][ T7085] bridge0: port 3(syz_tun) entered blocking state [ 349.861560][ T7085] bridge0: port 3(syz_tun) entered forwarding state [ 350.483911][ T6266] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 352.968216][ T7124] loop5: detected capacity change from 0 to 2048 [ 353.063360][ T7124] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 354.531873][ T5797] Bluetooth: hci0: command 0x0406 tx timeout [ 354.538185][ T5797] Bluetooth: hci4: command 0x0406 tx timeout [ 354.551349][ T5797] Bluetooth: hci1: command 0x080f tx timeout [ 354.984290][ T30] audit: type=1326 audit(1750823948.185:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7149 comm="syz.4.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16e138e929 code=0x7ffc0000 [ 355.005563][ T7153] Zero length message leads to an empty skb [ 355.007071][ T30] audit: type=1326 audit(1750823948.195:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7149 comm="syz.4.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16e138e929 code=0x7ffc0000 [ 355.036168][ T30] audit: type=1326 audit(1750823948.215:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7149 comm="syz.4.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=301 compat=0 ip=0x7f16e138e929 code=0x7ffc0000 [ 355.063268][ T30] audit: type=1326 audit(1750823948.215:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7149 comm="syz.4.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16e138e929 code=0x7ffc0000 [ 355.087623][ T30] audit: type=1326 audit(1750823948.215:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7149 comm="syz.4.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16e138e929 code=0x7ffc0000 [ 355.552617][ T30] audit: type=1326 audit(1750823948.395:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7149 comm="syz.4.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f16e138e929 code=0x7ffc0000 [ 355.580096][ T30] audit: type=1326 audit(1750823948.395:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7149 comm="syz.4.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16e138e929 code=0x7ffc0000 [ 355.604541][ T30] audit: type=1326 audit(1750823948.395:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7149 comm="syz.4.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=51 compat=0 ip=0x7f16e138e929 code=0x7ffc0000 [ 355.627112][ T30] audit: type=1326 audit(1750823948.395:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7149 comm="syz.4.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16e138e929 code=0x7ffc0000 [ 356.001987][ T7164] bridge0: port 3(syz_tun) entered blocking state [ 356.008942][ T7164] bridge0: port 3(syz_tun) entered disabled state [ 356.016375][ T7164] syz_tun: entered allmulticast mode [ 356.025257][ T7164] syz_tun: entered promiscuous mode [ 356.032770][ T7164] bridge0: port 3(syz_tun) entered blocking state [ 356.039681][ T7164] bridge0: port 3(syz_tun) entered forwarding state [ 356.478515][ T7168] loop1: detected capacity change from 0 to 2048 [ 356.673777][ T7168] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 356.846837][ T7175] netlink: 8 bytes leftover after parsing attributes in process `syz.6.406'. [ 356.857444][ T7175] netlink: 4 bytes leftover after parsing attributes in process `syz.6.406'. [ 356.870590][ T7175] netlink: 'syz.6.406': attribute type 18 has an invalid length. [ 356.912939][ T7170] loop5: detected capacity change from 0 to 2048 [ 356.993469][ T7170] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 357.160850][ T7179] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 358.179586][ T7189] loop4: detected capacity change from 0 to 128 [ 358.415293][ T7191] loop6: detected capacity change from 0 to 16 [ 358.499674][ T7191] erofs (device loop6): mounted with root inode @ nid 36. [ 358.652679][ T7193] loop5: detected capacity change from 0 to 256 [ 358.799758][ T7195] loop3: detected capacity change from 0 to 512 [ 358.882964][ T7195] EXT4-fs: Ignoring removed nobh option [ 358.941213][ T7195] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 359.066891][ T7195] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #15: comm syz.3.415: iget: bad i_size value: 38620345925642 [ 359.205293][ T7195] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.415: couldn't read orphan inode 15 (err -117) [ 359.326851][ T7195] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 