last executing test programs: 34.593978525s ago: executing program 3 (id=887): r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ppoll(&(0x7f00000000c0)=[{r0, 0x80}], 0x1, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000001340)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_CREATE_OPEN(r0, &(0x7f00000033c0)={0xa0, 0x0, r1, {{0x0, 0x1, 0x2, 0x3, 0x80000001, 0x6, {0x2, 0x0, 0xf1, 0xb6e, 0x2, 0x1, 0x0, 0x6, 0x4, 0x6000, 0x40, r2, r3, 0xf3f, 0xfd}}, {0x0, 0x6}}}, 0xa0) 34.234504672s ago: executing program 3 (id=892): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x38, 0x10, 0x44b, 0x70bd25, 0x0, {0x7a, 0x0, 0x0, 0x0, 0x2}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x8}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20008001}, 0x4000005) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r1, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060001a"], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4) 33.987264932s ago: executing program 3 (id=894): syz_open_procfs(0x0, &(0x7f0000000180)='task\x00') r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x400000007fff, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x7}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000140)=@fd={0x6, 0x1, 0x4, 0x800, 0xc, {0x77359400}, {0x4, 0x1, 0xc, 0x3, 0xfb, 0x2}, 0x1, 0x4, {}, 0xfffffffb}) 33.653667231s ago: executing program 3 (id=898): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@ipv4_newroute={0x34, 0x1a, 0x1, 0x8070bd24, 0x0, {0x2, 0x20, 0x14, 0xfc, 0xff, 0x0, 0xff, 0xb, 0x200}, [@RTA_IIF={0x8, 0x3, r2}, @RTA_DST={0x8, 0x1, @multicast1}, @RTA_SRC={0x8, 0x2, @local}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000004}, 0xea5bc50b619917ee) 33.451033738s ago: executing program 3 (id=899): r0 = syz_mount_image$jfs(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x2010880, &(0x7f0000007400)=ANY=[], 0x1, 0x6174, &(0x7f0000001280)="$eJzs3b2PHGcdB/Dfvt6LiXNKEQULoYsTXkKIX4MxBEhSQEGTArmhQLYul8jCAWQb5EQWvugaCipqChASJUKUiII/IAUtHRUVlmwkkCsGzd3z+OY2u95zzrezd8/nI51nf/vM7D5z353bWc/MPgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxHe/872znYi4/LN0x0rEp6IX0Y1YquvViFhaXcnz9yPiudhqjmcjYrAQUS+/9c/TEa9GxEfHI+7dv71W331uj/349h///rsfHHvrb38YnP7vn272Xps0361bv/zPn+/sb50BAACgNFVVVZ30Mf9E+nzfbbtTAMBM5Pf/Ksn3H/n6V/986y/z1B+1Wq1Wq2dQN1Xj3WkWEbHRXKbeZ3A4HgAOmY140HYXaJH8i9aPiGNtdwKYa522O8CBuHf/9lon5dtpvh+sbrfnc0F25b/ReXh9x6TpNKPnmMzq9bUZvXhmQn+WZtSHeZLz747mf3m7fZjmO+j8Z2VS/sPtS5+Kk/PvjeY/4ujk3x2bf6ly/v3Hyr8nfwAAAAAAmGP5//9XWj7+u7D/VdmTRx3/XZ1RHwAAAAAAAADgSdvv+H8PGf8PAAAA5lb9Wb32m+M79036Lrb6/kudiKdG5gcKky6WWW67HwAAAAAAAAAAAABQkv72ObyXOhGDiHhqebmqqvqnabR+XPtd/rArff2hZG3/kQcAgG0fHR+5lr8TsRgRl9J3/Q2Wl5eranFpuVqulhby/uxwYbFaanyuzdP6voXhHnaI+8OqfrDFxnJN0z4vT2sffbz6uYZVbw8de0IG6bc5obmlsAEg2X43uucd6Yipqqcn7XzALrb/o8f2z160/ToFAAAADl5VVVUnfZ33iXTMv9t2pwCAmcjv/6PHBQ6kjjjYx5/3emHn9z4X/VGr1Wp1cXVTNd6dZhERG81l6n0Gw/EDwCGzEQ/a7gItkn/R+hHxXNudAOZap+0OcCDu3b+91kn5dprvB2l893wuyK78Nzpby+Xlx02nGT3HZFavr83oxTMT+vPsjPowT3L+3dH8L2+3D9N8B53/rEzKv17PlRb607acf280/xFHJ//u2PxLlfPvP1b+PfkDAAAAAMAcy///v+L4b15lAAAAAAAAADh07t2/vZave83H/z8zZj7Xfx5NOf+O/IuU8++O5P/Fkfl6jdt339zJ/9/3b6/9/ua/Pp2ne81/IT9kJ72yOukV0UnP1Omn6T5XcMTmoDesn2nQ6fb66ZyfavBOXI1rsR5nds3bTb+Pnfazu9rrng52tZ/b1d7/WPv5Xe2D9L0D1VJuPxVr8eO4Fm9vtddtC1PWf3FKezWlPeffs/0XKeffb/zU+S+n9s7ItHb3w+7HtvvmdNzzvHH1s784c/CrM9Vm9B6uW1O9fidb6M+ZiF8/iIif3li/furWlZs3r5+NNDk2bNx7LtLkCcv5D7Z+Fnb+/r+w3Z7/7je317sfDh87/3mxGf2J+b/QuF2v70sz7lsbcv7D9JPzfzu1j9/+D3P+k7f/l1voDwAAAAAAAAAAAAAAADxKVVVbl4i+EREX0vU/bV2bCQDMxvE0ze//9f7A9xvtVaJWq9Vqtfro1E3VeK83i4j4a3OZep/h5+MeDACYZ/+LiH+03QlaI/+C5e/7q6cvtt0ZYKZuvP/BD69cu7Z+/UbbPQEAAAAAAAAAPqk8/udqY/znFyNiZWS+XeO/vhmr+x3/s59vPBxg9AkP9D3BZnfY6zaGG38+tsbnPjVp/O+T8ejxv/tTnm8wpX04pX1hSvvi2Ht30hp7oUdDzv/5xnjndf4nRoZfL2H819Ex70uQ8z/ZeD3X+X9hZL5m/tVv5y7/jb3OuBndXfmfvvneT07feP+DV66+d+Xd9XfXf3T+7Nkz5y9cuHjx4ul3rl5bP7P978H0eg7k/PPY184DLUvOP2cu/7Lk/D+XavmXJef/+VTLvyw5/7y/J/+y5PzzZx/5lyXn/1Kq5V+WnP+XUi3/suT8X061/MuS8/9yquVflpz/K6mWf1ly/qdSLf+y5PxPp3oP+ft6+CMk55+PcNn+y5Lzz2c2yL8sOf9zqZZ/WXL+51Mt/7Lk/F9NtfzLkvP/SqrlX5ac/4VUy78sOf+vplr+Zcn5X0y1/MuS8/9aquVflpz/11Mt/7Lk/F9LtfzLkvP/RqrlX5ac/zdTLf+y5Py/lWr5lyXn/3qq5V+Wne//d8MNN9zIN9r+ywQAAAAAAAAAAAAAjJrF6cRtryMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPB/duBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFvbuLkeus7wd+Zl/stUOIgRCc/A1sEhNCsmTXduIX/k0xAQINUAokFPqC7XrXZsFveO0SKJJNDSUSRkUVVdMLWkCojVpVWBUXtKI0F1Vfrkp7QW8qqkpIjaqAAhJSXyBbzZzneTwzOztn7R2vZ8/z+Uj2b3fmzJwzZ87M7nft7x4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADa3f7Guc80iqJo/mn9taUoXtD8eNPkltZlr7veWwgAAACs1k9bfz93U7pg/wpu1LbM373iH7++uLi4WLxv9HfHv7C4mK6YLIrxjUXRui669O/vb7QvE1woJhojbZ+PVKx+tOL6sYrrxyuu31Bx/caK6ycqrl+yA5bYVP48pnVn21sfbil3aXFzMd66bnuPW11obBwZiT/LaWm0brM4fqSYL44Vc8VMx/Llso3W8t+8vbmutxZxXSNt69rWPEJ++InDcRsaYR9v71jX5fuMvv+GYvJHP/zE4T868+ytvWblbui4v3I7776juZ2fCpeU29ooNqZ9ErdzpG07t/V4TkY7trPRul3z4+7tfG6F2zl6eTPXVPdzPlGMtD7+dms/jbX/WC/tp23hsv+6syiK85c3u3uZJesqRorNHZeMXH5+JsojsnkfzUPpxcXYFR2nt6/gOG3O2e2dx2n3ayI+/7eH240tsw3tT9P3P7lhyfN+pcdp1HzUy71Wuo/BQb9WhuUYjMfFt1sP+omex+D28Pg/cdfyx2DPY6fHMZged9sxeEfVMTiyYbS1zelJaLRuc/kY3NGx/GhrTY3WfOau/sfg9Jnjp6YXPvbx184fP3R07ujciV07dszs2r17796900fmj83NlH9f5d4efpuLkfQauCPsu/gaeHXXsu2H6uKXB/c6nOjzOtzSteygX4dj3Q+usTYvyKXHdPnaeLS50ycujhTLvMZaz889q38dpsfd9joca3sd9vya0uN1OLaC12FzmVP3rOx7lrG2P7224Vp9LdjSdgx2fz/SfQwO+vuRYTkGJ8Jx8a/3LP+1YFvY3iemrvT7kdElx2B6uOG9p3lJ+n5/Ym9r9Doub2teccOG4uzC3On7Hj905szpHUUYa+IlbcdK9/G6ue0xFUuO15ErPl73z7/iidt6XL4l7KuJ1zb/mlj2uWouc/99/Z+r1le33vuz49KdRRgDttb7s9dX8+b+TFmyz/5sLvOp6dV/L55yadv77/gy778x9z9fri/d1YXR8bHy9Tua9s54x/tx51M11nrvarTW/dz0yt6Px8OftX4/vrnP+/HWrmUH/X483v3g4vtxo+qnHavT/XxOhOPk2Ez/9+PmMlt3XukxOdb3/fjOMBth/78mJIWUi9qOneWO27SusbHx8LjG4ho6j9NdHcuPh2zWXNdTO6/uOL37zvK+RtOju2ytjtPJrmUHfZym96vljtNG1U/frk738zkRjoubd/U/TpvLPH3/6t87N8UP2947N1Qdg+OjG5rbPJ4OwvL9fnFTPAbvKw4XJ4tjxWzr2g2t46nRWtfUAys7BjeEP2v9Xrm1zzF4d9eygz4G09ex5Y69xtjSBz8A3c/nRDgunnyg/zHYXOZNewb7vevd4ZK0TNv3rt0/X1vuZ163de2ma/kzr+Z2/s2e/j+bbS5zbO+V5sz+++necMkNPfZT9+t3udfUbLE2+2lr2M5n9y6/n5rb01zmC/tWeDztL4ri3Eceav28N/z7yp+f/c7XO/7dpde/6Zz7yEM/uPHI317J9gOw/j1fjs3l17q2f5layb//AwAAAOtCzP0jYSbyPwAAANRGzP3xf4Un8j8AAADURsz9Y2EmmeT/rW96dv75c0Vq5i8G8fq0Gx4pl4sd15nw+eTiZc3LH/rq3I//8tzK1j1SFMVPHvmNnstvfSRuV2kybOelN3devvSG51a0/oOPXV6uvb/+pXD/8fGs9DDoVcGdKYrimzd9rrWeyfdfbM2nHznYmu8+/8SF5jLP7Ss/j7d/5iXl8l8M5d/9Rw513P6ZsB++F+bM23rvj3i7r118zbY97728vni7xh0vbD3sJz9Q3m/8PTmfv1AuH/fzctv/V5996mvN5R9/Ve/tPzfSe/ufCvf71TD/++Xl8u3PQfPzeLtPh+2P64u3u+8r3+q5/Zc+Uy5/6uFyuYNhxvXfHT7f/vCz8+376/HGoY7HVbylXC6uf+Y7v926Pt5fvP/u7Z84cLFjf3QfH0//c3k/013Lx8vjeqK/6Fp/837aj8+4/qd+62DHfq5a/6V3P/Py5v12r//eruVGu27f/Rub/uDTn+u5vrg9+//sVMfj2f+u8DoO63/yA+F4DNf/z6XPdaw3OviuzvefuPyXtpzreDzRW39Urv/S64+25n9M/vj3b3jBjS88/8rmviuKb7+nvL+q9R/9w5Md2//lW+5pPR/x+tjR717/cuL6T3906sTJhbPzs217tfW7c95ebs/GiU2bm9t7U3hv7f78wMkzH5w7PTkzOVMUk/X9FXpX7Sth/qAc56/09vc8Fp7P237vm5vv+qfPxsv/5dHy8otvK79uvTos9/lw+Zby+VtsrHL9T95+S+v13Xi6/Lyjxz4A27b/594VLRgef/f3BfF4P/XSD7b2Q/O61teN+Lpe5fZ/d7a8n2+E/boYfjPzHbdcXl/78vF3I1x8T/l6X/X+C29z8Xn94/B8v+N75f3H7YqP97vh+5hvbe18v4vHxzfOjXTff+u3eJwP7yfF+fL6uFTc3xefu6Xn5sXfQ1Kcv7X1+e+k+7n1ih7mchY+tjB9bP7E2cenz8wtnJle+NjHDxw/efbEmQOt3+V54ENVt7/8/rS59f40O7f7/mJmU1EUJ4uZNXjDujbb3/xoZdt/6rHDs3tm7pqdO3Lo7JEzj52aO3308MLC4bnZhbsOHTky99Gq28/PPrhj575de3ZOHZ2ffXDvvn279k3NnzjZ3Ixyoyrsnvnw1InTB1o3WXjw/n07Hnjg/pmp4ydn5x7cMzMzdbbq9q2vTVPNW//61Om5Y4fOzB+fm1qY//jcgzv27d69s/K3AR4/dWRhcvr02RPTZxfmTk+Xj2XyTOvi5te+qttTTwv/Vn4/261R/iK+4p337k6/n7Xpq59c9q7KRbp+geiz4XfR/MOLTu1dyecx94+HmWSS/wEAACAHMfdvCDOR/wEAAKA2Yu7fGGYi/wMAAEBtxNw/EWaSSf7X/9f/X1n/v7xe/z+v/v+pj5S90vXe/4/9ef3/PFzn/v+q16//r/9fv/7/yvvz63379f/1/1lq2Pr/MfdvKoos8z8AAADkIOb+zWEm8j8AAADURsz9N4SZyP8AAABQGzH3vyDMJJP8r/+/ov7/zqrCVf37/87/r/9frM/+f3xy9P+zccX9+/c+2vGp/n+g/6//r/+v/6//z6qNL3vN9er/x9x/Y5hJJvkfAAAAchBz/wvDTOR/AAAAqI2Y+28KM5H/AQAAoDZi7t8SZpJJ/tf/d/5//X/9/3XU/+8o0q7J+f/bNkb/f32o3/n/f6r/vy76/xP6/+ux/z8+2O0f7v5/5ebr/3NNDNv5/2Puf1GYSSb5HwAAAHIQc/+Lw0zkfwAAAKiNmPtfEmYi/wMAAEBtxNx/c5hJJvlf/1//f4X9/y/p/+v/D0H/v+PxrEn/v+/5/8uP9P+HS/36/87/X6yL/r/z/xfrsf8/4O0f7v7/oM//P/7m7tvr/9PLsPX/Y+5/aZhJJvkfAAAAchBz/y1hJvI/AAAA1EbM/S8LM5H/AQAAoDZi7t8aZpJJ/tf/1/93/n/9f/3/3uuv7v+X9P+Hi/5/f/r/FfT/9f/1/1fW/+/xza/+P70MW/8/5v5bw0wyyf8AAACQg5j7bwszkf8BAACgNmLu/39hJvI/AAAA1EbM/dvCTDLJ//r/+v/6/3n1/+/doP+v/19v+v/96f9X0P/X/9f/X+H5/5e6kv7/xqo7ozaGrf8fc//Lw0wyyf8AAACQg5j7XxFmIv8DAABAbcTc/8owE/kfAAAAaiPm/skwk0zyv/5/vfr/f/rXT76y0P/X/69Yf037//Ew0P/PnP5/f/r/FfT/9f/1/9ek/08+hq3/H3P/7WEmmeR/AAAAyEHM/XeEmcj/AAAAUBsx998ZZiL/AwAAQG3E3L89zCST/K//X6/+f6T/v4b9/y8+nO5H/7/k/P+96f+vDf3/HtpepPr/FfT/9f+z7//H7371/xmMYev/x9z/qjCTTPI/AAAA5CDm/rvCTOR/AAAAqI2Y+18dZiL/AwAAQG3E3H93mEkm+V//X/9f/9/5//X/e69f/3990v/vT/+/gv6//n/2/X/n/2ewhq3/H3P/a8JMMsn/AAAAkIOY++8JM5H/AQAAoDbi/98s/9+r/A8AAAB1FHP/VJhJJvlf/1//P6f+f0P/X/9f/7/29P/70/+voP+v/6//r//PQA1b/z/m/teGmWSS/wEAACAHMfffF2Yi/wMAAEBtxNw/HWYi/wMAAEBtxNw/E2aSSf7X/9f/z6n/7/z/+v/rof/f0P9fFf3//vT/K+j/6//Xrf9fFPr/XFfD1v+PuX9HmEkm+R8AAAByEHP/zjAT+R8AAABqI+b+XWEm8j8AAADURsz994eZZJL/9f/1//X/9f/1/3uv3/n/1yf9//70/yvo/+v/163/7/z/XGfD1v+Puf+BMJNM8j8AAADkIOb+3WEm8j8AAADURsz9e8JM5H8AAACojZj794aZZJL/9f9r0v//zb/vWLf+v/5/v/UPpv+/Sf8/TP3/4VLT/n/3y+Kq6f9X0P/X/9f/1/9noIat/x9z/74wk0zyPwAAAOQg5v7XhZl05P8Lf7LGmwUAAAAMUMz9/z/MxL//AwAAQG3E3P8zYSaZ5H/9/5r0/7vo/+v/91u/8//r/9dZTfv/A6P/XyHX/n94Q7ve/fnVut7br/+v/89S177/Hz9aWf8/5v4Hw0wyyf8AAACQg5j7fzbMRP4HAACA2oi5//VhJvI/AAAA1EbM/fvDTDLJ//r/+v/6//r/16b///qi2zD2/5sHj/5/vej/96f/XyHX/n9wvfvz63379f/1/1lq2M7/H3P/G8JMMsn/AAAAkIOY+x8KM5H/AQAAoDZi7n9jmIn8DwAAALURc/+bwkwyyf/6//r/+v/6/87/33v9+v/rk/5/f/r/FfT/9f/1//X/Gahh6//H3P/mMJNM8j8AAADkIOb+h8NM5H8AAACojZj73xJmIv8DAABAbcTc/9Ywk0zyv/6//r/+v/6//n/v9ev/r0/6//3p/1fQ/9f/797+1pu9/r/+P1dr2Pr/Mff/XJhJJvkfAAAAchBz/yNhJvI/AAAA1EbM/W8LM5H/AQAAoDZi7n97mEkm+V//X/9f/1//X/+/9/r1/9cn/f/+9P8r6P/r/zv/v/4/AzVs/f+Y+98RZpJJ/gcAAIAcxNz/82Em8j8AAADURsz97wwzkf8BAACgNmLu/4Uwk0zyv/6//r/+v/5/Fv3/5o30/7Og/9+f/n+FHv3/jfr/A+vPbxrIVl6/7a+i/6//z1LD1v+Puf9dYSaZ5H8AAADIQcz97w4zkf8BAACgNmLuf0+YifwPAAAAtRFz/6NhJpnkf/3/LPv/6SHr/5f0/zPo/zv/fzb0//vT/6/g/P/O/6//r//PQA1b/z/m/sfCTDLJ/wAAAJCDmPvfG2Yi/wMAAEBtxNz/i2Em8j8AAADURsz97wszyST/6/9n2f93/v816/+PdRwfOfX/J9qez3Rc6v/r/68B/f/+9P8r6P/r/w9z/z8czZuWub3+P8No2Pr/Mfe/P8wkk/wPAAAAOYi5/5fCTOR/AAAAqI2Y+385zET+BwAAgNqIuf9Xwkwyyf/6//r/+v/O/+/8/73Xr/+/Pun/96f/X0H/X/9/mPv/FfT/GUbD1v+Puf9Xw0wyyf8AAACQg5j7PxBmIv8DAABAbcTcfyDMRP4HAACA2oi5/2CYSSb5X/+/u/8fz6iq/6//r/+v/6//vx4Nrv//shuLQv9f/1//X/9f/1//n9UYtv5/zP2Hwkwyyf8AAACQg5j7fy3MRP4HAACA2oi5/3CYifwPAAAAtRFz/2yYSSb5X///Wp3/P16ST///J/r/+v+B/n9v+v9rw/n/+9P/r6D/r/+v/6//z0ANW/8/5v65MJNM8j8AAADUWPpxcMz9R8JM5H8AAACojZj7j4aZyP8AAABQGzH3fzDMJJP8r/9/rfr/zv/fa/v1/2P/f6xjef3/kv6//v8g6P/3p/9fQf9f/1//X/+fgRq2/n/M/fNhJpnkfwAAAMhBzP0fCjOR/wEAAKA2Yu7/cJiJ/A8AAAC1EXP/sTCTTPJ/ffr//1tus/5/x+30/6v7/42iOO/8//r/vdav/78+6f/3p/9fQf9f/1//X/+fgRq2/n/M/cfDTDLJ/wAAAJCDmPtPhJnI/wAAwP+xdx9Nct1VH8f78WNb0gpeAlXsWLGEFW+BLTuq2LChSCYHY3IwweRkggkm5xxNzjlnk3M0yYaqoTw650gz07otadoz9/7P57PgoEHjblmD4Oepb11gGLn77xu32P8AAAAwjNz994tbmuz/cfr//ET9/0r/v4Dn/+/9+fr/0/T/+v9tONDfX3phn3/O/v/Od7ninvp//b/+f5L+X/+v/2e/ufX/ufvvH7c02f8AAADQQe7+B8Qt9j8AAAAMI3f/A+MW+x8AAACGkbv/irilyf7X/+v/9f/6/z39/w36//Ps/++YH9f/z4vn/0/T/2+wnf7//1f6f/2//l//z6659f+5+x8UtzTZ/wAAANBB7v4Hxy32PwAAAAwjd/9D4hb7HwAAAIaRu/+hcUuT/a//1//r//X/nv+//vU9/3+Z9P/T9P8beP6//l//r/9nq+bW/+fuf1jc0mT/AwAAQAe5+x8et9j/AAAAMIzc/Y+IW+x/AAAAGEbu/kfGLU32v/5f/6//1//r/9e/vv5/ma5bnfkzQf9/kP5/gw39/2ql/59y3v38+l/ect7/Oej/9f8cNLf+P3f/o+KWJvsfAAAAOsjd/+i4xf4HAACAYeTuvzJusf8BAABgGLn7HxO3NNn/+n/9v/5f/6//X//6+v9l8vz/aYfv/+90+/vcq2//7/n/0zz/X/+v/2e/ufX/ufuvilua7H8AAADoIHf/Y+MW+x8AAACGkbv/cXGL/Q8AAADDyN3/+Lilyf7X/7fp/3drF/2//l//r/8fnf5/muf/b7D7x9yp+qH+X/+v/9f/czhz6/9z9z8hbmmy/wEAAKCD3P1PjFvsfwAAABhG7v4nxS32PwAAAAwjd/+T45Ym+1//36b/9/x//b/+X//fgv5/mv5/g1Ge/3+RXzXH3c8f1nG/f/2//p+D5tb/5+5/StzSZP8DAABAB7n7nxq32P8AAAAwjNz9T4tb7H8AAAAYRu7+q+OWJvtf/7+l/v+ygx/T/2+z/89X0P/r//X/+v9p+v9p+v8NRun/L9Jx9/NLf//6f/0/B82t/8/d//S4pcn+BwAAgA5y9z8jbrH/AQAAYBi5+58Zt9j/AAAAMIzc/c+KW5rsf/2/5/9fTP9/b8//1//r//X/M6X/n6b/30D/r//X/+v/2aq59f+5+6+JW5rsfwAAAOggd/+z4xb7HwAAAIaRu/85cYv9DwAAAMPI3f/cuKXJ/tf/6/+X8fx//b/+X/+v/z8/+v9p+v8N9P/6f/2//p+tmlH/f9ZnnVw9L25psv8BAACgg9z9z49b7H8AAAAYRu7+F8Qt9j8AAAAMI3f/C+OWJvtf/z+b/n835xur/z+1Wq30/6um/f+ps34/6+tS/6//PwL6/2n6/w30//p//b/+n62aUf+/++Pc/S+KW5rsfwAAAOggd/+L4xb7HwAAAIaRu/8lcYv9DwAAAMPI3f/SuGWo/X/inP+J/n82/f+usfp/z//f//Ux5/7/1p/k+f/6/xHo/6fp/zfQ/+v/9f/6f7Zqbv1/7v5rb/0z9Oozf53LL7v4XyMAAAAwL9fu/uvJ1cvilqG+/w8AAAC95e5/edxi/wMAAMBCXXPgI7n7XxG3NNn/+v/t9v+Xn/Ux/b/+f//Xx5z7/20//1//f5D+/2jo/6fp/zfQ/+v/9f/6f7Zqbv1/7v5Xxi1N9j8AAAB0kLv/urjF/gcAAIBh5O5/Vdxi/wMAAMAwcve/Om5psv/1/57/r//X/+v/17++/n+Z9P/T9P8b6P/1/8fb/58482/1/4zhAvr/nZ2dK2/z/j93/2vilib7HwAAADrI3f/auGXP/r9+/7ejAAAAgAXJ3X993OL7/wAAADCM3P2vi1ua7H/9f9P+P7/U9f+79P/6/3Wvr/9fJv3/NP3/Bvp//b/n/+v/2aq5Pf8/d//r45Ym+x8AAAA6yN3/hrjF/gcAAIBh5O5/Y9xi/wMAAMAwcve/KW5psv/1/037f8//1//r/4+6/79lpf8/Eovo/0+d+/Xn3v9fpf/X/09o1//f/a57fqj/1/9z0Nz6/9z9b45bmux/AAAA6CB3/1viFvsfAAAAhpG7/61xi/0PAAAAw8jd/7a46dIm+1//r//X/+v/9f/rX/+In/9/+Wq10v9vwSL6/wlz7/89/1//P6Vd/7+P/l//z0Fz6/9z9789bmmy/wEAAKCD3P3viFvsfwAAABhG7v53xi32PwAAAAwjd/+74pYm+1//r//X/194/3/zzs6O/n9B/f9Vi+j/Pf9/S/T/0/T/G+j/9f/6f/0/R+K4+v/c/e+OW5rsfwAAAOggd/974hb7HwAAAIaRu/+9cYv9DwAAAMPI3f++uKXJ/tf/6//1/57/f2J2/f/JPX+9Js//1/9vif5/2hz7/7P/DNH/6/+X/P4H6f+v0f+zTXN7/n/u/vfHLU32PwAAAHSQu/8Dcesf3dr/AAAAMIzc/R+MW+x/AAAAGEbu/g/FLU32v/5f/6//1/8P//x//X8r+v9pc+z/z6b/1/8v+f0P0v97/j9bNbf+P3f/h+OWJvsfAAAAOsjd/5G4xf4HAACAYeTu/2jcYv8DAADAMHL33xC3NNn/+n/9v/5f/6//P/17qP8fg/5/2tH0/6f0//r/6uf/L/5boP/X/2/6fMY0t/4/d//H4pYm+x8AAAA6yN3/8bjF/gcAAIBh5O7/RNxi/wMAAMAiXbrmY7n7Pxm3NNn/+n/9v/5f/6//X//6+v9l0v9P8/z/DfT/F9jP32HPj5b2/P/9//ul/9f/s31z6/9z938qbmmy/wEAAKCD3P2fjlvsfwAAABhG7v7PxC32PwAAAAwjd/9n45Ym+1//r//X/+v/9f/rX1//v0z6/2n6/w30/8f6/Pylv3/9v/6fg+bW/+fu/1zc0mT/AwAAQAe5+z8ft9j/AAAAMIzc/V+IW+x/AAAAGMbu7s+4rOH+1//r//X/+n/9//rX1/8vk/5/mv5/A/2//l//r/9nq+bW/39x97NOrr4UtzTZ/wAAANBB7v4vxy32PwAAAAwjd/9X4hb7HwAAAIaRu/+rcUuT/a//1/8vo//f2dm5Uv+v/9/76znT/9+o/6fo/6fp/zfQ/+v/9f/6f7Zqbv1/7v6vxS1N9j8AAAB0kLv/63GL/Q8AAADDyN3/jbjF/gcAAIBh5O7/ZtzSZP/r/2fQ/5/U/3v+v/5/5fn/+v8t0f9P0/9vMGL/f/L8f/nH3c8f1nG/f/2//p+D5tb/5+7/VtzSZP8DAABAB7n7vx232P8AAAAwjNz934lb7H8AAAAYRu7+78YtTfa//v/o+v9b/951ef7/qdX696//1//r//X/tzX9/zT9/wYj9v8X4Lj7+aW/f/2//p+D5tb/5+7/XtzSZP8DAABAB7n7vx+32P8AAAAwjNz9P4hb7H8AAAAYRu7+H8YtTfa//n8Gz/8fsP/3/P/1Xx/6/1n3/5fo/8eg/5+m/99A/6//1/9vqf/Pr2b9f3dz6/9z9/8obmmy/wEAAKCD3P0/jlvsfwAAABhG7v6fxC32PwAAAAwjd/+NcctZ+39d2z0K/b/+X/+v/9f/r399/f8y6f+nnW//f2J1uP4/6f/1//r/rv2/5/9z2tz6/9z9P41bfP8fAAAAFueyc3w8d//P4hb7HwAAAIaRu//ncYv9DwAAAMPI3f+LuOWmS47rLR0p/b/+X/+v/9f/r399/f8y6f+nef7/Bovv/3d2ds7z/4ets6V+/m76/zH6/9VK/8/hza3/z93/y7jF9/8BAABgGLn7fxW32P8AAAAwjNz9v45b7H8AAAAYRu7+38QtTfa//l//f8j+fzfN1P+fpv8/Tf+/nv7/aOj/p+n/N1h8/384x93PL/39j9b/e/4/2zC3/j93/2/jlib7HwAAADrI3f+7uMX+BwAAgGHk7v993GL/AwAAwDBy9/8hbmmy/4+t/4+/1fr/xff/nv+v/9f/6/9nRf8/Tf+/gf5f/6//1/+zVXPr/3P3/zFuabL/AQAAoIPc/X+KW+x/AAAAGEbu/j/HLfY/AAAADCN3/1/ilib73/P/9f/6f/2//n/96+v/l0n/P03/v179Run/9f/6f/0/WzW3/j93/1/jlib7HwAAADrI3f+3uMX+BwAAgGHk7r8pbrH/AQAAYBi5+/8etzTZ//p//b/+X/+v/1//+vr/ZdL/TzvO/v8et9v8sp7/f+z9f74F/b/+X//PVsyt/8/d/4+4pcn+BwAAgA5y9/8zbrH/AQAAYBi5+/8Vt9j/AAAAMIzc/f+OW5rs/w39/4n6ifr/Sfr/ve9f/7/+60P/r//X/9/29P/TPP9/A/2/5//r//X/bNXc+v/c/TfHLU32PwAAAHSQu/+WuMX+BwAAgGHk7v9P3GL/AwAAwDBy9/83bmmy/z3/X/+v/9f/6//Xv77+f5n0/9P0/xvo//X/+n/9P1s1t/4/d///AgAA//+XbGLE") syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x181d011, 0x0, 0x40, 0x0, &(0x7f0000000140)) syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0xa4e478, &(0x7f00000006c0)=ANY=[@ANYRES32=0x0, @ANYRESDEC=r0, @ANYRESHEX, @ANYBLOB="4ea4164323d0136eb511b12a2291c85ff08dbd024f787cd68755278fc572e23916a8c3d6696a0b1230751ab4f5a0a0e534317a6966e83ce615c95af5aecc2e04a42b83b6c722a5849ba823ebc75abf6d436ee40d0000d9d095cbd2eb8a982eb3140257f971d3cd3343704372c5d549c9112e77eba95f84bb5997582b4a397e5d961a636b6dee95bf01261b669c55706daab553cbf1e0611078c94a612bab627d9e6c2bcd4cc27bcf0a848c16ad6022b17c7d73160094e20e27fe5af770d90d044ac583500356464edfd077a2d4ae86b09ee23c7da5b99ef3e3b1206da8e64917ba594644f982eb06245a49370f5ba8824580a3", @ANYBLOB="b33c2eccb337d507fdcb1f677a3fe3ee97310cdbd73fb1f04fe91f9bd474a7c6dcefa73615b1a19b3f6cd228dda607e0cd8bb81233907a213019c2ab188636ef61d4d947bf857949a9aebbd1eb62c119b4229389b19d2fbf3882b101cdf60b8605719592bd0297da3e87c664d4163fe0b272053ce9a56a9a50ed7878d5fd1d647c49a4c386e733e54a672ac27fc323ef156b", @ANYRESHEX, @ANYRES16, @ANYBLOB="37b57cfa7d0121345c29b6064f49a0f95b88671b8e9149556e5ff3c7012f7856b6557be6b51d61efea623114a0b4b52f68387d2040dd08c5aa753b596ede3f3d632310a389efcd8cf335ca9dbbbc10bda7a16342968c9ab4fd1ac65da604cd9b42d6d0dc0e895e0b2f42008d20b22b776a70a07a2c53fc32be094c857279c58542b176bfbcc6c7e9808da687b44a8b21d23cc2f80050f8fd457f5a5595226d2008bcded5222d3e1f98bea4c11ed226ab2e75d00ab5592daa23e809e04c2b370af460ae93b7efc32bf174830779058ad75290b9abb5000000000000000000", @ANYRESHEX, @ANYRESDEC, @ANYRES64, @ANYRESDEC, @ANYRES8, @ANYRESHEX=0x0], 0xb, 0x0, &(0x7f0000000480)) syz_mount_image$exfat(0x0, &(0x7f0000000300)='./bus\x00', 0x400, 0x0, 0x0, 0x0, &(0x7f0000000300)) 30.143526532s ago: executing program 3 (id=916): r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000900)=ANY=[@ANYBLOB="52010000ead4a320d118af1e6309010203010902240001f60720400904a67602ab52634a09050b002000f84c090905aa46"], 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000f40)={0x14, 0x0, &(0x7f0000000f00)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001240)={0x24, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001880)={0x2c, &(0x7f0000000000)={0x0, 0x13, 0x2, "17c0"}, 0x0, 0x0, 0x0, 0x0}) 14.868760365s ago: executing program 32 (id=916): r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000900)=ANY=[@ANYBLOB="52010000ead4a320d118af1e6309010203010902240001f60720400904a67602ab52634a09050b002000f84c090905aa46"], 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000f40)={0x14, 0x0, &(0x7f0000000f00)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001240)={0x24, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001880)={0x2c, &(0x7f0000000000)={0x0, 0x13, 0x2, "17c0"}, 0x0, 0x0, 0x0, 0x0}) 3.399376625s ago: executing program 4 (id=1143): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000000)={0xd, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x2, r1, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000}) ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000040)={0x28, 0x7, r1, r1, 0xa93, 0x0, 0x3fff}) 2.9962097s ago: executing program 4 (id=1146): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0xac, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x7c, 0x2, [@TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x2}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4, 0x4, 0x80, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc, 0x0, 0x3], [0x0, 0x8, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x6}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0xfffffffffffffdf3, 0x5, 0x9}]}}]}, 0xac}}, 0x40000) 2.583508865s ago: executing program 1 (id=1151): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000800)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3000000071000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="0c00018008000100000001000c0002"], 0x30}, 0x1, 0x0, 0x0, 0x44}, 0x0) 2.294593462s ago: executing program 2 (id=1152): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000180)='./file1\x00', 0x1000802, &(0x7f0000000b80)=ANY=[], 0x4, 0x272, &(0x7f0000001f40)="$eJzs3U9LW1kUAPDzYkRHGCLMgCgD8wb3QR1mrwwKMoGBkSxmViNjZAbjCApCu9B01XVX3bSbfoB2U+i20EXptl+gFIotdKNduSikxKRGY1L/lJhSf7+NB+8579773iMvWeTk7x9WV5bWNpb39nYiM5j0Z6fj4dh+EsORib6oqwQA8DXZr1Zjt1rX67UAAJfD8x8Arp7m8z858fxPKo33BN/dGx/txeIAgK7w+R8Arp6FP//6baZQmP1jNx2MWL25Wdws1v/Wx2eW478oRykmIhfvI6qH6vHt+cLsRFrzejiKq9uN+u3NYt/x+snIxfDJ+rn5wuxkWne8vj+GGvUvhqIUU5GL79vXT7Wr74+I8SPz5yMXz/+JtSjHUtRqm/Vbk2n66++FlvkHDvIAAAAAAAAAAAAAAAAAAAAAAKAb8pmD1jnVgTRt278nn08/ahmv1x/tD/RNm/5Ac4f9gVr7+2RjLNvbvQMAAAAAAAAAAAAAAAAAAMCXYuPa9ZXFcrm0/qng/2f3n5yWc8YgaczbNmcgIj5/ijMG3/706k7nnBvnOT8XCKY7Dz3+set7Px7UTvt5q57u/Dv688bIL51yItu1NWdOuSjZdtt5m+twazVuyMrF1/Pg8Jq+OzX51sJl3eF9rf8ZuTu9+Gjr5ZuzHqdXr0gAAAAAAAAAAAAAAAAAAHB1Nb/02+uVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDvNH//v0OQRC3IRkTnnHJpPYnk4Hhthiq93iMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwIAAD//7QZm14=") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x200, 0x0) fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0) 2.213683893s ago: executing program 4 (id=1154): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="10000000040000000800000005"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000340)="b9ff03076804268c989e14f088a8", 0x0, 0x40500, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.058913266s ago: executing program 1 (id=1156): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000740)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x30, 0x18, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x3}, [@NFTA_FLOWTABLE_HOOK={0x4}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x58}, 0x1, 0x0, 0x0, 0x40044}, 0x20008000) 1.671355901s ago: executing program 2 (id=1157): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r0, 0x2) syz_emit_ethernet(0x5a, &(0x7f0000000080)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "80fcff", 0x24, 0x6, 0x1, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x0, 0x0, 0x0, {[@mptcp=@synack={0x1e, 0x10, 0x6, 0x2, 0x6, 0x11a00926, 0x1}]}}}}}}}}, 0x0) 1.543619471s ago: executing program 0 (id=1158): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000340)={r1}, 0xc) 1.359320161s ago: executing program 2 (id=1159): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f00000001c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f00000001c0)=[@in6={0xa, 0x4e21, 0xffffffff, @dev={0xfe, 0x80, '\x00', 0x12}}], 0x1c) 1.279464723s ago: executing program 1 (id=1160): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e24, @multicast2}, 0x10) sendmmsg$inet(r0, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, 0x0}}], 0x1, 0x20008000) setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0x17, &(0x7f0000000080)=@gcm_256={{0x304}, "611aa09f6de4ef2a", "4867f60c9366f8caca55097828d9173185df9cd607089de85deb98049bc3b01e", "7185a435", 'N_3\t\x00\x00\x008'}, 0x38) 1.205790732s ago: executing program 0 (id=1161): setuid(0xee00) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001180)={0x14, r1, 0x7}, 0x14}}, 0x0) 1.013073019s ago: executing program 0 (id=1162): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000040)={@hyper}) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r0, 0x7b1, &(0x7f0000001600)={0x0, 0x2, 0x0, 0x5}) 912.907287ms ago: executing program 2 (id=1163): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f00000000c0)=0x8253, 0x4) setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000040)=0xf2b, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000001500)=""/19, &(0x7f0000000080)=0x13) 912.519567ms ago: executing program 4 (id=1164): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x10, 0x6, 0x0, &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xe}, 0x94) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, 0x0, &(0x7f0000000080)) 787.719391ms ago: executing program 1 (id=1165): r0 = socket$inet(0x2, 0x1, 0x100) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)='macsec0\x00', 0x10) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e22, @local}, 0x10) 710.048719ms ago: executing program 2 (id=1166): mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x2132, 0xffffffffffffffff, 0x0) prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil) brk(0x400000ffc020) 588.603629ms ago: executing program 0 (id=1167): r0 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000100)=@fragment={0x16, 0x0, 0x9, 0x1, 0x0, 0x0, 0x64}, 0x8) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) sendmmsg$inet6(r0, &(0x7f0000004b80)=[{{&(0x7f0000000300)={0xa, 0x4e23, 0x4, @private2, 0x6}, 0x1c, 0x0}}], 0x1, 0x0) 583.13166ms ago: executing program 4 (id=1168): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x2f00020b, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x7515, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="220000000400000010000000"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r0, 0xffffffffffffffff}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x10, &(0x7f0000000100)=@framed={{}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3268}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0xf00}, {}, {0x85, 0x0, 0x0, 0x76}}]}, &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) 436.06709ms ago: executing program 0 (id=1169): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000000), 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000280)={'vxcan0\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f0000000480)={&(0x7f0000000340)={0x1d, r1}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="01000000d7fe68ca0000000000000000", @ANYRES64=0x0, @ANYRES64=r1, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000004"], 0x20000600}}, 0x40000) 359.456024ms ago: executing program 2 (id=1170): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) getresgid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)) 232.313424ms ago: executing program 4 (id=1171): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xb8, 0x19, 0x1, 0x70bd27, 0x25dfdbfc, {{@in6=@local, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x1}, {0x0, 0x0, 0x200000000000}, 0x8002, 0x0, 0x1, 0x0, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) syz_emit_ethernet(0x5a, &(0x7f00000002c0)={@local, @broadcast, @void, {@ipv4={0x800, @tipc={{0x8, 0x4, 0x0, 0x3c, 0x4c, 0x67, 0x0, 0x3, 0x6, 0x0, @rand_addr=0x64010100, @local, {[@ssrr={0x89, 0x7, 0x1e, [@multicast1]}, @lsrr={0x83, 0x3, 0x93}]}}, @payload_mcast={{{{{{0x2c, 0x0, 0x0, 0x0, 0x0, 0xb, 0x1, 0x2, 0x5, 0x0, 0x1, 0x1, 0x0, 0x1, 0x800, 0x1, 0x1, 0x4e21, 0x4e22}, 0x1, 0x8000000}, 0x3, 0x3}, 0x1}}}}}}}, 0x0) 231.789584ms ago: executing program 0 (id=1172): sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)}], 0x1}], 0x1, 0x40800) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x1, 0x0, &(0x7f0000000000)) 231.637224ms ago: executing program 1 (id=1173): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x24044000}, 0x8010) 0s ago: executing program 1 (id=1174): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x7a7241, 0x0) close(r0) socket$kcm(0x29, 0x5, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8922, &(0x7f0000002280)={'ip6tnl0\x00', @random="440000004ec6"}) kernel console output (not intermixed with test programs): ) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.927645][ T5616] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.931163][ T5617] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.931176][ T5617] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.931197][ T5617] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.988041][ T5623] Bluetooth: hci3: command tx timeout [ 98.061771][ T5615] team0: Port device team_slave_0 added [ 98.065243][ T5623] Bluetooth: hci4: command tx timeout [ 98.140499][ T5615] team0: Port device team_slave_1 added [ 98.582386][ T5624] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.582400][ T5624] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.582419][ T5624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.585204][ T5614] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.585220][ T5614] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.585248][ T5614] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.679582][ T5624] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.679595][ T5624] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.679615][ T5624] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.681665][ T5614] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.681677][ T5614] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.681696][ T5614] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.838666][ T5615] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.838679][ T5615] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.838698][ T5615] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.928875][ T5615] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.928888][ T5615] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.928907][ T5615] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.959943][ T5616] hsr_slave_0: entered promiscuous mode [ 98.969535][ T5616] hsr_slave_1: entered promiscuous mode [ 98.996594][ T5617] hsr_slave_0: entered promiscuous mode [ 98.998376][ T5617] hsr_slave_1: entered promiscuous mode [ 99.000029][ T5617] debugfs: 'hsr0' already exists in 'hsr' [ 99.000110][ T5617] Cannot create hsr debugfs directory [ 99.165708][ T5624] hsr_slave_0: entered promiscuous mode [ 99.167566][ T5624] hsr_slave_1: entered promiscuous mode [ 99.169042][ T5624] debugfs: 'hsr0' already exists in 'hsr' [ 99.169068][ T5624] Cannot create hsr debugfs directory [ 99.187400][ T5614] hsr_slave_0: entered promiscuous mode [ 99.194675][ T5614] hsr_slave_1: entered promiscuous mode [ 99.203071][ T5614] debugfs: 'hsr0' already exists in 'hsr' [ 99.203145][ T5614] Cannot create hsr debugfs directory [ 99.408725][ T5615] hsr_slave_0: entered promiscuous mode [ 99.410482][ T5615] hsr_slave_1: entered promiscuous mode [ 99.411949][ T5615] debugfs: 'hsr0' already exists in 'hsr' [ 99.411979][ T5615] Cannot create hsr debugfs directory [ 99.745149][ T5623] Bluetooth: hci2: command tx timeout [ 99.985427][ T5623] Bluetooth: hci1: command tx timeout [ 99.985462][ T5623] Bluetooth: hci0: command tx timeout [ 100.064936][ T61] Bluetooth: hci3: command tx timeout [ 100.145023][ T61] Bluetooth: hci4: command tx timeout [ 100.364067][ T5616] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 100.431544][ T5616] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 100.447854][ T5616] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 100.480705][ T5616] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 100.483074][ T5616] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 100.508099][ T5616] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 100.536370][ T5616] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 100.563471][ T5616] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 100.757594][ T5624] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 100.791123][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 100.806759][ T5624] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 100.843074][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 100.853931][ T5624] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 100.881937][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 100.912811][ T5624] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 100.941857][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 101.123354][ T5614] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 101.161556][ T5614] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 101.188806][ T5614] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 101.225971][ T5614] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 101.229796][ T5614] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 101.260037][ T5614] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 101.346039][ T5614] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 101.381557][ T5614] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 101.543856][ T5617] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 101.569441][ T5617] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 101.615454][ T5617] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 101.650854][ T5617] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 101.682621][ T5617] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 101.715269][ T5617] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 101.749909][ T5617] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 101.789324][ T5617] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 101.827913][ T61] Bluetooth: hci2: command tx timeout [ 102.007928][ T5616] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.042202][ T5615] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 102.065182][ T61] Bluetooth: hci0: command tx timeout [ 102.065222][ T61] Bluetooth: hci1: command tx timeout [ 102.110378][ T5615] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 102.137529][ T5615] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 102.145121][ T5623] Bluetooth: hci3: command tx timeout [ 102.171401][ T5615] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 102.193479][ T5615] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 102.225011][ T5623] Bluetooth: hci4: command tx timeout [ 102.243609][ T5615] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 102.261732][ T5615] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 102.299680][ T5615] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 102.408647][ T5616] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.458602][ T5624] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.497996][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.498264][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.566664][ T3863] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.566798][ T3863] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.652246][ T5624] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.729661][ T3863] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.729854][ T3863] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.779106][ T5614] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.837853][ T3863] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.838493][ T3863] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.976527][ T5614] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.059220][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.059652][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.085785][ T5617] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.167248][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.167521][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.268768][ T5617] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.336651][ T5615] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.388197][ T1510] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.388573][ T1510] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.497234][ T1510] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.498591][ T1510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.624202][ T5615] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.799698][ T3398] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.799875][ T3398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.872467][ T3398] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.872705][ T3398] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.371705][ T5616] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.921615][ T5624] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.961583][ T5616] veth0_vlan: entered promiscuous mode [ 105.160585][ T5616] veth1_vlan: entered promiscuous mode [ 105.421194][ T5614] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.628414][ T5624] veth0_vlan: entered promiscuous mode [ 105.658901][ T5617] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.748843][ T5616] veth0_macvtap: entered promiscuous mode [ 105.811380][ T5624] veth1_vlan: entered promiscuous mode [ 105.845892][ T5616] veth1_macvtap: entered promiscuous mode [ 106.098200][ T5616] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.123527][ T5615] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.156848][ T5616] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.250023][ T5624] veth0_macvtap: entered promiscuous mode [ 106.268861][ T3863] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.288216][ T3863] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.312046][ T3863] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.334622][ T5624] veth1_macvtap: entered promiscuous mode [ 106.352845][ T3863] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.353040][ T5617] veth0_vlan: entered promiscuous mode [ 106.592742][ T5617] veth1_vlan: entered promiscuous mode [ 106.720929][ T5624] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.860465][ T5624] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.940051][ T5614] veth0_vlan: entered promiscuous mode [ 106.976931][ T5615] veth0_vlan: entered promiscuous mode [ 106.990181][ T3863] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.031107][ T3863] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.054460][ T3863] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.066324][ T3863] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.087846][ T3398] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.087863][ T3398] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.123703][ T5614] veth1_vlan: entered promiscuous mode [ 107.163197][ T5615] veth1_vlan: entered promiscuous mode [ 107.267483][ T5617] veth0_macvtap: entered promiscuous mode [ 107.341263][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.341284][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.466878][ T5617] veth1_macvtap: entered promiscuous mode [ 107.840895][ T5617] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.842225][ T5614] veth0_macvtap: entered promiscuous mode [ 107.880506][ T5615] veth0_macvtap: entered promiscuous mode [ 107.913908][ T3398] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.913928][ T3398] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.982832][ T5617] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.985528][ T5614] veth1_macvtap: entered promiscuous mode [ 108.019753][ T5615] veth1_macvtap: entered promiscuous mode [ 108.069119][ T68] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.111319][ T68] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.164940][ T68] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.192861][ T3398] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.259741][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.259761][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.433890][ T5614] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.451539][ T5615] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.551986][ T5615] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.581807][ T5614] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.015372][ T3863] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.079845][ T3863] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.080851][ T3863] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.083567][ T3863] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.160495][ T3863] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.257234][ T3863] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.280329][ T3863] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.300793][ T3863] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.328437][ T3863] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.328459][ T3863] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.222060][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.222083][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.484437][ T5817] loop3: detected capacity change from 0 to 32768 [ 110.522576][ T5824] loop2: detected capacity change from 0 to 256 [ 110.690473][ T160] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.690493][ T160] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.984259][ T5824] FAT-fs (loop2): Directory bread(block 1285) failed [ 110.984299][ T5824] FAT-fs (loop2): Directory bread(block 1286) failed [ 110.984324][ T5824] FAT-fs (loop2): Directory bread(block 1287) failed [ 110.984606][ T5824] FAT-fs (loop2): Directory bread(block 1288) failed [ 111.023323][ T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.023343][ T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.130179][ T5824] FAT-fs (loop2): Directory bread(block 1285) failed [ 111.130214][ T5824] FAT-fs (loop2): Directory bread(block 1286) failed [ 111.130238][ T5824] FAT-fs (loop2): Directory bread(block 1287) failed [ 111.130262][ T5824] FAT-fs (loop2): Directory bread(block 1288) failed [ 111.130541][ T5824] FAT-fs (loop2): Directory bread(block 1285) failed [ 111.130569][ T5824] FAT-fs (loop2): Directory bread(block 1286) failed [ 111.410279][ T1470] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.410301][ T1470] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.087835][ T92] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.087858][ T92] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.159084][ T5828] loop2: detected capacity change from 0 to 4096 [ 112.197139][ T5828] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 113.312279][ T5828] ntfs3(loop2): ino=19, mi_enum_attr [ 113.329346][ T5828] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 113.930610][ T5841] warning: `syz.1.14' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 114.190739][ T38] audit: type=1800 audit(1777999541.745:2): pid=5828 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.11" name="file1" dev="loop2" ino=33 res=0 errno=0 [ 114.656640][ T5851] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 114.689117][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.732926][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.327817][ T5859] loop1: detected capacity change from 0 to 512 [ 115.508668][ T5859] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 115.508690][ T5859] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 115.580051][ T5859] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 115.634974][ T5859] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 115.635121][ T5859] System zones: 0-2, 18-18, 34-35 [ 115.980090][ T5859] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.246158][ T5859] netlink: 340 bytes leftover after parsing attributes in process `syz.1.22'. [ 116.448307][ T5875] Zero length message leads to an empty skb [ 116.644063][ T5617] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.337852][ T5893] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 117.949110][ T5727] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 118.016661][ T823] kernel read not supported for file /dsp1 (pid: 823 comm: kworker/1:2) [ 118.289244][ T5727] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 118.289274][ T5727] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 118.289295][ T5727] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 118.340079][ T5727] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 118.340117][ T5727] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 118.357409][ T5727] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 118.357518][ T5727] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 118.357590][ T5727] usb 4-1: Product: syz [ 118.357632][ T5727] usb 4-1: Manufacturer: syz [ 118.454278][ T5905] netem: incorrect ge model size [ 118.454295][ T5905] netem: change failed [ 119.028174][ T5727] cdc_wdm 4-1:1.0: skipping garbage [ 119.028196][ T5727] cdc_wdm 4-1:1.0: skipping garbage [ 119.290464][ T5727] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 119.290501][ T5727] cdc_wdm 4-1:1.0: Unknown control protocol [ 119.747436][ T5918] kAFS: unable to lookup cell '(' [ 119.898144][ T5870] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 120.031629][ T5924] capability: warning: `syz.4.47' uses 32-bit capabilities (legacy support in use) [ 120.107220][ T5870] usb 2-1: Using ep0 maxpacket: 16 [ 120.108546][ T5924] program syz.4.47 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 120.111449][ T5870] usb 2-1: config 0 has an invalid interface number: 34 but max is 0 [ 120.111564][ T5870] usb 2-1: config 0 has no interface number 0 [ 120.111613][ T5870] usb 2-1: config 0 interface 34 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1023 [ 120.111638][ T5870] usb 2-1: config 0 interface 34 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 80 [ 120.243767][ T5870] usb 2-1: New USB device found, idVendor=0b95, idProduct=772a, bcdDevice=82.73 [ 120.243799][ T5870] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.243819][ T5870] usb 2-1: Product: syz [ 120.243834][ T5870] usb 2-1: Manufacturer: syz [ 120.243849][ T5870] usb 2-1: SerialNumber: syz [ 120.464958][ T5870] usb 2-1: config 0 descriptor?? [ 120.470057][ T5916] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 120.470365][ T5916] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 120.705908][ T5916] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 120.706047][ T5916] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 120.768272][ T5748] usb 4-1: USB disconnect, device number 2 [ 120.831679][ T823] kernel read not supported for file /dsp1 (pid: 823 comm: kworker/1:2) [ 121.467877][ T5870] asix 2-1:0.34 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 121.471636][ T5870] asix 2-1:0.34: probe with driver asix failed with error -71 [ 121.687990][ T5870] usb 2-1: USB disconnect, device number 2 [ 122.151572][ T5947] loop3: detected capacity change from 0 to 256 [ 122.156003][ T5945] input: syz1 as /devices/virtual/input/input6 [ 122.178090][ T5945] input: failed to attach handler leds to device input6, error: -6 [ 122.182665][ T5947] exfat: Deprecated parameter 'utf8' [ 122.732963][ T5947] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 123.233509][ T5965] loop1: detected capacity change from 0 to 512 [ 123.277102][ T5965] EXT4-fs (loop1): bad geometry: block count 768 exceeds size of device (256 blocks) [ 123.759148][ T5975] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 124.191134][ T5986] netlink: 'syz.3.73': attribute type 1 has an invalid length. [ 125.160291][ T6012] syzkaller1: tun_chr_ioctl cmd 2147767520 [ 125.334356][ T6015] ======================================================= [ 125.334356][ T6015] WARNING: The mand mount option has been deprecated and [ 125.334356][ T6015] and is ignored by this kernel. Remove the mand [ 125.334356][ T6015] option from the mount to silence this warning. [ 125.334356][ T6015] ======================================================= [ 125.797822][ T6026] vivid-004: disconnect [ 125.800830][ T6024] vivid-004: reconnect [ 125.823901][ T6025] loop3: detected capacity change from 0 to 256 [ 126.139559][ T6032] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.91'. [ 126.151603][ T6035] loop1: detected capacity change from 0 to 512 [ 126.302285][ T6035] EXT4-fs (loop1): 1 truncate cleaned up [ 126.304275][ T6033] overlayfs: overlapping lowerdir path [ 126.322833][ T6035] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 126.744882][ T6047] loop4: detected capacity change from 0 to 512 [ 126.832609][ T5617] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.918267][ T6052] loop9: detected capacity change from 0 to 7 [ 126.921459][ T6047] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz.4.98: iget: bad i_size value: 38620345925642 [ 126.922631][ T6047] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 126.934393][ C1] EXT4-fs (loop4): initial error at time 1777999554: ext4_orphan_get:1397: inode 15 [ 126.934542][ C1] EXT4-fs (loop4): last error at time 1777999554: ext4_orphan_get:1397: inode 15 [ 127.053521][ T6054] netlink: 14 bytes leftover after parsing attributes in process `syz.3.100'. [ 127.102335][ T6047] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.98: couldn't read orphan inode 15 (err -117) [ 127.103186][ T6047] loop4: lost filesystem error report for type 5 error -117 [ 127.157256][ T6047] EXT4-fs (loop4): mounted filesystem 00000000-0000-00a1-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.200338][ T6052] Dev loop9: unable to read RDB block 7 [ 127.200384][ T6052] loop9: unable to read partition table [ 127.200713][ T6052] loop9: partition table beyond EOD, truncated [ 127.200752][ T6052] loop_reread_partitions: partition scan of loop9 (3 xC) failed (rc=-5) [ 127.276984][ T6053] Dev loop9: unable to read RDB block 7 [ 127.277031][ T6053] loop9: unable to read partition table [ 127.277246][ T6053] loop9: partition table beyond EOD, truncated [ 127.277265][ T6053] loop_reread_partitions: partition scan of loop9 (3 xC) failed (rc=-5) [ 127.546634][ T38] audit: type=1800 audit(1777999555.155:3): pid=6047 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.98" name="file1" dev="loop4" ino=18 res=0 errno=0 [ 128.586237][ T6065] loop0: detected capacity change from 0 to 131072 [ 128.635732][ T6065] F2FS-fs (loop0): Test dummy encryption mode enabled [ 128.668252][ T6065] F2FS-fs (loop0): invalid crc value [ 128.815314][ T6065] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 128.842128][ T6065] F2FS-fs (loop0): Start checkpoint disabled! [ 129.013763][ T6065] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0 [ 129.014462][ T6065] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 129.058351][ T5614] EXT4-fs (loop4): unmounting filesystem 00000000-0000-00a1-0000-000000000000. [ 129.068704][ T6065] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 129.848548][ T6083] loop4: detected capacity change from 0 to 2048 [ 130.300337][ T6083] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 130.491924][ T6091] netlink: 12 bytes leftover after parsing attributes in process `syz.2.113'. [ 132.388554][ T6126] netlink: 8 bytes leftover after parsing attributes in process `syz.1.127'. [ 132.388588][ T6126] netlink: 'syz.1.127': attribute type 15 has an invalid length. [ 132.388601][ T6126] netlink: 'syz.1.127': attribute type 25 has an invalid length. [ 132.388614][ T6126] netlink: 4 bytes leftover after parsing attributes in process `syz.1.127'. [ 132.591018][ T6128] netlink: 56 bytes leftover after parsing attributes in process `syz.2.128'. [ 132.943362][ T6138] netlink: 8 bytes leftover after parsing attributes in process `syz.1.133'. [ 132.943386][ T6138] netlink: 4 bytes leftover after parsing attributes in process `syz.1.133'. [ 132.952458][ T1337] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.965756][ T1337] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.146093][ T6143] loop0: detected capacity change from 0 to 512 [ 133.172384][ T6143] FAT-fs (loop0): bogus logical sector size 0 [ 133.172408][ T6143] FAT-fs (loop0): Can't find a valid FAT filesystem [ 133.253255][ T6143] netlink: 8 bytes leftover after parsing attributes in process `syz.0.134'. [ 133.271292][ T6142] pim6reg1: tun_chr_ioctl cmd 1074025678 [ 133.271317][ T6142] pim6reg1: group set to 0 [ 133.271472][ T1470] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 133.579092][ T1470] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 133.867788][ T38] audit: type=1326 audit(1777999561.445:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6158 comm="syz.1.141" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f7015cdd9 code=0x7ffc0000 [ 133.867837][ T38] audit: type=1326 audit(1777999561.485:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6158 comm="syz.1.141" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f7015cdd9 code=0x7ffc0000 [ 133.906199][ T38] audit: type=1326 