359.715419][ T7203] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.415: bg 0: block 5: invalid block bitmap [ 359.802650][ T7203] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 144 with error 28 [ 359.815672][ T7203] EXT4-fs (loop3): This should not happen!! Data will be lost [ 359.815672][ T7203] [ 359.826232][ T7203] EXT4-fs (loop3): Total free blocks count 0 [ 359.832665][ T7203] EXT4-fs (loop3): Free/Dirty block details [ 359.838789][ T7203] EXT4-fs (loop3): free_blocks=0 [ 359.844125][ T7203] EXT4-fs (loop3): dirty_blocks=188 [ 359.849550][ T7203] EXT4-fs (loop3): Block reservation details [ 359.855970][ T7203] EXT4-fs (loop3): i_reserved_data_blocks=188 [ 360.418773][ T3536] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 144 with max blocks 44 with error 28 [ 360.516679][ T7212] bond0: (slave veth1_vlan): Error: Device is in use and cannot be enslaved [ 361.534652][ T7227] netlink: 8 bytes leftover after parsing attributes in process `syz.4.430'. [ 361.547025][ T7225] loop3: detected capacity change from 0 to 128 [ 361.716516][ T30] audit: type=1800 audit(1750823954.925:13): pid=7225 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.428" name="file2" dev="loop3" ino=1048620 res=0 errno=0 [ 361.755047][ T7225] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 361.768508][ T7225] FAT-fs (loop3): Filesystem has been set read-only [ 361.775614][ T7225] syz.3.428: attempt to access beyond end of device [ 361.775614][ T7225] loop3: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 361.789666][ T7225] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 361.797962][ T7225] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 362.806382][ T5792] bridge0: port 3(syz_tun) entered disabled state [ 362.829902][ T7239] loop5: detected capacity change from 0 to 512 [ 362.861100][ T7239] EXT4-fs: Ignoring removed nobh option [ 362.869523][ T5792] syz_tun (unregistering): left allmulticast mode [ 362.876684][ T5792] syz_tun (unregistering): left promiscuous mode [ 362.883572][ T5792] bridge0: port 3(syz_tun) entered disabled state [ 362.930115][ T7239] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 362.981746][ T7239] EXT4-fs error (device loop5): ext4_orphan_get:1393: inode #15: comm syz.5.434: iget: bad i_size value: 38620345925642 [ 363.052138][ T7239] EXT4-fs error (device loop5): ext4_orphan_get:1398: comm syz.5.434: couldn't read orphan inode 15 (err -117) [ 363.086653][ T7239] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 363.158082][ T3536] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 363.242456][ T7243] input: syz0 as /devices/virtual/input/input9 [ 363.337604][ T3536] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 363.623276][ T7244] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm syz.5.434: bg 0: block 5: invalid block bitmap [ 363.634012][ T3536] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 363.710163][ T7244] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 240 with error 28 [ 363.723466][ T7244] EXT4-fs (loop5): This should not happen!! Data will be lost [ 363.723466][ T7244] [ 363.733532][ T7244] EXT4-fs (loop5): Total free blocks count 0 [ 363.739769][ T7244] EXT4-fs (loop5): Free/Dirty block details [ 363.746079][ T7244] EXT4-fs (loop5): free_blocks=0 [ 363.751424][ T7244] EXT4-fs (loop5): dirty_blocks=244 [ 363.762535][ T7244] EXT4-fs (loop5): Block reservation details [ 363.768759][ T7244] EXT4-fs (loop5): i_reserved_data_blocks=244 [ 363.845681][ T35] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 240 with max blocks 4 with error 28 [ 363.924333][ T3536] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 364.478396][ T3536] bridge_slave_1: left allmulticast mode [ 364.484808][ T3536] bridge_slave_1: left promiscuous mode [ 364.491568][ T3536] bridge0: port 2(bridge_slave_1) entered disabled state [ 364.523895][ T3536] bridge_slave_0: left allmulticast mode [ 364.529803][ T3536] bridge_slave_0: left promiscuous mode [ 364.536687][ T3536] bridge0: port 1(bridge_slave_0) entered disabled state [ 365.124246][ T3536] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 365.172761][ T3536] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 365.200206][ T3536] bond0 (unregistering): Released all slaves [ 365.871845][ T3536] hsr_slave_0: left promiscuous mode [ 365.919524][ T3536] hsr_slave_1: left promiscuous mode [ 365.928121][ T3536] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 365.936079][ T3536] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 366.013414][ T3536] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 366.022748][ T3536] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 366.155292][ T3536] veth1_macvtap: left promiscuous mode [ 366.161328][ T3536] veth0_macvtap: left promiscuous mode [ 366.167329][ T3536] veth1_vlan: left promiscuous mode [ 366.174166][ T3536] veth0_vlan: left promiscuous mode [ 366.487919][ T7260] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 367.289525][ T7264] loop6: detected capacity change from 0 to 32768 [ 367.397679][ T7264] ocfs2: Slot 0 on device (7,6) was already allocated to this node! [ 367.577452][ T5799] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 367.592559][ T5799] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 367.612661][ T5799] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 367.627776][ T5799] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 367.639314][ T7264] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 367.657617][ T5799] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 367.765289][ T7264] ocfs2: Unmounting device (7,6) on (node local) [ 367.874471][ T3536] team0 (unregistering): Port device team_slave_1 removed [ 367.922290][ T3536] team0 (unregistering): Port device team_slave_0 removed [ 368.422369][ T7280] loop1: detected capacity change from 0 to 512 [ 368.528137][ T7280] EXT4-fs: Ignoring removed nobh option [ 368.641749][ T7280] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 368.951216][ T7280] EXT4-fs error (device loop1): ext4_orphan_get:1393: inode #15: comm syz.1.453: iget: bad i_size value: 38620345925642 [ 368.982087][ T7279] loop3: detected capacity change from 0 to 32768 [ 369.125840][ T7279] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow [ 369.125957][ T7279] allowing incompatible features above 0.0: (unknown version) [ 369.126046][ T7279] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 369.163324][ T7279] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0 [ 369.171908][ T7279] bcachefs (loop3): initializing new filesystem [ 369.202239][ T7279] bcachefs (loop3): going read-write [ 369.273119][ T7280] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.453: couldn't read orphan inode 15 (err -117) [ 369.393679][ T7280] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 369.412285][ T5853] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 369.623817][ T5853] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 369.634586][ T5853] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 369.654700][ T7279] bcachefs (loop3): marking superblocks [ 369.712723][ T7279] bcachefs (loop3): initializing freespace [ 369.740895][ T7279] bcachefs (loop3): done initializing freespace [ 369.761472][ T7279] bcachefs (loop3): reading snapshots table [ 369.767810][ T7279] bcachefs (loop3): reading snapshots done [ 369.857747][ T5853] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 369.867328][ T5853] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 369.875798][ T5853] usb 6-1: SerialNumber: syz [ 369.892805][ T7297] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.453: bg 0: block 5: invalid block bitmap [ 369.911098][ T5799] Bluetooth: hci4: command tx timeout [ 369.952145][ T7297] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 148 with error 28 [ 369.965067][ T7297] EXT4-fs (loop1): This should not happen!! Data will be lost [ 369.965067][ T7297] [ 369.975156][ T7297] EXT4-fs (loop1): Total free blocks count 0 [ 369.981504][ T7297] EXT4-fs (loop1): Free/Dirty block details [ 369.987626][ T7297] EXT4-fs (loop1): free_blocks=0 [ 369.992935][ T7297] EXT4-fs (loop1): dirty_blocks=156 [ 369.998353][ T7297] EXT4-fs (loop1): Block reservation details [ 370.008936][ T7297] EXT4-fs (loop1): i_reserved_data_blocks=156 [ 370.044547][ T7279] bcachefs (loop3): done starting filesystem [ 370.183984][ T5853] usb 6-1: 0:2 : does not exist [ 370.357266][ T5853] usb 6-1: USB disconnect, device number 4 [ 370.511292][ T3536] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 148 with max blocks 8 with error 28 [ 370.542007][ T5789] bcachefs (loop3): shutting down [ 370.547259][ T5789] bcachefs (loop3): going read-only [ 370.552879][ T5789] bcachefs (loop3): finished waiting for writes to stop [ 370.651476][ T5789] bcachefs (loop3): flushing journal and stopping allocators, journal seq 3 [ 370.966651][ T6004] udevd[6004]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 371.013195][ T5789] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3 [ 371.092774][ T5789] bcachefs (loop3): clean shutdown complete, journal seq 4 [ 371.172047][ T5789] bcachefs (loop3): marking filesystem clean [ 371.181928][ T7272] chnl_net:caif_netlink_parms(): no params data found [ 371.292024][ T7304] netlink: 'syz.6.459': attribute type 1 has an invalid length. [ 371.433650][ T30] audit: type=1800 audit(1750823964.623:14): pid=7307 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.460" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 371.541815][ T5789] bcachefs (loop3): shutdown complete [ 371.975092][ T5799] Bluetooth: hci4: command tx timeout [ 372.403984][ T7316] netlink: 16 bytes leftover after parsing attributes in process `syz.5.463'. [ 373.187418][ T7272] bridge0: port 1(bridge_slave_0) entered blocking state [ 373.195565][ T7272] bridge0: port 1(bridge_slave_0) entered disabled state [ 373.203471][ T7272] bridge_slave_0: entered allmulticast mode [ 373.213090][ T7272] bridge_slave_0: entered promiscuous mode [ 373.388258][ T7272] bridge0: port 2(bridge_slave_1) entered blocking state [ 373.396066][ T7272] bridge0: port 2(bridge_slave_1) entered disabled state [ 373.403900][ T7272] bridge_slave_1: entered allmulticast mode [ 373.413367][ T7272] bridge_slave_1: entered promiscuous mode [ 373.677294][ T7272] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 373.705773][ T7272] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 373.962989][ T7272] team0: Port device team_slave_0 added [ 374.051421][ T5799] Bluetooth: hci4: command tx timeout [ 374.052126][ T7272] team0: Port device team_slave_1 added [ 374.449164][ T7272] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 374.457229][ T7272] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 374.483878][ T7272] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 374.683237][ T7272] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 374.690607][ T7272] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 374.720038][ T7272] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 375.303461][ T7272] hsr_slave_0: entered promiscuous mode [ 375.314632][ T7272] hsr_slave_1: entered promiscuous mode [ 375.323327][ T7272] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 375.336309][ T7272] Cannot create hsr debugfs directory [ 375.871214][ T7341] loop5: detected capacity change from 0 to 4096 [ 375.932617][ T7345] loop6: detected capacity change from 0 to 1024 [ 376.030198][ T7345] EXT4-fs: Ignoring removed nomblk_io_submit option [ 376.101218][ T7348] sp0: Synchronizing with TNC [ 376.132465][ T5799] Bluetooth: hci4: command tx timeout [ 376.208170][ T7350] netlink: 'syz.3.458': attribute type 10 has an invalid length. [ 376.230305][ T7345] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 376.339069][ T7350] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 376.393100][ T7341] Cannot load nls macgreek¬ [ 376.908942][ T7272] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 376.989811][ T6537] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 377.062061][ T7272] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 377.187444][ T7272] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 377.299162][ T7272] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 377.906543][ T30] audit: type=1326 audit(1750823971.123:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7357 comm="syz.1.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20c018e929 code=0x7fc00000 [ 378.641176][ T7272] 8021q: adding VLAN 0 to HW filter on device bond0 [ 378.841923][ T7272] 8021q: adding VLAN 0 to HW filter on device team0 [ 378.898890][ T3494] bridge0: port 1(bridge_slave_0) entered blocking state [ 378.906591][ T3494] bridge0: port 1(bridge_slave_0) entered forwarding state [ 379.019619][ T3494] bridge0: port 2(bridge_slave_1) entered blocking state [ 379.027321][ T3494] bridge0: port 2(bridge_slave_1) entered forwarding state [ 381.024579][ T30] audit: type=1800 audit(1750823974.233:16): pid=7401 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.496" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=13733 res=0 errno=0 [ 381.162059][ T7396] loop3: detected capacity change from 0 to 32768 [ 381.279522][ T7396] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 381.418274][ T7396] XFS (loop3): Ending clean mount [ 381.516483][ T7404] loop5: detected capacity change from 0 to 512 [ 381.659341][ T5789] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 382.023274][ T7272] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 382.238943][ T7416] loop1: detected capacity change from 0 to 2048 [ 382.867854][ T7418] loop6: detected capacity change from 0 to 32768 [ 382.932719][ T7418] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.499 (7418) [ 382.975043][ T7418] BTRFS info (device loop6): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 382.986101][ T7418] BTRFS info (device loop6): using xxhash64 (xxhash64-generic) checksum algorithm [ 382.995898][ T7418] BTRFS info (device loop6): disk space caching is enabled [ 383.003469][ T7418] BTRFS warning (device loop6): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 383.050913][ T7404] EXT4-fs (loop5): Test dummy encryption mode enabled [ 383.058429][ T7404] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 383.121672][ T7416] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 383.219919][ T7404] EXT4-fs error (device loop5): ext4_orphan_get:1419: comm syz.5.497: bad orphan inode 131083 [ 383.272427][ T7404] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 383.603307][ T7418] BTRFS info (device loop6): rebuilding free space tree [ 383.614895][ T7416] EXT4-fs error (device loop1): ext4_read_inline_dir:1502: inode #12: block 9: comm syz.1.498: path /110/file1/file0: bad entry in directory: rec_len % 4 != 0 - offset=24, inode=13, rec_len=21, size=80 fake=0 [ 383.655886][ T5803] Bluetooth: hci3: command 0x0406 tx timeout [ 383.672626][ T7418] BTRFS info (device loop6): disabling free space tree [ 383.680003][ T7418] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 383.690153][ T7418] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 383.781239][ T7416] EXT4-fs (loop1): Remounting filesystem read-only [ 383.985889][ T6537] BTRFS info (device loop6): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 384.068155][ T6266] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 384.379483][ T5791] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 384.957503][ T7459] netlink: 36 bytes leftover after parsing attributes in process `syz.6.505'. [ 385.082769][ T7460] loop1: detected capacity change from 0 to 1024 [ 385.696656][ T7465] loop5: detected capacity change from 0 to 1024 [ 385.721446][ T24] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 385.837152][ T3536] hfsplus: bad catalog file entry [ 385.896452][ T7465] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 385.945111][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 385.957325][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 385.967503][ T24] usb 4-1: New USB device found, idVendor=046d, idProduct=c294, bcdDevice= 0.00 [ 385.981528][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 385.996821][ T24] usb 4-1: config 0 descriptor?? [ 386.322557][ T7272] veth0_vlan: entered promiscuous mode [ 386.437519][ T7272] veth1_vlan: entered promiscuous mode [ 386.565364][ T24] logitech 0003:046D:C294.0003: unknown main item tag 0x0 [ 386.573233][ T24] logitech 0003:046D:C294.0003: unknown main item tag 0x0 [ 386.580888][ T24] logitech 0003:046D:C294.0003: unknown main item tag 0x0 [ 386.588361][ T24] logitech 0003:046D:C294.0003: unknown main item tag 0x0 [ 386.602555][ T24] logitech 0003:046D:C294.0003: unknown main item tag 0x0 [ 386.610036][ T24] logitech 0003:046D:C294.0003: unknown main item tag 0x0 [ 386.619368][ T24] logitech 0003:046D:C294.0003: unknown main item tag 0x0 [ 386.638084][ T6266] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 386.888256][ T24] logitech 0003:046D:C294.0003: hidraw0: USB HID v0.00 Device [HID 046d:c294] on usb-dummy_hcd.3-1/input0 [ 386.906965][ T24] logitech 0003:046D:C294.0003: no inputs found [ 387.253756][ T7272] veth0_macvtap: entered promiscuous mode [ 387.282798][ T24] usb 4-1: USB disconnect, device number 2 [ 387.360795][ T7272] veth1_macvtap: entered