audit(1777999561.525:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6158 comm="syz.1.141" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f3f7015cdd9 code=0x7ffc0000 [ 133.906248][ T38] audit: type=1326 audit(1777999561.525:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6158 comm="syz.1.141" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f7015cdd9 code=0x7ffc0000 [ 133.906286][ T38] audit: type=1326 audit(1777999561.525:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6158 comm="syz.1.141" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f7015cdd9 code=0x7ffc0000 [ 133.913152][ T38] audit: type=1326 audit(1777999561.525:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6158 comm="syz.1.141" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3f7015cdd9 code=0x7ffc0000 [ 133.913597][ T38] audit: type=1326 audit(1777999561.525:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6158 comm="syz.1.141" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f7015cdd9 code=0x7ffc0000 [ 133.954020][ T38] audit: type=1326 audit(1777999561.565:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6158 comm="syz.1.141" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f7015cdd9 code=0x7ffc0000 [ 134.185046][ T6162] program syz.0.142 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 134.976300][ T38] audit: type=1326 audit(1777999562.575:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6158 comm="syz.1.141" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=217 compat=0 ip=0x7f3f7015cdd9 code=0x7ffc0000 [ 135.002597][ T38] audit: type=1326 audit(1777999562.615:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6158 comm="syz.1.141" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f7015cdd9 code=0x7ffc0000 [ 135.270614][ T6154] loop3: detected capacity change from 0 to 32768 [ 135.421742][ T6154] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.138 (6154) [ 137.086802][ T6154] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 137.088315][ T6154] BTRFS info (device loop3): using crc32c checksum algorithm [ 137.118153][ T1470] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 137.121128][ T1470] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 137.141599][ T6154] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 137.156850][ T6154] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 137.158528][ T6154] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 137.159954][ T6154] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 137.163714][ T6154] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 137.164638][ T6154] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 137.349486][ T6154] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 137.375314][ T6154] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 137.375810][ T6154] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 137.376171][ T6154] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 137.484645][ T6154] BTRFS error (device loop3): open_ctree failed: -12 [ 138.037765][ T6198] loop1: detected capacity change from 0 to 128 [ 138.236176][ T6198] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 138.351396][ T5735] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 138.367396][ T6198] ext4 filesystem being mounted at /27/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 138.440627][ T6198] fscrypt (loop1, inode 12): Unsupported encryption flags (0x08) [ 138.535347][ T5735] usb 3-1: Using ep0 maxpacket: 32 [ 138.541486][ T5735] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 138.541519][ T5735] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 138.541558][ T5735] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 138.541718][ T5735] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.626827][ T5617] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 138.661316][ T5735] usb 3-1: config 0 descriptor?? [ 138.838478][ T5735] hub 3-1:0.0: USB hub found [ 138.929593][ T5735] hub 3-1:0.0: 1 port detected [ 139.169026][ T6215] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 139.359454][ C1] Illegal XDP return value 16128 on prog (id 15) dev lo, expect packet loss! [ 139.404837][ T5753] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 139.519264][ T5748] hub 3-1:0.0: hub_ext_port_status failed (err = -71) [ 139.574852][ T5753] usb 2-1: Using ep0 maxpacket: 16 [ 139.582747][ T5753] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 139.582781][ T5753] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 139.582804][ T5753] usb 2-1: config 0 interface 0 has no altsetting 0 [ 139.582839][ T5753] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 139.582864][ T5753] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.660380][ T5735] usb 3-1: Failed to suspend device, error -71 [ 139.678023][ T5735] usb 3-1: USB disconnect, device number 2 [ 139.699769][ T5753] usb 2-1: config 0 descriptor?? [ 140.434686][ T6231] loop3: detected capacity change from 0 to 2048 [ 140.554686][ T6231] loop3: p3 p4 < > [ 140.555037][ T6231] loop3: p3 size 861184 extends beyond EOD, truncated [ 140.840587][ T5753] usb 2-1: USB disconnect, device number 3 [ 140.942371][ T6244] loop2: detected capacity change from 0 to 2048 [ 141.147810][ T6248] loop0: detected capacity change from 0 to 512 [ 141.189615][ T6248] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 141.509582][ T5813] udevd[5813]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 141.547252][ T6248] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 141.587257][ T6248] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2860: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 141.594813][ C1] EXT4-fs (loop0): error count since last fsck: 1 [ 141.594834][ C1] EXT4-fs (loop0): initial error at time 1777999569: ext4_mb_generate_buddy:1317 [ 141.594858][ C1] EXT4-fs (loop0): last error at time 1777999569: ext4_mb_generate_buddy:1317 [ 141.746837][ T6248] EXT4-fs (loop0): 1 truncate cleaned up [ 141.832521][ T5813] udevd[5813]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 142.091807][ T6248] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 142.507953][ T6264] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 142.759295][ T5615] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.975875][ T5735] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 143.152746][ T5735] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 143.152779][ T5735] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 143.152819][ T5735] usb 2-1: New USB device found, idVendor=18d1, idProduct=9400, bcdDevice= 0.ba [ 143.152841][ T5735] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.270749][ T5735] usb 2-1: config 0 descriptor?? [ 143.941548][ T6290] netlink: 48 bytes leftover after parsing attributes in process `syz.0.189'. [ 143.986936][ T5735] stadia 0003:18D1:9400.0002: unbalanced delimiter at end of report description [ 144.031685][ T5735] stadia 0003:18D1:9400.0002: parse failed [ 144.031760][ T5735] stadia 0003:18D1:9400.0002: probe with driver stadia failed with error -22 [ 144.109745][ T5735] usb 2-1: USB disconnect, device number 4 [ 144.567336][ T6300] netlink: 12 bytes leftover after parsing attributes in process `syz.0.192'. [ 144.567368][ T6300] IPv6: NLM_F_CREATE should be specified when creating new route [ 144.990593][ T6312] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 145.244189][ T6322] loop1: detected capacity change from 0 to 256 [ 145.262475][ T6323] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0 [ 145.402444][ T6322] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 145.402464][ T6322] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 145.454152][ T6322] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c91aa, utbl_chksum : 0xe619d30d) [ 145.460651][ T6322] exFAT-fs (loop1): failed to load alloc-bitmap [ 145.460668][ T6322] exFAT-fs (loop1): failed to recognize exfat type [ 145.629436][ T1139] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 145.653404][ T1139] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 145.653461][ T1139] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 145.653494][ T1139] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 146.102585][ T6340] netlink: 148 bytes leftover after parsing attributes in process `syz.2.209'. [ 146.383462][ T6348] loop2: detected capacity change from 0 to 64 [ 147.439308][ T6354] loop1: detected capacity change from 0 to 4096 [ 148.404842][ T5753] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 148.608902][ T5753] usb 5-1: Using ep0 maxpacket: 16 [ 148.611576][ T5753] usb 5-1: too many configurations: 112, using maximum allowed: 8 [ 148.730166][ T5753] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 148.730207][ T5753] usb 5-1: New USB device strings: Mfr=144, Product=246, SerialNumber=0 [ 148.730227][ T5753] usb 5-1: Product: syz [ 148.730242][ T5753] usb 5-1: Manufacturer: syz [ 148.815334][ T5753] r8152-cfgselector 5-1: Unknown version 0x0000 [ 148.815361][ T5753] r8152-cfgselector 5-1: config 0 descriptor?? [ 149.075525][ T5753] rndis_host 5-1:0.0: rndis: master #0/ffff888035087000 slave #1/0000000000000000 [ 149.217471][ T5753] r8152-cfgselector 5-1: USB disconnect, device number 2 [ 149.903980][ T6396] netlink: 'syz.3.234': attribute type 4 has an invalid length. [ 150.386417][ T6414] loop3: detected capacity change from 0 to 256 [ 150.803747][ T6427] loop4: detected capacity change from 0 to 128 [ 150.979343][ T6427] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 150.986453][ T6427] ext4 filesystem being mounted at /46/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 151.298784][ T5614] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 151.534452][ T6439] vxcan0: tx drop: invalid sa for name 0x0000000000000001 [ 152.197700][ T6462] loop3: detected capacity change from 0 to 8 [ 152.609049][ T5735] kernel write not supported for file /103/uid_map (pid: 5735 comm: kworker/1:5) [ 152.924862][ T5753] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 153.086248][ T5753] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 153.086281][ T5753] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.734122][ T5753] usb 1-1: config 0 descriptor?? [ 154.091294][ T6503] netlink: 60 bytes leftover after parsing attributes in process `syz.3.281'. [ 154.286187][ T6487] loop1: detected capacity change from 0 to 131072 [ 154.294328][ T6487] F2FS-fs (loop1): Test dummy encryption mode enabled [ 154.333768][ T5753] cp210x 1-1:0.0: cp210x converter detected [ 154.403561][ T6487] F2FS-fs (loop1): invalid crc value [ 154.631619][ T6487] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 154.660669][ T6487] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 154.758891][ T6487] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx" [ 155.097430][ T5753] usb 1-1: cp210x converter now attached to ttyUSB0 [ 155.307822][ T5753] usb 1-1: USB disconnect, device number 2 [ 155.415237][ T823] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 155.590120][ T823] usb 5-1: config 246 has an invalid interface number: 166 but max is 0 [ 155.590151][ T823] usb 5-1: config 246 has no interface number 0 [ 155.590200][ T823] usb 5-1: config 246 interface 166 altsetting 118 has an endpoint descriptor with address 0xAA, changing to 0x8A [ 155.590228][ T823] usb 5-1: config 246 interface 166 altsetting 118 endpoint 0x8A has invalid wMaxPacketSize 0 [ 155.590252][ T823] usb 5-1: config 246 interface 166 has no altsetting 0 [ 155.594362][ T823] usb 5-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 9.63 [ 155.594393][ T823] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.594414][ T823] usb 5-1: Product: syz [ 155.594430][ T823] usb 5-1: Manufacturer: syz [ 155.594446][ T823] usb 5-1: SerialNumber: syz [ 155.885968][ T5753] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 155.887925][ T5753] cp210x 1-1:0.0: device disconnected [ 156.247575][ T6534] loop3: detected capacity change from 0 to 512 [ 156.250643][ T6534] EXT4-fs: inline encryption not supported [ 156.371045][ T823] usb 5-1: Limiting number of CPorts to U8_MAX [ 156.409488][ T823] usb 5-1: Unknown endpoint type found, address 0x0b [ 156.409513][ T823] usb 5-1: Not enough endpoints found in device, aborting! [ 156.618930][ T823] usb 5-1: USB disconnect, device number 3 [ 156.651967][ T6534] EXT4-fs (loop3): couldn't mount as ext2 due to feature incompatibilities [ 157.081856][ T5753] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 157.245404][ T5753] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 157.245483][ T5753] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 157.245512][ T5753] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 157.245553][ T5753] usb 4-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 157.245585][ T5753] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.386028][ T5753] usb 4-1: config 0 descriptor?? [ 157.480391][ T6552] vxcan1: tx address claim with dest, not broadcast [ 158.107584][ T5753] hid-picolcd 0003:04D8:F002.0003: No report with id 0xf3 found [ 158.107608][ T5753] hid-picolcd 0003:04D8:F002.0003: No report with id 0xf4 found [ 158.188594][ T5753] usb 4-1: USB disconnect, device number 3 [ 159.054484][ T6556] loop4: detected capacity change from 0 to 32768 [ 159.833126][ T6556] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 159.929171][ T6592] loop1: detected capacity change from 0 to 64 [ 159.959136][ T6592] BFS-fs: bfs_fill_super(): loop1 is unclean, continuing [ 160.316825][ T6556] XFS (loop4): Ending clean mount [ 160.699876][ T6608] loop3: detected capacity change from 0 to 256 [ 160.701240][ T6608] exfat: Deprecated parameter 'utf8' [ 160.701432][ T6608] exfat: Deprecated parameter 'namecase' [ 160.701470][ T6608] exfat: Deprecated parameter 'namecase' [ 160.889911][ T6610] loop1: detected capacity change from 0 to 1024 [ 160.895865][ T6608] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc232f927, utbl_chksum : 0xe619d30d) [ 161.058566][ T6610] EXT4-fs (loop1): Test dummy encryption mode enabled [ 161.216559][ T823] usb 3-1: new low-speed USB device number 3 using dummy_hcd [ 161.262326][ T6610] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 161.297432][ T5614] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 161.387779][ T823] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1056, setting to 8 [ 161.387815][ T823] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 161.387858][ T823] usb 3-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00 [ 161.387883][ T823] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.455537][ T823] usb 3-1: config 0 descriptor?? [ 161.456665][ T6612] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 161.996675][ T5617] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.074193][ T823] logitech 0003:046D:C293.0004: unknown main item tag 0x3 [ 162.074246][ T823] logitech 0003:046D:C293.0004: unknown main item tag 0x5 [ 162.074272][ T823] logitech 0003:046D:C293.0004: item fetching failed at offset 36/40 [ 162.101889][ T823] logitech 0003:046D:C293.0004: parse failed [ 162.102032][ T823] logitech 0003:046D:C293.0004: probe with driver logitech failed with error -22 [ 162.128007][ T823] usb 3-1: USB disconnect, device number 3 [ 163.531136][ T5598] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 163.611806][ T5623] Bluetooth: hci1: unexpected subevent 0x1a length: 10 > 6 [ 163.669303][ T6654] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add() [ 163.726180][ T5598] usb 4-1: Using ep0 maxpacket: 16 [ 163.728225][ T5598] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 163.728260][ T5598] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 163.731491][ T5598] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 163.731524][ T5598] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.731539][ T5598] usb 4-1: Product: syz [ 163.731549][ T5598] usb 4-1: Manufacturer: syz [ 163.731560][ T5598] usb 4-1: SerialNumber: syz [ 163.883894][ T5598] usb 4-1: config 0 descriptor?? [ 164.013944][ T5598] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 164.013982][ T5598] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 164.517351][ T5598] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 164.635668][ T6651] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 164.730977][ T5598] em28xx 4-1:0.0: Config register raw data: 0xfffffffb [ 164.736266][ T5598] em28xx 4-1:0.0: AC97 chip type couldn't be determined [ 164.736334][ T5598] em28xx 4-1:0.0: No AC97 audio processor [ 164.816753][ T5598] usb 4-1: USB disconnect, device number 4 [ 164.848569][ T5598] em28xx 4-1:0.0: Disconnecting em28xx [ 164.882353][ T6681] loop0: detected capacity change from 0 to 512 [ 165.100394][ T38] audit: type=1326 audit(1777999592.715:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6686 comm="syz.4.350" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ac4e2cdd9 code=0x7ffc0000 [ 165.101829][ T38] audit: type=1326 audit(1777999592.715:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6686 