promiscuous mode [ 387.403065][ T7473] loop6: detected capacity change from 0 to 32768 [ 387.711613][ T7473] bcachefs (loop6): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 387.711737][ T7473] allowing incompatible features above 0.0: (unknown version) [ 387.711827][ T7473] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 387.754443][ T7473] bcachefs (loop6): Using encoding defined by superblock: utf8-12.1.0 [ 387.763046][ T7473] bcachefs (loop6): initializing new filesystem [ 387.784681][ T7473] bcachefs (loop6): going read-write [ 387.939404][ T7473] bcachefs (loop6): marking superblocks [ 387.947388][ T7272] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 387.993075][ T7473] bcachefs (loop6): initializing freespace [ 388.021093][ T7473] bcachefs (loop6): done initializing freespace [ 388.044911][ T7473] bcachefs (loop6): reading snapshots table [ 388.051404][ T7473] bcachefs (loop6): reading snapshots done [ 388.123007][ T7474] fido_id[7474]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 388.192316][ T7473] bcachefs (loop6): done starting filesystem [ 388.207702][ T7272] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 388.348805][ T7272] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 388.358137][ T7272] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 388.369578][ T7272] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 388.379842][ T7272] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 388.590985][ T6537] bcachefs (loop6): shutting down [ 388.596263][ T6537] bcachefs (loop6): going read-only [ 388.602041][ T6537] bcachefs (loop6): finished waiting for writes to stop [ 388.674905][ T6537] bcachefs (loop6): flushing journal and stopping allocators, journal seq 3 [ 389.012763][ T6537] bcachefs (loop6): flushing journal and stopping allocators complete, journal seq 3 [ 389.065341][ T6537] bcachefs (loop6): clean shutdown complete, journal seq 4 [ 389.142055][ T6537] bcachefs (loop6): marking filesystem clean [ 389.312484][ T6537] bcachefs (loop6): shutdown complete [ 389.511253][ T11] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 389.678993][ T7502] input: syz0 as /devices/virtual/input/input10 [ 389.721249][ T11] usb 2-1: Using ep0 maxpacket: 32 [ 389.774115][ T11] usb 2-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 389.788466][ T11] usb 2-1: config 0 interface 0 has no altsetting 0 [ 389.796298][ T11] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00 [ 389.806384][ T11] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 390.042421][ T11] usb 2-1: config 0 descriptor?? [ 390.571557][ T11] corsair-psu 0003:1B1C:1C09.0004: unknown main item tag 0x0 [ 390.579480][ T11] corsair-psu 0003:1B1C:1C09.0004: unknown main item tag 0x0 [ 390.591465][ T11] corsair-psu 0003:1B1C:1C09.0004: unknown main item tag 0x0 [ 390.599222][ T11] corsair-psu 0003:1B1C:1C09.0004: unknown main item tag 0x0 [ 390.608222][ T11] corsair-psu 0003:1B1C:1C09.0004: unknown main item tag 0x0 [ 390.814879][ T11] corsair-psu 0003:1B1C:1C09.0004: hidraw0: USB HID v4.08 Device [HID 1b1c:1c09] on usb-dummy_hcd.1-1/input0 [ 390.835663][ C0] usb 2-1: input irq status -75 received [ 390.949604][ T11] corsair-psu 0003:1B1C:1C09.0004: unable to initialize device (-38) [ 391.015918][ T11] corsair-psu 0003:1B1C:1C09.0004: probe with driver corsair-psu failed with error -38 [ 391.149768][ T11] usb 2-1: USB disconnect, device number 2 [ 391.527664][ T7508] fido_id[7508]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 392.231861][ T7518] vxcan0: tx address claim with dest, not broadcast [ 394.966637][ T7547] loop3: detected capacity change from 0 to 256 [ 395.036607][ T7547] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 395.137051][ T7547] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 395.228689][ T7550] loop6: detected capacity change from 0 to 1024 [ 396.121152][ T7561] loop6: detected capacity change from 0 to 512 [ 396.159088][ T7561] EXT4-fs: Ignoring removed mblk_io_submit option [ 396.166471][ T7561] EXT4-fs: Ignoring removed orlov option [ 396.365558][ T7561] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 396.521727][ T7561] fs-verity: sha512 using implementation "sha512-generic" [ 396.533471][ T7561] EXT4-fs warning (device loop6): ext4_begin_enable_verity:135: inode #13: comm syz.6.538: verity is only allowed on extent-based files [ 396.969180][ T3646] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 396.977347][ T3646] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 397.098521][ T6537] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 397.116838][ T4461] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 397.126154][ T4461] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 398.047108][ T7584] netlink: 16 bytes leftover after parsing attributes in process `syz.7.442'. [ 398.641374][ T7592] netlink: 32 bytes leftover after parsing attributes in process `syz.5.551'. [ 398.668421][ T24] IPVS: starting estimator thread 0... [ 398.761031][ T7596] IPVS: using max 240 ests per chain, 12000 per kthread [ 398.969569][ T7602] netlink: 60 bytes leftover after parsing attributes in process `syz.1.554'. [ 399.022533][ T7601] netlink: 60 bytes leftover after parsing attributes in process `syz.1.554'. [ 399.107366][ T7602] netlink: 60 bytes leftover after parsing attributes in process `syz.1.554'. [ 400.611146][ T5799] Bluetooth: hci3: command 0x0406 tx timeout [ 400.868454][ T7628] sctp: [Deprecated]: syz.1.565 (pid 7628) Use of int in max_burst socket option deprecated. [ 400.868454][ T7628] Use struct sctp_assoc_value instead [ 402.366904][ T7650] netlink: 4 bytes leftover after parsing attributes in process `syz.7.574'. [ 402.745743][ T7654] loop6: detected capacity change from 0 to 2048 [ 402.812327][ T7654] UDF-fs: error (device loop6): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 402.864062][ T7654] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 403.846707][ T24] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 404.136956][ T7667] loop5: detected capacity change from 0 to 32768 [ 404.142929][ T24] usb 8-1: config 220 has an invalid interface number: 76 but max is 2 [ 404.148430][ T7667] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.582 (7667) [ 404.152327][ T24] usb 8-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 404.174316][ T24] usb 8-1: config 220 has an invalid descriptor of length 13, skipping remainder of the config [ 404.185041][ T24] usb 8-1: config 220 has no interface number 2 [ 404.191802][ T24] usb 8-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 404.210940][ T24] usb 8-1: config 220 interface 0 has no altsetting 0 [ 404.219989][ T24] usb 8-1: config 220 interface 76 has no altsetting 0 [ 404.227322][ T24] usb 8-1: config 220 interface 1 has no altsetting 0 [ 404.246924][ T7667] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 404.258816][ T7667] BTRFS info (device loop5): using crc32c (crc32c-x86_64) checksum algorithm [ 404.268336][ T7667] BTRFS info (device loop5): using free-space-tree [ 404.599931][ T6266] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 404.626612][ T24] usb 8-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 404.636349][ T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 404.644814][ T24] usb 8-1: Product: syz [ 404.649224][ T24] usb 8-1: Manufacturer: syz [ 404.657772][ T24] usb 8-1: SerialNumber: syz [ 404.769608][ T7692] loop3: detected capacity change from 0 to 1024 [ 404.896492][ T7692] ===================================================== [ 404.904151][ T7692] BUG: KMSAN: uninit-value in hfsplus_lookup+0x674/0xf70 [ 404.911886][ T7692] hfsplus_lookup+0x674/0xf70 [ 404.916913][ T7692] path_openat+0x2987/0x6760 [ 404.927857][ T7692] do_filp_open+0x280/0x660 [ 404.934587][ T7692] do_sys_openat2+0x1bb/0x2f0 [ 404.939616][ T7692] __x64_sys_openat+0x240/0x300 [ 404.944933][ T7692] x64_sys_call+0x213/0x3db0 [ 404.949918][ T7692] do_syscall_64+0xd9/0x210 [ 404.955312][ T7692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.961715][ T7692] [ 404.964279][ T7692] Uninit was created at: [ 404.969064][ T7692] __alloc_frozen_pages_noprof+0x689/0xf00 [ 404.975514][ T7692] alloc_pages_mpol+0x328/0x860 [ 404.980828][ T7692] alloc_frozen_pages_noprof+0xf7/0x200 [ 404.986752][ T7692] allocate_slab+0x24d/0x1220 [ 404.991892][ T7692] ___slab_alloc+0xfec/0x3480 [ 404.996927][ T7692] kmem_cache_alloc_lru_noprof+0x922/0xed0 [ 405.003683][ T7692] hfsplus_alloc_inode+0x5a/0xd0 [ 405.009195][ T7692] alloc_inode+0x8a/0x4a0 [ 405.014008][ T7692] iget_locked+0x239/0x12d0 [ 405.018835][ T7692] hfsplus_iget+0x5c/0xb80 [ 405.029635][ T7692] hfsplus_btree_open+0x134/0x1d00 [ 405.037008][ T7692] hfsplus_fill_super+0x1161/0x2740 [ 405.042792][ T7692] get_tree_bdev_flags+0x6e3/0x920 [ 405.048296][ T7692] get_tree_bdev+0x38/0x50 [ 405.053273][ T7692] hfsplus_get_tree+0x35/0x40 [ 405.058306][ T7692] vfs_get_tree+0xb0/0x5c0 [ 405.063195][ T7692] do_new_mount+0x738/0x1610 [ 405.068157][ T7692] path_mount+0x6db/0x1e90 [ 405.073045][ T7692] __se_sys_mount+0x6eb/0x7d0 [ 405.078101][ T7692] __x64_sys_mount+0xe4/0x150 [ 405.083266][ T7692] x64_sys_call+0xfa7/0x3db0 [ 405.088221][ T7692] do_syscall_64+0xd9/0x210 [ 405.093273][ T7692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.099509][ T7692] [ 405.102220][ T7692] CPU: 1 UID: 0 PID: 7692 Comm: syz.3.588 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(undef) [ 405.114668][ T7692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 405.131158][ T7692] ===================================================== [ 405.138236][ T7692] Disabling lock debugging due to kernel taint [ 405.146480][ T7692] Kernel panic - not syncing: kmsan.panic set ... [ 405.153083][ T7692] CPU: 1 UID: 0 PID: 7692 Comm: syz.3.588 Tainted: G B 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(undef) [ 405.166878][ T7692] Tainted: [B]=BAD_PAGE [ 405.171152][ T7692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 405.181382][ T7692] Call Trace: [ 405.184801][ T7692] [ 405.187860][ T7692] __dump_stack+0x26/0x30 [ 405.192418][ T7692] dump_stack_lvl+0x53/0x270 [ 405.197250][ T7692] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 405.203330][ T7692] dump_stack+0x1e/0x25 [ 405.207705][ T7692] panic+0x4bd/0xd50 [ 405.211881][ T7692] kmsan_report+0x31c/0x320 [ 405.216634][ T7692] ? __msan_warning+0x1b/0x30 [ 405.221544][ T7692] ? hfsplus_lookup+0x674/0xf70 [ 405.226618][ T7692] ? path_openat+0x2987/0x6760 [ 405.231603][ T7692] ? do_filp_open+0x280/0x660 [ 405.236511][ T7692] ? do_sys_openat2+0x1bb/0x2f0 [ 405.241575][ T7692] ? __x64_sys_openat+0x240/0x300 [ 405.246819][ T7692] ? x64_sys_call+0x213/0x3db0 [ 405.251814][ T7692] ? do_syscall_64+0xd9/0x210 [ 405.256690][ T7692] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.262982][ T7692] ? __hfsplus_brec_find+0x6d3/0x840 [ 405.268531][ T7692] ? kmsan_get_metadata+0xfb/0x160 [ 405.273891][ T7692] ? kmsan_internal_memmove_metadata+0x91/0x230 [ 405.280398][ T7692] ? __msan_memcpy+0x108/0x1c0 [ 405.285405][ T7692] ? hfsplus_bnode_read+0x34b/0x3a0 [ 405.290879][ T7692] ? kmsan_get_metadata+0xfb/0x160 [ 405.296254][ T7692] __msan_warning+0x1b/0x30 [ 405.300984][ T7692] hfsplus_lookup+0x674/0xf70 [ 405.305908][ T7692] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 405.312027][ T7692] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 405.318069][ T7692] ? kmsan_get_metadata+0xfb/0x160 [ 405.323406][ T7692] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 405.329465][ T7692] ? kmsan_get_metadata+0xfb/0x160 [ 405.334809][ T7692] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 405.340857][ T7692] ? kmsan_get_metadata+0xfb/0x160 [ 405.346203][ T7692] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 405.352246][ T7692] ? __pfx_hfsplus_lookup+0x10/0x10 [ 405.357659][ T7692] path_openat+0x2987/0x6760 [ 405.362558][ T7692] do_filp_open+0x280/0x660 [ 405.367331][ T7692] do_sys_openat2+0x1bb/0x2f0 [ 405.372236][ T7692] __x64_sys_openat+0x240/0x300 [ 405.377309][ T7692] x64_sys_call+0x213/0x3db0 [ 405.382119][ T7692] do_syscall_64+0xd9/0x210 [ 405.386802][ T7692] ? irqentry_exit+0x16/0x60 [ 405.391550][ T7692] ? clear_bhb_loop+0x40/0x90 [ 405.396412][ T7692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.402515][ T7692] RIP: 0033:0x7f9c9df8e929 [ 405.407078][ T7692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 405.426889][ T7692] RSP: 002b:00007f9c9eda6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 405.435504][ T7692] RAX: ffffffffffffffda RBX: 00007f9c9e1b5fa0 RCX: 00007f9c9df8e929 [ 405.443635][ T7692] RDX: 0000000000105042 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 405.451761][ T7692] RBP: 00007f9c9e010b39 R08: 0000000000000000 R09: 0000000000000000 [ 405.459879][ T7692] R10: 0000000000000189 R11: 0000000000000246 R12: 0000000000000000 [ 405.467994][ T7692] R13: 0000000000000000 R14: 00007f9c9e1b5fa0 R15: 00007ffe70fd1498 [ 405.476152][ T7692] [ 405.479531][ T7692] Kernel Offset: disabled [ 405.483939][ T7692] Rebooting in 86400 seconds..