comm="syz.4.350" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ac4e2cdd9 code=0x7ffc0000 [ 165.178710][ T38] audit: type=1326 audit(1777999592.715:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6686 comm="syz.4.350" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ac4e2cdd9 code=0x7ffc0000 [ 165.178770][ T38] audit: type=1326 audit(1777999592.785:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6686 comm="syz.4.350" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ac4e2cdd9 code=0x7ffc0000 [ 165.178826][ T38] audit: type=1326 audit(1777999592.785:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6686 comm="syz.4.350" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f4ac4e2cdd9 code=0x7ffc0000 [ 165.294263][ T38] audit: type=1326 audit(1777999592.905:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6686 comm="syz.4.350" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ac4e2cdd9 code=0x7ffc0000 [ 165.294322][ T38] audit: type=1326 audit(1777999592.905:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6686 comm="syz.4.350" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f4ac4e2cb42 code=0x7ffc0000 [ 165.345845][ T38] audit: type=1326 audit(1777999592.915:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6686 comm="syz.4.350" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ac4e2cdd9 code=0x7ffc0000 [ 165.345902][ T38] audit: type=1326 audit(1777999592.965:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6688 comm="syz.4.350" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f4ac4ded60e code=0x7ffc0000 [ 165.346044][ T38] audit: type=1326 audit(1777999592.905:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6686 comm="syz.4.350" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f4ac4e2cbd7 code=0x7ffc0000 [ 165.353624][ T6681] EXT4-fs (loop0): 1 truncate cleaned up [ 165.496341][ T6681] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 165.665181][ T5623] Bluetooth: hci1: command 0x206a tx timeout [ 165.702461][ T61] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 165.843646][ T5615] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.980287][ T5598] em28xx 4-1:0.0: Freeing device [ 166.490555][ T6712] loop1: detected capacity change from 0 to 512 [ 166.631710][ T6712] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz.1.359: iget: bad i_size value: 38620345925642 [ 166.631747][ T6712] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 166.641822][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 166.641932][ C0] EXT4-fs (loop1): initial error at time 1777999594: ext4_orphan_get:1397: inode 15 [ 166.642061][ C0] EXT4-fs (loop1): last error at time 1777999594: ext4_orphan_get:1397: inode 15 [ 166.725468][ T6712] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.359: couldn't read orphan inode 15 (err -117) [ 166.725505][ T6712] loop1: lost filesystem error report for type 5 error -117 [ 166.820793][ T6712] EXT4-fs (loop1): mounted filesystem 00000000-0000-00a1-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.107614][ T6724] netem: change failed [ 167.218297][ T5617] EXT4-fs (loop1): unmounting filesystem 00000000-0000-00a1-0000-000000000000. [ 167.384894][ T5735] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 167.385170][ C1] raw-gadget.0 gadget.0: ignoring, device is not running [ 167.514904][ T5735] usb 1-1: device descriptor read/64, error -32 [ 167.820343][ T6736] process 'syz.3.368' launched './file2' with NULL argv: empty string added [ 167.894837][ T5735] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 168.043211][ T6730] loop2: detected capacity change from 0 to 32768 [ 168.076556][ T5735] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 168.076587][ T5735] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.076616][ T5735] usb 1-1: Product: syz [ 168.076632][ T5735] usb 1-1: Manufacturer: syz [ 168.076647][ T5735] usb 1-1: SerialNumber: syz [ 168.137009][ T5735] usb 1-1: config 0 descriptor?? [ 168.191764][ T5735] ch341 1-1:0.0: ch341-uart converter detected [ 168.424508][ T6730] XFS (loop2): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 168.669934][ T6745] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 168.840081][ T6730] XFS (loop2): Ending clean mount [ 169.055014][ T5735] usb 1-1: failed to send control message: -71 [ 169.055074][ T5735] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 169.146974][ T5735] usb 1-1: USB disconnect, device number 4 [ 169.163683][ T5735] ch341 1-1:0.0: device disconnected [ 169.571904][ T5624] XFS (loop2): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 169.824556][ T5598] hid-generic 0005:15C2:0003.0005: item fetching failed at offset 3/6 [ 169.827148][ T5598] hid-generic 0005:15C2:0003.0005: probe with driver hid-generic failed with error -22 [ 170.582258][ T5598] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 170.796752][ T5598] usb 1-1: Using ep0 maxpacket: 16 [ 170.799104][ T5598] usb 1-1: config index 0 descriptor too short (expected 12592, got 27) [ 170.799135][ T5598] usb 1-1: config 55 has too many interfaces: 55, using maximum allowed: 32 [ 170.799157][ T5598] usb 1-1: config 55 has an invalid descriptor of length 55, skipping remainder of the config [ 170.799177][ T5598] usb 1-1: config 55 has 0 interfaces, different from the descriptor's value: 55 [ 170.802281][ T5598] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 170.802311][ T5598] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.802336][ T5598] usb 1-1: Product: syz [ 170.802350][ T5598] usb 1-1: Manufacturer: syz [ 170.802366][ T5598] usb 1-1: SerialNumber: syz [ 171.472033][ T5600] usb 1-1: USB disconnect, device number 5 [ 171.544912][ T5727] usb 3-1: new low-speed USB device number 4 using dummy_hcd [ 171.723127][ T5727] usb 3-1: config 0 has no interfaces? [ 171.723165][ T5727] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 171.723190][ T5727] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.804089][ T5727] usb 3-1: config 0 descriptor?? [ 171.805455][ T9] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 172.047939][ T5598] usb 3-1: USB disconnect, device number 4 [ 172.221231][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 172.223829][ T9] usb 4-1: config index 0 descriptor too short (expected 52, got 36) [ 172.223856][ T9] usb 4-1: config 0 has an invalid interface number: 251 but max is 0 [ 172.223877][ T9] usb 4-1: config 0 has no interface number 0 [ 172.223921][ T9] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 172.223947][ T9] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 172.228987][ T9] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 172.229084][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.229106][ T9] usb 4-1: Product: syz [ 172.229121][ T9] usb 4-1: Manufacturer: syz [ 172.229160][ T9] usb 4-1: SerialNumber: syz [ 172.368588][ T9] usb 4-1: config 0 descriptor?? [ 172.399096][ T6778] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 172.399320][ T6778] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 172.544893][ T5727] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 172.622075][ T6778] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 172.622206][ T6778] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 172.724905][ T5727] usb 5-1: Using ep0 maxpacket: 8 [ 172.784027][ T5727] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 172.784086][ T5727] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 172.784148][ T5727] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.962332][ T5727] usb 5-1: config 0 descriptor?? [ 173.078356][ T6793] netlink: 16 bytes leftover after parsing attributes in process `syz.2.388'. [ 173.127230][ T5727] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 173.321609][ T9] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 173.321645][ T9] asix 4-1:0.251 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 173.358713][ T9] asix 4-1:0.251: probe with driver asix failed with error -71 [ 173.534173][ T6799] loop0: detected capacity change from 0 to 512 [ 173.542277][ T6799] EXT4-fs: Ignoring removed orlov option [ 173.561110][ T6799] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 173.652659][ T9] usb 4-1: USB disconnect, device number 5 [ 173.674620][ T6799] EXT4-fs (loop0): 1 truncate cleaned up [ 173.882468][ T6808] vim2m vim2m.0: vidioc_s_fmt queue busy [ 173.937140][ T5727] gspca_vc032x: reg_w err -71 [ 173.937244][ T5727] vc032x 5-1:0.0: probe with driver vc032x failed with error -71 [ 174.068644][ T6799] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 174.132515][ T5727] usb 5-1: USB disconnect, device number 4 [ 174.504293][ T5615] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.737523][ T6817] netlink: 8 bytes leftover after parsing attributes in process `syz.4.398'. [ 174.962672][ T6817] macvlan2: entered allmulticast mode [ 174.962696][ T6817] hsr0: entered allmulticast mode [ 174.962711][ T6817] hsr_slave_0: entered allmulticast mode [ 174.962740][ T6817] hsr_slave_1: entered allmulticast mode [ 174.962818][ T6817] hsr0: entered promiscuous mode [ 175.796828][ T6838] loop0: detected capacity change from 0 to 512 [ 175.853671][ T6841] loop1: detected capacity change from 0 to 64 [ 176.153434][ T6838] EXT4-fs (loop0): 1 orphan inode deleted [ 176.200591][ T6838] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 176.439951][ T5615] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.009403][ T6851] loop3: detected capacity change from 0 to 4096 [ 177.023330][ T6851] EXT4-fs: Ignoring removed orlov option [ 177.093362][ T6851] EXT4-fs (loop3): Test dummy encryption mode enabled [ 177.158930][ T6851] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 177.967503][ T6863] loop4: detected capacity change from 0 to 24 [ 178.288687][ T5616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.853288][ T6879] netlink: 36 bytes leftover after parsing attributes in process `syz.3.419'. [ 179.403669][ T6891] loop1: detected capacity change from 0 to 512 [ 179.414021][ T6891] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 179.509044][ T6891] EXT4-fs error (device loop1): xattr_find_entry:337: inode #15: comm syz.1.427: corrupted xattr entries [ 179.509083][ T6891] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 179.518422][ C1] EXT4-fs (loop1): initial error at time 1777999607: xattr_find_entry:337: inode 15 [ 179.518464][ C1] EXT4-fs (loop1): last error at time 1777999607: xattr_find_entry:337: inode 15 [ 179.560833][ T6891] EXT4-fs (loop1): 1 truncate cleaned up [ 179.563874][ T6891] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 179.869625][ T6891] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 179.922029][ T5727] usb 5-1: new low-speed USB device number 5 using dummy_hcd [ 180.152043][ T5617] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 180.225577][ T5727] usb 5-1: config 0 has no interfaces? [ 180.225617][ T5727] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 180.225642][ T5727] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.348026][ T5727] usb 5-1: config 0 descriptor?? [ 180.496360][ T6913] loop2: detected capacity change from 0 to 512 [ 180.588584][ T6913] netlink: 268 bytes leftover after parsing attributes in process `syz.2.434'. [ 180.588669][ T6913] netlink: 136 bytes leftover after parsing attributes in process `syz.2.434'. [ 180.588687][ T6913] netlink: 16 bytes leftover after parsing attributes in process `syz.2.434'. [ 180.633900][ T5727] usb 5-1: USB disconnect, device number 5 [ 181.769454][ T6925] mmap: syz.0.440 (6925) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 182.741700][ T6937] loop4: detected capacity change from 0 to 65536 [ 182.742941][ T6937] xfs: Deprecated parameter 'ikeep' [ 182.742959][ T6937] XFS: ikeep mount option is deprecated. [ 182.859633][ T6937] XFS (loop4): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 182.961622][ T6937] XFS (loop4): Ending clean mount [ 183.006878][ T6937] XFS (loop4): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xe0, xfs_cntbt block 0x6 [ 183.006942][ T6937] XFS (loop4): Unmount and run xfs_repair [ 183.006956][ T6937] XFS (loop4): First 128 bytes of corrupted metadata buffer: [ 183.006976][ T6937] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff AB3C............ [ 183.006993][ T6937] 00000010: 00 00 00 00 00 00 00 06 00 00 00 01 00 00 00 10 ................ [ 183.007009][ T6937] 00000020: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3 .sH./.A..&.:g... [ 183.007025][ T6937] 00000030: 00 00 00 00 b2 4a d0 a1 00 00 00 0d 00 00 00 03 .....J.......... [ 183.007041][ T6937] 00000040: 00 00 00 39 00 00 3f c7 00 00 00 00 00 00 00 00 ...9..?......... [ 183.007056][ T6937] 00000050: 00 00 00 00 00 00 00 00 00 00 00 3f 00 00 00 00 ...........?.... [ 183.007072][ T6937] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 183.007087][ T6937] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 183.007347][ T6937] XFS (loop4): metadata I/O error in "xfs_btree_read_buf_block+0x2b0/0x490" at daddr 0x6 len 2 error 74 [ 183.010299][ T6937] XFS (loop4): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x518/0x8f0 (fs/xfs/xfs_trans_buf.c:311). Shutting down filesystem. [ 183.010351][ T6937] XFS (loop4): Please unmount the filesystem and rectify the problem(s) [ 183.444908][ T5614] XFS (loop4): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 185.187573][ T6970] macvlan2: entered promiscuous mode [ 185.187605][ T6970] bridge0: entered promiscuous mode [ 185.650395][ T6911] syz.1.432 (6911) used greatest stack depth: 18936 bytes left [ 186.237466][ T6989] loop1: detected capacity change from 0 to 1024 [ 186.735643][ T6992] loop2: detected capacity change from 0 to 40427 [ 186.791715][ T6992] F2FS-fs (loop2): invalid crc value [ 186.891981][ T6989] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0102] [ 186.892114][ T6989] System zones: 0-1, 3-12 [ 186.942295][ T6992] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 186.972980][ T6992] F2FS-fs (loop2): Start checkpoint disabled! [ 187.005205][ T6992] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 187.007428][ T6992] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 187.136920][ T6989] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 187.180594][ T6989] EXT4-fs error (device loop1): ext4_search_dir:1474: inode #12: block 7: comm syz.1.463: bad entry in directory: inode out of bounds - offset=0, inode=150994957, rec_len=16, size=56 fake=0 [ 187.557910][ T5617] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.092577][ T7013] loop2: detected capacity change from 0 to 32768 [ 188.321454][ T7013] JBD2: Ignoring recovery information on journal [ 188.452163][ T7020] netlink: 28 bytes leftover after parsing attributes in process `syz.0.474'. [ 188.478270][ T7013] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 189.983697][ T7035] loop0: detected capacity change from 0 to 4096 [ 190.042106][ T61] Bluetooth: hci0: adv larger than maximum supported [ 190.042129][ T61] Bluetooth: hci0: Malformed LE Event: 0x0d [ 190.351954][ T7035] ntfs3(loop0): ino=18, mi_enum_attr [ 190.351987][ T7035] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 191.070868][ T7051] loop1: detected capacity change from 0 to 1024 [ 191.412900][ T5624] ocfs2: Unmounting device (7,2) on (node local) [ 191.504240][ T7035] ntfs3(loop0): ino=9, attr_set_size_ex [ 191.572727][ T7051] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. mounting read-only. [ 192.331923][ T7063] Bluetooth: MGMT ver 1.23 [ 194.012773][ T7110] netlink: 12 bytes leftover after parsing attributes in process `syz.2.508'. [ 194.184095][ T7114] loop4: detected capacity change from 0 to 512 [ 194.207134][ T7114] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 194.232985][ T7114] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 194.243064][ T7114] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 194.243177][ T7114] System zones: 0-2, 18-18, 34-35 [ 194.283837][ T7114] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 194.384342][ T7124] program syz.3.514 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 194.435844][ T1337] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.435962][ T1337] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.473464][ T7114] netlink: 340 bytes leftover after parsing attributes in process `syz.4.511'. [ 194.615723][ T7118] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 353: padding at end of block bitmap is not set [ 194.761196][ T5614] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.207255][ T7139] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 195.257105][ T7139] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.530391][ T7139] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.611364][ T5600] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 195.796224][ T5600] usb 4-1: Using ep0 maxpacket: 16 [ 195.852364][ T5600] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 195.852398][ T5600] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 195.852420][ T5600] usb 4-1: Product: syz [ 195.852436][ T5600] usb 4-1: Manufacturer: syz [ 195.852451][ T5600] usb 4-1: SerialNumber: syz [ 195.914667][ T5600] usb 4-1: config 0 descriptor?? [ 196.258219][ T7140] loop3: detected capacity change from 0 to 1024 [ 198.154352][ T5600] usb 4-1: USB disconnect, device number 6 [ 198.234137][ T7176] syz.4.534 uses obsolete (PF_INET,SOCK_PACKET) [ 199.411129][ T7184] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 199.551563][ T7184] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.602392][ T7184] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.525085][ T7198] loop2: detected capacity change from 0 to 1024 [ 200.532253][ T7198] EXT4-fs: Ignoring removed mblk_io_submit option [ 200.594358][ T7198] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 200.598629][ T7198] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 200.658783][ T7198] EXT4-fs error (device loop2): ext4_ext_check_inode:521: inode #11: comm syz.2.542: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 200.658834][ T7198] loop2: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 200.659296][ T7198] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.542: couldn't read orphan inode 11 (err -117) [ 200.659336][ T7198] loop2: lost filesystem error report for type 5 error -117 [ 200.714829][ T7198] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.835247][ T7198] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.542: Invalid block bitmap block 0 in block_group 0 [ 200.930429][ T7198] __quota_error: 20 callbacks suppressed [ 200.930446][ T7198] Quota error (device loop2): write_blk: dquota write failed [ 200.930471][ T7198] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 200.932173][ T7198] EXT4-fs error (device loop2): ext4_acquire_dquot:7034: comm syz.2.542: Failed to acquire dquot type 0 [ 201.032922][ T7204] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.542: Invalid inode bitmap blk 137438953472 in block_group 0 [ 201.146339][ T3101] EXT4-fs error (device loop2): __ext4_get_inode_loc:4885: comm kworker/u8:15: Invalid inode table block 8589934593 in block_group 0 [ 201.250888][ T5624] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.702315][ T7218] use of bytesused == 0 is deprecated and will be removed in the future, [ 201.702452][ T7218] use the actual size instead. [ 202.562715][ T7235] batadv_slave_1: entered promiscuous mode [ 202.713510][ T7235] macsec1: entered promiscuous mode [ 202.727555][ T7235] macsec1: entered allmulticast mode [ 202.727578][ T7235] batadv_slave_1: entered allmulticast mode [ 202.916413][ T7235] batadv_slave_1: left allmulticast mode [ 202.916790][ T7235] batadv_slave_1: left promiscuous mode [ 203.195813][ T7247] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 203.196267][ T7247] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.197052][ T7247] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.405146][ T823] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 203.566067][ T7265] netlink: 'syz.2.569': attribute type 12 has an invalid length. [ 203.566088][ T7265] netlink: 'syz.2.569': attribute type 29 has an invalid length. [ 203.566102][ T7265] netlink: 148 bytes leftover after parsing attributes in process `syz.2.569'. [ 203.566141][ T7265] netlink: 'syz.2.569': attribute type 2 has an invalid length. [ 203.566154][ T7265] netlink: 'syz.2.569': attribute type 3 has an invalid length. [ 203.566166][ T7265] netlink: 19 bytes leftover after parsing attributes in process `syz.2.569'. [ 203.633198][ T823] usb 1-1: Using ep0 maxpacket: 16 [ 203.642976][ T823] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 203.643013][ T823] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 203.766894][ T823] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 203.766927][ T823] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 203.766950][ T823] usb 1-1: Product: syz [ 203.766960][ T823] usb 1-1: Manufacturer: syz [ 203.766971][ T823] usb 1-1: SerialNumber: syz [ 204.015819][ T823] usb 1-1: config 0 descriptor?? [ 204.041818][ T823] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 204.041855][ T823] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 204.642601][ T823] em28xx 1-1:0.0: chip ID is em2710 [ 204.850681][ T823] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 204.863515][ T823] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 204.863538][ T823] em28xx 1-1:0.0: No AC97 audio processor [ 204.942928][ T823] usb 1-1: USB disconnect, device number 6 [ 204.955075][ T823] em28xx 1-1:0.0: Disconnecting em28xx [ 204.996272][ T823] em28xx 1-1:0.0: Freeing device [ 205.180380][ T7286] block nbd1: Device being setup by another task [ 205.180894][ T7286] block nbd1: shutting down sockets [ 205.557380][ T7291] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 205.569425][ T7291] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.570379][ T7291] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.728362][ T7296] loop3: detected capacity change from 0 to 1024 [ 205.729485][ T7296] EXT4-fs: Ignoring removed mblk_io_submit option [ 205.789324][ T7296] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 205.789474][ T7296] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 205.842111][ T7296] EXT4-fs error (device loop3): ext4_ext_check_inode:521: inode #11: comm syz.3.579: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 205.842173][ T7296] loop3: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 205.842542][ T7296] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.579: couldn't read orphan inode 11 (err -117) [ 205.842576][ T7296] loop3: lost filesystem error report for type 5 error -117 [ 205.904006][ T7296] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 206.174962][ T7296] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.579: Invalid block bitmap block 0 in block_group 0 [ 206.175808][ T7296] Quota error (device loop3): write_blk: dquota write failed [ 206.175846][ T7296] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 206.176415][ T7296] EXT4-fs error (device loop3): ext4_acquire_dquot:7034: comm syz.3.579: Failed to acquire dquot type 0 [ 206.399209][ T7309] EXT4-fs error (device loop3): ext4_read_inode_bitmap:139: comm syz.3.579: Invalid inode bitmap blk 137438953472 in block_group 0 [ 206.619176][ T92] EXT4-fs error (device loop3): __ext4_get_inode_loc:4885: comm kworker/u8:5: Invalid inode table block 8589934593 in block_group 0 [ 206.648690][ T5616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.878408][ T5735] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 206.994949][ T37] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 207.026524][ T7333] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 207.055426][ T5735] usb 2-1: Using ep0 maxpacket: 32 [ 207.072482][ T5735] usb 2-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 207.072512][ T5735] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.110641][ T5735] usb 2-1: config 0 descriptor?? [ 207.138035][ T5735] gspca_main: sunplus-2.14.0 probing 041e:400b [ 207.217263][ T37] usb 3-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 207.217291][ T37] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 207.252158][ T37] usb 3-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 207.252249][ T37] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.252271][ T37] usb 3-1: Product: syz [ 207.252286][ T37] usb 3-1: Manufacturer: syz [ 207.252302][ T37] usb 3-1: SerialNumber: syz [ 207.385423][ T37] usb 3-1: config 0 descriptor?? [ 207.437644][ T37] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 207.976178][ T5735] gspca_sunplus: reg_w_riv err -71 [ 207.976265][ T5735] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 208.032750][ T5735] usb 2-1: USB disconnect, device number 5 [ 208.136791][ T37] usb 3-1: USB disconnect, device number 5 [ 209.133903][ T7365] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 209.269905][ T1491] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 209.272475][ T160] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 209.272522][ T160] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 209.272561][ T160] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 209.515452][ T7360] netdevsim netdevsim2 netdevsim0: IPsec offload requires 128 bit authentication [ 210.753781][ T7377] loop2: detected capacity change from 0 to 256 [ 212.570054][ T7404] loop0: detected capacity change from 0 to 1024 [ 215.254821][ T5600] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 215.412681][ T5600] usb 5-1: Using ep0 maxpacket: 32 [ 215.418355][ T5600] usb 5-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 215.418387][ T5600] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.418408][ T5600] usb 5-1: Product: syz [ 215.418424][ T5600] usb 5-1: Manufacturer: syz [ 215.418440][ T5600] usb 5-1: SerialNumber: syz [ 215.524954][ T5600] usb 5-1: config 0 descriptor?? [ 215.557055][ T5600] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 216.066544][ T7448] loop3: detected capacity change from 0 to 131072 [ 216.072245][ T7448] F2FS-fs (loop3): Test dummy encryption mode enabled [ 216.094810][ T7448] F2FS-fs (loop3): invalid crc value [ 216.269256][ T7448] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 216.281020][ T7448] F2FS-fs (loop3): Start checkpoint disabled! [ 216.320478][ T7448] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0 [ 216.323057][ T7448] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 216.408618][ T5600] gspca_ov534_9: reg_w failed -71 [ 216.584892][ T5598] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 216.707356][ T5600] gspca_ov534_9: Unknown sensor 0000 [ 216.707443][ T5600] ov534_9 5-1:0.0: probe with driver ov534_9 failed with error -22 [ 216.751039][ T5598] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 216.751075][ T5598] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 216.751120][ T5598] usb 1-1: New USB device found, idVendor=0408, idProduct=3001, bcdDevice= 0.00 [ 216.751144][ T5598] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.822063][ T5600] usb 5-1: USB disconnect, device number 6 [ 216.865772][ T5598] usb 1-1: config 0 descriptor?? [ 217.042870][ T4928] Bluetooth: hci1: command 0x206a tx timeout [ 217.042912][ T4928] Bluetooth: hci3: command 0x0406 tx timeout [ 217.423270][ T5598] hid-generic 0003:0408:3001.0006: unknown main item tag 0x0 [ 217.423315][ T5598] hid-generic 0003:0408:3001.0006: unknown main item tag 0x0 [ 217.423344][ T5598] hid-generic 0003:0408:3001.0006: unknown main item tag 0x0 [ 217.423371][ T5598] hid-generic 0003:0408:3001.0006: unknown main item tag 0x0 [ 217.423399][ T5598] hid-generic 0003:0408:3001.0006: unknown main item tag 0x0 [ 217.423434][ T5598] hid-generic 0003:0408:3001.0006: unknown main item tag 0x0 [ 217.423462][ T5598] hid-generic 0003:0408:3001.0006: unknown main item tag 0x0 [ 217.423490][ T5598] hid-generic 0003:0408:3001.0006: unknown main item tag 0x0 [ 217.423517][ T5598] hid-generic 0003:0408:3001.0006: unknown main item tag 0x0 [ 217.423545][ T5598] hid-generic 0003:0408:3001.0006: unknown main item tag 0x0 [ 217.661174][ T5598] hid-generic 0003:0408:3001.0006: hidraw0: USB HID v0.0b Device [HID 0408:3001] on usb-dummy_hcd.0-1/input0 [ 217.687237][ T5598] usb 1-1: USB disconnect, device number 7 [ 217.801904][ T7466] fido_id[7466]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 217.987137][ T61] Bluetooth: hci2: command 0x0406 tx timeout [ 218.255163][ T7475] netlink: 128 bytes leftover after parsing attributes in process `syz.4.648'. [ 218.400010][ T7478] loop4: detected capacity change from 0 to 164 [ 219.129676][ T7478] ISOFS: unable to read i-node block [ 219.129922][ T7478] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 220.061625][ T7504] loop0: detected capacity change from 0 to 8 [ 220.332965][ T7510] netlink: 12 bytes leftover after parsing attributes in process `syz.4.662'. [ 220.700552][ T7518] loop4: detected capacity change from 0 to 256 [ 220.701839][ T7518] exfat: Deprecated parameter 'utf8' [ 220.890975][ T7518] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 221.197152][ T5600] hid-generic 0000:0000:000E.0007: hidraw0: HID v0.00 Device [syz0] on syz0 [ 223.415170][ T7573] netlink: 40 bytes leftover after parsing attributes in process `syz.1.689'. [ 223.415434][ T7573] sch_fq: defrate 0 ignored. [ 224.035244][ T10] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 224.038099][ T5870] IPVS: starting estimator thread 0... [ 224.122761][ T7570] loop4: detected capacity change from 0 to 32768 [ 224.187262][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 224.202713][ T10] usb 1-1: unable to get BOS descriptor or descriptor too short [ 224.203530][ T7570] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.688 (7570) [ 224.220272][ T10] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 224.220314][ T10] usb 1-1: can't read configurations, error -71 [ 224.253840][ T7586] IPVS: using max 7 ests per chain, 16800 per kthread [ 224.573898][ T7570] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 224.573946][ T7570] BTRFS info (device loop4): using crc32c checksum algorithm [ 224.736609][ T7600] netlink: 4 bytes leftover after parsing attributes in process `syz.1.702'. [ 224.910894][ T7615] loop0: detected capacity change from 0 to 256 [ 225.436720][ T7615] FAT-fs (loop0): Directory bread(block 64) failed [ 225.436754][ T7615] FAT-fs (loop0): Directory bread(block 65) failed [ 225.436873][ T7615] FAT-fs (loop0): Directory bread(block 66) failed [ 225.436898][ T7615] FAT-fs (loop0): Directory bread(block 67) failed [ 225.437000][ T7615] FAT-fs (loop0): Directory bread(block 68) failed [ 225.437024][ T7615] FAT-fs (loop0): Directory bread(block 69) failed [ 225.437126][ T7615] FAT-fs (loop0): Directory bread(block 70) failed [ 225.437149][ T7615] FAT-fs (loop0): Directory bread(block 71) failed [ 225.437250][ T7615] FAT-fs (loop0): Directory bread(block 72) failed [ 225.437273][ T7615] FAT-fs (loop0): Directory bread(block 73) failed [ 225.690885][ T1470] BTRFS warning (device loop4): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 225.761886][ T7570] BTRFS error (device loop4): failed to load root extent [ 225.761954][ T7570] BTRFS warning (device loop4): try to load backup roots slot 1 [ 225.789587][ T1139] BTRFS warning (device loop4): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 225.789742][ T7570] BTRFS warning (device loop4): couldn't read tree root [ 225.789767][ T7570] BTRFS warning (device loop4): try to load backup roots slot 2 [ 225.790083][ T1139] BTRFS error (device loop4): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 225.794982][ T7570] BTRFS warning (device loop4): couldn't read tree root [ 225.795078][ T7570] BTRFS warning (device loop4): try to load backup roots slot 3 [ 226.103411][ T38] audit: type=1800 audit(1777999653.685:44): pid=7615 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.704" name=B4 dev="loop0" ino=1048609 res=0 errno=0 [ 226.323833][ T7570] BTRFS info (device loop4): checking UUID tree [ 226.324187][ T7570] BTRFS error (device loop4): failed to check the UUID tree: -4 [ 227.248503][ T7570] BTRFS error (device loop4): open_ctree failed: -4 [ 228.069175][ T7626] loop0: detected capacity change from 0 to 40427 [ 228.230215][ T10] hid-generic 0005:15C2:0003.0008: item fetching failed at offset 3/6 [ 228.230918][ T10] hid-generic 0005:15C2:0003.0008: probe with driver hid-generic failed with error -22 [ 228.469108][ T7626] F2FS-fs (loop0): build fault injection rate: 174 [ 228.469134][ T7626] F2FS-fs (loop0): build fault injection type: 0x3bfe8c [ 228.644841][ T7626] F2FS-fs (loop0): invalid crc value [ 229.838525][ T7626] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 230.106876][ T7681] program syz.2.728 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 230.329481][ T5727] kernel write not supported for file /input/event0 (pid: 5727 comm: kworker/0:4) [ 231.614885][ T5735] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 231.814887][ T5735] usb 5-1: Using ep0 maxpacket: 32 [ 231.842155][ T5735] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 231.842181][ T5735] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 231.842211][ T5735] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 231.842228][ T5735] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.892514][ T5735] usb 5-1: config 0 descriptor?? [ 231.967866][ T5735] hub 5-1:0.0: USB hub found [ 232.045754][ T7712] 9p: Unknown access argument ;: -22 [ 232.124519][ T5735] hub 5-1:0.0: config failed, can't read hub descriptor (err -90) [ 232.331293][ T5735] usbhid 5-1:0.0: can't add hid device: -71 [ 232.331423][ T5735] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 232.404076][ T7722] batadv0: entered allmulticast mode [ 232.448125][ T7717] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 232.523176][ T5735] usb 5-1: USB disconnect, device number 7 [ 232.632710][ T7720] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 233.347863][ T10] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 233.498141][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 233.509438][ T10] usb 5-1: config 0 has an invalid interface number: 85 but max is 0 [ 233.509467][ T10] usb 5-1: config 0 has no interface number 0 [ 233.509514][ T10] usb 5-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 233.509543][ T10] usb 5-1: config 0 interface 85 has no altsetting 0 [ 233.556390][ T10] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 233.556422][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.556443][ T10] usb 5-1: Product: syz [ 233.556459][ T10] usb 5-1: Manufacturer: syz [ 233.556475][ T10] usb 5-1: SerialNumber: syz [ 233.602433][ T7754] netlink: 48 bytes leftover after parsing attributes in process `syz.1.761'. [ 233.613838][ T10] usb 5-1: config 0 descriptor?? [ 233.690405][ T5735] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 233.690739][ T7756] program syz.3.762 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 233.916794][ T5735] usb 3-1: config 171 has an invalid interface number: 109 but max is 0 [ 233.916826][ T5735] usb 3-1: config 171 has an invalid descriptor of length 0, skipping remainder of the config [ 233.916847][ T5735] usb 3-1: config 171 has no interface number 0 [ 233.916894][ T5735] usb 3-1: config 171 interface 109 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1023 [ 233.916921][ T5735] usb 3-1: config 171 interface 109 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 12 [ 233.997962][ T5735] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=fd.2e [ 233.998014][ T5735] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.998036][ T5735] usb 3-1: Product: syz [ 233.998052][ T5735] usb 3-1: Manufacturer: syz [ 233.998068][ T5735] usb 3-1: SerialNumber: syz [ 234.084304][ T7751] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 234.134428][ T7760] loop3: detected capacity change from 0 to 64 [ 234.248311][ T10] appletouch 5-1:0.85: Geyser mode initialized. [ 234.373552][ T10] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.85/input/input8 [ 234.789982][ T7760] hfs: filesystem was not cleanly unmounted, running fsck.hfs is recommended. leaving read-only. [ 234.947117][ C0] appletouch 5-1:0.85: atp_complete: usb_submit_urb failed with result -1 [ 234.949001][ T5735] ath6kl: Failed to submit usb control message: -71 [ 234.949059][ T5735] ath6kl: unable to send the bmi data to the device: -71 [ 234.949073][ T5735] ath6kl: Unable to send get target info: -71 [ 235.052546][ T5735] ath6kl: Failed to init ath6kl core: -71 [ 235.079196][ T5735] ath6kl_usb 3-1:171.109: probe with driver ath6kl_usb failed with error -71 [ 235.509140][ T5735] usb 3-1: USB disconnect, device number 6 [ 235.528858][ T10] usb 5-1: USB disconnect, device number 8 [ 236.191308][ T7780] loop3: detected capacity change from 0 to 1024 [ 236.596477][ T7786] netlink: 16 bytes leftover after parsing attributes in process `syz.4.772'. [ 236.621539][ T38] audit: type=1800 audit(1777999664.235:45): pid=7780 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.771" name="file1" dev="loop3" ino=20 res=0 errno=0 [ 236.678387][ T5627] Bluetooth: hci3: unexpected subevent 0x1a length: 10 > 6 [ 236.927540][ T10] appletouch 5-1:0.85: input: appletouch disconnected [ 237.152843][ T7793] ptrace attach of "ci-upstream-linux-next-kasan-gce-root/syz-executor exec"[5624] was attempted by ""[7793] [ 237.203301][ T7796] loop4: detected capacity change from 0 to 512 [ 237.204402][ T7796] EXT4-fs: Ignoring removed orlov option [ 237.222385][ T7796] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 237.393587][ T7785] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 237.568087][ T7796] EXT4-fs (loop4): 1 truncate cleaned up [ 237.574090][ T7796] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 238.057707][ T5614] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 238.690519][ T7826] capability: warning: `syz.2.789' uses deprecated v2 capabilities in a way that may be insecure [ 238.706214][ T61] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 238.706266][ T61] Bluetooth: hci3: command 0x0406 tx timeout [ 239.072115][ T7803] loop3: detected capacity change from 0 to 32768 [ 239.180577][ T7803] XFS (loop3): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 239.594094][ T7803] XFS (loop3): Ending clean mount [ 239.778059][ T5616] XFS (loop3): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 240.920999][ T7834] loop2: detected capacity change from 0 to 32768 [ 241.424801][ T5627] Bluetooth: hci3: command 0x0406 tx timeout [ 241.595046][ T7834] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 242.469687][ T5624] ocfs2: Unmounting device (7,2) on (node local) [ 243.273374][ T7904] loop2: detected capacity change from 0 to 128 [ 243.333905][ T7906] program syz.1.819 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 243.576366][ T7904] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 243.661598][ T7904] ext4 filesystem being mounted at /179/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 243.722060][ T7917] loop9: detected capacity change from 0 to 524287935 [ 244.081066][ T5624] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 246.355031][ T5598] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 246.514794][ T5598] usb 1-1: Using ep0 maxpacket: 16 [ 246.517496][ T5598] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 246.517564][ T5598] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 246.517594][ T5598] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 246.517616][ T5598] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 246.517640][ T5598] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 246.519573][ T5598] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 246.519602][ T5598] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 246.519623][ T5598] usb 1-1: Manufacturer: syz [ 246.623973][ T5598] usb 1-1: config 0 descriptor?? [ 246.954805][ T5598] rc_core: IR keymap rc-hauppauge not found [ 246.954826][ T5598] Registered IR keymap rc-empty [ 246.955605][ T5598] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 246.977079][ T5598] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 247.112548][ T5598] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 247.132599][ T5598] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input9 [ 247.304046][ T7973] loop3: detected capacity change from 0 to 32768 [ 247.813411][ T7973] find_entry called with index >= next_index [ 247.813428][ T7973] find_entry called with index >= next_index [ 247.813436][ T7973] find_entry called with index >= next_index [ 247.813445][ T7973] find_entry called with index >= next_index [ 247.813453][ T7973] find_entry called with index >= next_index [ 247.813464][ T7973] add_index: next_index = 0. Resetting! [ 247.813483][ T7973] find_entry called with index >= next_index [ 247.813491][ T7973] find_entry called with index >= next_index [ 247.813499][ T7973] find_entry called with index >= next_index [ 248.331031][ T5598] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 248.366722][ T7992] loop4: detected capacity change from 0 to 131072 [ 248.380926][ T7992] F2FS-fs (loop4): invalid crc value [ 248.449175][ T5598] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 248.473174][ T5598] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 248.503979][ T5598] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 248.515075][ T5598] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 248.539717][ T5598] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 248.561716][ T5598] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 248.572682][ T7992] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 248.581644][ T5598] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 248.605206][ T5598] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 248.607039][ T7992] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 248.625004][ T5598] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 248.772141][ T5598] mceusb 1-1:0.0: Registered with mce emulator interface version 1 [ 248.772167][ T5598] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 248.820278][ T5598] usb 1-1: USB disconnect, device number 10 [ 250.309633][ T8030] loop2: detected capacity change from 0 to 256 [ 250.423983][ T8032] netlink: 8 bytes leftover after parsing attributes in process `syz.3.858'. [ 250.889902][ T8045] loop2: detected capacity change from 0 to 64 [ 250.916571][ T8045] BFS-fs: bfs_fill_super(): loop2 is unclean, continuing [ 251.158117][ T8050] netlink: 168 bytes leftover after parsing attributes in process `syz.3.878'. [ 251.888253][ T8063] overlayfs: upper fs does not support tmpfile. [ 252.356564][ T8078] netlink: 'syz.3.892': attribute type 12 has an invalid length. [ 252.356587][ T8078] netlink: 'syz.3.892': attribute type 29 has an invalid length. [ 252.356602][ T8078] netlink: 148 bytes leftover after parsing attributes in process `syz.3.892'. [ 252.754859][ T8091] loop4: detected capacity change from 0 to 16 [ 253.224247][ T8091] erofs (device loop4): mounted with root inode @ nid 36. [ 253.445068][ T8105] loop2: detected capacity change from 0 to 512 [ 253.488921][ T8105] EXT4-fs (loop2): Test dummy encryption mode enabled [ 253.488945][ T8105] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 253.568161][ T8105] EXT4-fs error (device loop2): ext4_orphan_get:1423: comm syz.2.902: bad orphan inode 131083 [ 253.568196][ T8105] loop2: lost filesystem error report for type 5 error -117 [ 253.585389][ T8105] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 253.684878][ T10] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 253.876623][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 253.887351][ T10] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 253.887382][ T10] usb 1-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 253.887407][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 253.892587][ T10] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 253.892619][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.892641][ T10] usb 1-1: Product: syz [ 253.892657][ T10] usb 1-1: Manufacturer: syz [ 253.892672][ T10] usb 1-1: SerialNumber: syz [ 254.017779][ T10] usb 1-1: config 0 descriptor?? [ 254.444504][ T10] gs_usb 1-1:0.0: Configuring for 5 interfaces [ 254.465675][ T5624] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 254.594935][ T37] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 254.639832][ T8098] loop3: detected capacity change from 0 to 32768 [ 254.747196][ T37] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 254.747221][ T37] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 254.747240][ T37] usb 5-1: config 1 has no interface number 0 [ 254.747277][ T37] usb 5-1: config 1 interface 2 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 254.747303][ T37] usb 5-1: Duplicate descriptor for config 1 interface 2 altsetting 0, skipping [ 254.747321][ T37] usb 5-1: config 1 interface 2 has no altsetting 1 [ 254.750413][ T37] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 254.750443][ T37] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 254.750462][ T37] usb 5-1: Product: syz [ 254.750477][ T37] usb 5-1: Manufacturer: syz [ 254.750492][ T37] usb 5-1: SerialNumber: syz [ 254.917158][ T5727] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 254.982598][ T10] gs_usb 1-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 255.012230][ T8098] ERROR: (device loop3): xtSearch: xt_getpage: xtree page corrupt [ 255.012230][ T8098] [ 255.044097][ T10] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -22 [ 255.069567][ T5727] usb 2-1: Using ep0 maxpacket: 16 [ 255.070396][ T37] usb 5-1: USB disconnect, device number 9 [ 255.073109][ T5727] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 255.073135][ T5727] usb 2-1: config 0 has no interface number 0 [ 255.073182][ T5727] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 255.073210][ T5727] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 255.073249][ T5727] usb 2-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 255.073272][ T5727] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.160596][ T8098] ERROR: (device loop3): remounting filesystem as read-only [ 255.160611][ T8098] xtLookup: xtSearch returned -5 [ 255.160620][ T8098] free_index: error reading directory table [ 255.160627][ T8098] ERROR: (device loop3): xtSearch: xt_getpage: xtree page corrupt [ 255.160627][ T8098] [ 255.160646][ T8098] xtLookup: xtSearch returned -5 [ 255.160652][ T8098] free_index: error reading directory table [ 255.160657][ T8098] ERROR: (device loop3): xtSearch: xt_getpage: xtree page corrupt [ 255.160657][ T8098] [ 255.160672][ T8098] xtLookup: xtSearch returned -5 [ 255.160678][ T8098] free_index: error reading directory table [ 255.160683][ T8098] ERROR: (device loop3): xtSearch: xt_getpage: xtree page corrupt [ 255.160683][ T8098] [ 255.160697][ T8098] xtLookup: xtSearch returned -5 [ 255.160703][ T8098] free_index: error reading directory table [ 255.160708][ T8098] ERROR: (device loop3): xtSearch: xt_getpage: xtree page corrupt [ 255.160708][ T8098] [ 255.160727][ T8098] xtLookup: xtSearch returned -5 [ 255.160733][ T8098] free_index: error reading directory table [ 255.160740][ T8098] ERROR: (device loop3): xtSearch: xt_getpage: xtree page corrupt [ 255.160740][ T8098] [ 255.160753][ T8098] xtLookup: xtSearch returned -5 [ 255.160759][ T8098] add_index: get/read_metapage failed! [ 255.160770][ T8098] ERROR: (device loop3): xtSearch: xt_getpage: xtree page corrupt [ 255.160770][ T8098] [ 255.160784][ T8098] xtLookup: xtSearch returned -5 [ 255.160790][ T8098] free_index: error reading directory table [ 255.160795][ T8098] ERROR: (device loop3): xtSearch: xt_getpage: xtree page corrupt [ 255.160795][ T8098] [ 255.160809][ T8098] xtLookup: xtSearch returned -5 [ 255.160815][ T8098] free_index: error reading directory table [ 255.160820][ T8098] ERROR: (device loop3): xtSearch: xt_getpage: xtree page corrupt [ 255.160820][ T8098] [ 255.160834][ T8098] xtLookup: xtSearch returned -5 [ 255.160839][ T8098] free_index: error reading directory table [ 255.409926][ T5727] usb 2-1: config 0 descriptor?? [ 255.414172][ T10] usb 1-1: USB disconnect, device number 11 [ 255.532174][ T8125] netlink: 4 bytes leftover after parsing attributes in process `syz.0.910'. [ 255.562720][ T8125] netlink: 4 bytes leftover after parsing attributes in process `syz.0.910'. [ 255.830065][ T1337] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.830159][ T1337] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.002165][ T5600] kernel write not supported for file /398/uid_map (pid: 5600 comm: kworker/1:3) [ 256.035285][ T8098] Bad maxslot:0 in dtpage (expected 128) [ 256.035285][ T8098] [ 256.059996][ T8098] ERROR: (device loop3): dtSearch: DT_GETPAGE: dtree page corrupt [ 256.059996][ T8098] [ 256.060100][ T8098] ERROR: (device loop3): remounting filesystem as read-only [ 256.060199][ T8098] jfs_lookup: dtSearch returned -5 [ 256.227849][ T5727] uclogic 0003:28BD:0071.0009: pen parameters not found [ 256.227887][ T5727] uclogic 0003:28BD:0071.0009: interface is invalid, ignoring [ 256.294345][ T5727] usb 2-1: USB disconnect, device number 6 [ 256.371262][ T8130] loop2: detected capacity change from 0 to 1024 [ 256.472832][ T8130] hfsplus: failed to load extents file [ 256.693873][ T8145] tap0: tun_chr_ioctl cmd 1074812118 [ 258.795117][ T8212] netlink: 16 bytes leftover after parsing attributes in process `syz.0.946'. [ 258.890190][ T8216] loop2: detected capacity change from 0 to 512 [ 259.019792][ T8216] EXT4-fs (loop2): orphan cleanup on readonly fs [ 259.081695][ T8216] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.947: couldn't read orphan inode 26 (err -116) [ 259.081732][ T8216] loop2: lost filesystem error report for type 5 error -116 [ 259.085900][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 259.085924][ C0] EXT4-fs (loop2): initial error at time 1777999686: ext4_orphan_get:1402 [ 259.086015][ C0] EXT4-fs (loop2): last error at time 1777999686: ext4_orphan_get:1402 [ 259.090504][ T8216] EXT4-fs (loop2): Remounting filesystem read-only [ 259.122164][ T8221] netlink: 'syz.4.950': attribute type 2 has an invalid length. [ 259.215884][ T8216] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 259.243843][ T8216] EXT4-fs (loop2): shut down requested (1) [ 259.404302][ T5624] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 260.384939][ T5727] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 260.553849][ T5727] usb 5-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 260.553882][ T5727] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.619183][ T5727] usb 5-1: config 0 descriptor?? [ 260.653967][ T5727] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 260.942115][ T5727] gp8psk: usb in 128 operation failed. [ 261.150258][ T5727] gp8psk: FW Version = 213.134.247 (0xd586f7) Build 2250/212/241 [ 261.355852][ T5727] gp8psk: usb in 149 operation failed. [ 261.355872][ T5727] gp8psk: failed to get FPGA version [ 261.375358][ T5727] gp8psk: usb in 138 operation failed. [ 261.375396][ T5727] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 261.375440][ T5727] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 261.511895][ T5727] usb 5-1: USB disconnect, device number 10 [ 262.102932][ T8277] loop0: detected capacity change from 0 to 128 [ 262.204349][ T8277] EXT4-fs (loop0): Test dummy encryption mode enabled [ 262.272991][ T8277] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a806c018, mo2=0042] [ 262.273114][ T8277] System zones: 1-3, 19-19, 35-36 [ 262.301325][ T8277] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 262.301781][ T8277] ext4 filesystem being mounted at /184/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 262.342804][ T8277] overlayfs: only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed. [ 262.441238][ T8284] netlink: 16 bytes leftover after parsing attributes in process `syz.4.976'. [ 262.441507][ T8284] netlink: 16 bytes leftover after parsing attributes in process `syz.4.976'. [ 262.526115][ T5615] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 263.226102][ T8310] loop0: detected capacity change from 0 to 128 [ 263.410549][ T8310] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 263.410803][ T8310] hpfs: filesystem error: improperly stopped [ 263.410821][ T8310] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 263.410836][ T8310] hpfs: You really don't want any checks? You are crazy... [ 263.414437][ T8310] hpfs: hpfs_map_sector(): read error [ 263.414452][ T8310] hpfs: code page support is disabled [ 263.594975][ T8310] hpfs: hpfs_map_4sectors(): unaligned read [ 263.604110][ T8310] hpfs: hpfs_map_4sectors(): unaligned read [ 263.604133][ T8310] hpfs: filesystem error: unable to find root dir [ 263.652050][ T8310] hpfs: hpfs_map_4sectors(): unaligned read [ 263.660651][ T8310] hpfs: hpfs_map_sector(): read error [ 264.040027][ T8327] netlink: 64 bytes leftover after parsing attributes in process `syz.1.995'. [ 264.281660][ T8333] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 264.281819][ T8333] syzkaller0: linktype set to 774 [ 264.621690][ T8348] loop4: detected capacity change from 0 to 512 [ 264.684290][ T8348] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 265.064853][ T9] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 265.172848][ T5614] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 265.230627][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 265.233965][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 265.234001][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 265.234017][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 265.234047][ T9] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 265.234063][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.352752][ T9] usb 1-1: config 0 descriptor?? [ 265.675817][ T8373] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1014'. [ 265.675850][ T8373] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1014'. [ 265.809760][ T9] hid_parser_main: 27 callbacks suppressed [ 265.809793][ T9] microsoft 0003:045E:07DA.000A: unknown main item tag 0x0 [ 265.951098][ T5627] Bluetooth: hci3: unexpected event for opcode 0x0000 [ 266.090391][ T9] microsoft 0003:045E:07DA.000A: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 266.090425][ T9] microsoft 0003:045E:07DA.000A: no inputs found [ 266.090439][ T9] microsoft 0003:045E:07DA.000A: could not initialize ff, continuing anyway [ 266.151570][ T5627] Bluetooth: hci4: unexpected event for opcode 0x204e [ 266.189129][ T9] usb 1-1: USB disconnect, device number 12 [ 266.382172][ T8388] fido_id[8388]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 266.985146][ T5735] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 267.157254][ T5735] usb 1-1: Using ep0 maxpacket: 16 [ 267.159863][ T5735] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 267.159900][ T5735] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 267.159938][ T5735] usb 1-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 267.159960][ T5735] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.218218][ T5735] usb 1-1: config 0 descriptor?? [ 267.525027][ T8413] loop6: detected capacity change from 0 to 7 [ 267.677820][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 267.677991][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.680291][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 267.680390][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 267.680414][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.680739][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 267.680760][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.681014][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 267.681036][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.805162][ T5735] samsung 0003:0419:0600.000B: unknown main item tag 0x0 [ 267.805201][ T5735] samsung 0003:0419:0600.000B: unknown main item tag 0x0 [ 267.805229][ T5735] samsung 0003:0419:0600.000B: unknown main item tag 0x0 [ 267.805256][ T5735] samsung 0003:0419:0600.000B: unknown main item tag 0x0 [ 267.805283][ T5735] samsung 0003:0419:0600.000B: unknown main item tag 0x0 [ 267.805310][ T5735] samsung 0003:0419:0600.000B: unknown main item tag 0x0 [ 267.805334][ T5735] samsung 0003:0419:0600.000B: unexpected long global item [ 267.806176][ T5735] samsung 0003:0419:0600.000B: parse failed [ 267.806248][ T5735] samsung 0003:0419:0600.000B: probe with driver samsung failed with error -22 [ 267.929970][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 267.930005][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.930902][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 267.931031][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.931648][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 267.931676][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.931759][ T8413] ldm_validate_partition_table(): Disk read failed. [ 267.931868][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 267.931892][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.932099][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 267.932120][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.932331][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.936521][ T8413] Dev loop6: unable to read RDB block 0 [ 268.091233][ T8413] loop6: unable to read partition table [ 268.091454][ T8413] loop6: partition table beyond EOD, truncated [ 268.091484][ T8413] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 268.292393][ T8422] loop4: detected capacity change from 0 to 256 [ 268.427738][ T5735] usb 1-1: USB disconnect, device number 13 [ 268.587925][ T8422] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x9059ffb0, utbl_chksum : 0xe619d30d) [ 269.552350][ T8452] loop2: detected capacity change from 0 to 2048 [ 269.570603][ T8455] loop0: detected capacity change from 0 to 512 [ 269.741651][ T8452] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 269.771696][ T8455] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 222 vs 220 free clusters [ 269.783912][ C1] EXT4-fs (loop0): initial error at time 1777999703: ext4_mb_generate_buddy:1317 [ 269.783935][ C1] EXT4-fs (loop0): last error at time 1777999703: ext4_mb_generate_buddy:1317 [ 269.826929][ T8455] EXT4-fs (loop0): Remounting filesystem read-only [ 269.827179][ T8455] EXT4-fs warning (device loop0): ext4_evict_inode:270: couldn't mark inode dirty (err -30) [ 269.827266][ T8455] EXT4-fs (loop0): 1 orphan inode deleted [ 269.830606][ T8455] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 269.890489][ T8452] EXT4-fs (loop2): shut down requested (2) [ 270.003213][ T5627] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 270.003401][ T5627] Bluetooth: hci3: Injecting HCI hardware error event [ 270.004973][ T5615] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 270.057644][ T5627] Bluetooth: hci3: hardware error 0x00 [ 270.112940][ T5624] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 271.330458][ T8495] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 272.094498][ T5623] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 272.162008][ T5623] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 272.173051][ T5623] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 272.217277][ T5623] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 272.218399][ T5623] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 272.310219][ T5627] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 272.575837][ T5598] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 272.759620][ T5598] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 272.759656][ T5598] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 272.759695][ T5598] usb 3-1: New USB device found, idVendor=18d1, idProduct=9400, bcdDevice= 0.ba [ 272.759720][ T5598] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 272.818575][ T5598] usb 3-1: config 0 descriptor?? [ 273.277184][ T5598] stadia 0003:18D1:9400.000C: unbalanced delimiter at end of report description [ 273.279484][ T5598] stadia 0003:18D1:9400.000C: parse failed [ 273.279548][ T5598] stadia 0003:18D1:9400.000C: probe with driver stadia failed with error -22 [ 273.355373][ T823] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 273.384421][ T8534] loop0: detected capacity change from 0 to 64 [ 273.505711][ T37] usb 3-1: USB disconnect, device number 7 [ 273.544771][ T823] usb 2-1: Using ep0 maxpacket: 16 [ 273.547169][ T823] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 273.547203][ T823] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 273.593814][ T823] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 273.593837][ T823] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.593852][ T823] usb 2-1: Product: syz [ 273.593863][ T823] usb 2-1: Manufacturer: syz [ 273.593874][ T823] usb 2-1: SerialNumber: syz [ 273.649717][ T823] usb 2-1: config 0 descriptor?? [ 273.789568][ T823] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 273.789606][ T823] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 274.023206][ T8542] loop4: detected capacity change from 0 to 512 [ 274.146499][ T8542] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz.4.1079: iget: bad i_size value: 38620345925642 [ 274.146536][ T8542] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 274.177517][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 274.177542][ C1] EXT4-fs (loop4): initial error at time 1777999707: ext4_orphan_get:1397: inode 15 [ 274.177574][ C1] EXT4-fs (loop4): last error at time 1777999707: ext4_orphan_get:1397: inode 15 [ 274.188221][ T8542] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.1079: couldn't read orphan inode 15 (err -117) [ 274.188257][ T8542] loop4: lost filesystem error report for type 5 error -117 [ 274.204625][ T8542] EXT4-fs (loop4): mounted filesystem 00000000-0000-00a1-0000-000000000000 r/w without journal. Quota mode: writeback. [ 274.311049][ T823] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 274.466873][ T61] Bluetooth: hci5: command tx timeout [ 274.523338][ T823] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 274.524213][ T823] em28xx 2-1:0.0: AC97 chip type couldn't be determined [ 274.524233][ T823] em28xx 2-1:0.0: No AC97 audio processor [ 274.609640][ T823] usb 2-1: USB disconnect, device number 7 [ 274.654604][ T823] em28xx 2-1:0.0: Disconnecting em28xx [ 274.721623][ T5614] EXT4-fs (loop4): unmounting filesystem 00000000-0000-00a1-0000-000000000000. [ 274.951454][ T823] em28xx 2-1:0.0: Freeing device [ 274.976998][ T8548] block nbd2: Device being setup by another task [ 274.978302][ T8546] block nbd2: shutting down sockets [ 274.979244][ T8534] MINIX-fs: mounting file system with errors, running fsck is recommended [ 275.173807][ T8550] netem: change failed [ 275.496678][ T823] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 275.678204][ T823] usb 3-1: Using ep0 maxpacket: 32 [ 275.681080][ T823] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 275.681108][ T823] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 275.748008][ T823] usb 3-1: config 0 descriptor?? [ 275.788280][ T823] gspca_main: sunplus-2.14.0 probing 041e:400b [ 276.264736][ T8509] bridge0: port 1(bridge_slave_0) entered blocking state [ 276.267675][ T8509] bridge0: port 1(bridge_slave_0) entered disabled state [ 276.268302][ T8509] bridge_slave_0: entered allmulticast mode [ 276.288810][ T8509] bridge_slave_0: entered promiscuous mode [ 276.349291][ T8509] bridge0: port 2(bridge_slave_1) entered blocking state [ 276.349670][ T8509] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.350043][ T8509] bridge_slave_1: entered allmulticast mode [ 276.440775][ T8509] bridge_slave_1: entered promiscuous mode [ 276.545936][ T61] Bluetooth: hci5: command tx timeout [ 276.653728][ T8509] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 276.673990][ T8509] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 276.703868][ T823] gspca_sunplus: reg_w_riv err -71 [ 276.703968][ T823] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 276.721159][ T823] usb 3-1: USB disconnect, device number 8 [ 276.957785][ T8509] team0: Port device team_slave_0 added [ 277.031989][ T8509] team0: Port device team_slave_1 added [ 277.180830][ T8509] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 277.180849][ T8509] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 277.180880][ T8509] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 277.243894][ T8509] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 277.243913][ T8509] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 277.243946][ T8509] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 277.708346][ T8591] UBIFS error (pid: 8591): cannot open "c:::", error -22 [ 277.835055][ T8598] loop2: detected capacity change from 0 to 256 [ 278.093705][ T8606] loop4: detected capacity change from 0 to 256 [ 278.192972][ T8509] hsr_slave_0: entered promiscuous mode [ 278.203629][ T8509] hsr_slave_1: entered promiscuous mode [ 278.248067][ T8606] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 278.255525][ T8509] debugfs: 'hsr0' already exists in 'hsr' [ 278.255604][ T8509] Cannot create hsr debugfs directory [ 278.625041][ T61] Bluetooth: hci5: command tx timeout [ 280.705012][ T61] Bluetooth: hci5: command tx timeout [ 280.811223][ T8663] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 280.812642][ T8663] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 281.067568][ T8669] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1129'. [ 281.547787][ T8673] loop2: detected capacity change from 0 to 32768 [ 282.411691][ T8509] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 282.439950][ T61] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 282.610973][ T8509] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 282.641370][ T8509] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 282.711163][ T8692] loop0: detected capacity change from 0 to 16 [ 282.750636][ T8509] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 282.823917][ T8509] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 283.039633][ T8692] erofs (device loop0): EXPERIMENTAL EROFS subpage compressed block support in use. Use at your own risk! [ 283.040026][ T8692] erofs (device loop0): mounted with root inode @ nid 36. [ 283.072899][ T8509] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 283.100693][ T8509] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 283.306990][ T8692] syz.0.1139: attempt to access beyond end of device [ 283.306990][ T8692] loop0: rw=0, sector=0, nr_sectors = 1025 limit=16 [ 283.377314][ T8692] erofs (device loop0): read error -5 @ 0 of nid 36 [ 283.411889][ T8509] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 283.651392][ T8718] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1146'. [ 283.845336][ T8724] loop2: detected capacity change from 0 to 512 [ 283.900815][ T8724] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz.2.1150: iget: bad i_size value: 38620345925642 [ 283.900853][ T8724] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 283.915217][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 283.915245][ C1] EXT4-fs (loop2): initial error at time 1777999717: ext4_orphan_get:1397: inode 15 [ 283.915277][ C1] EXT4-fs (loop2): last error at time 1777999717: ext4_orphan_get:1397: inode 15 [ 283.958721][ T8724] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.1150: couldn't read orphan inode 15 (err -117) [ 283.958759][ T8724] loop2: lost filesystem error report for type 5 error -117 [ 284.009255][ T8724] EXT4-fs (loop2): mounted filesystem 00000000-0000-00a1-0000-000000000000 r/w without journal. Quota mode: writeback. [ 284.113816][ T38] audit: type=1800 audit(1777999717.726:46): pid=8724 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1150" name="file1" dev="loop2" ino=18 res=0 errno=0 [ 284.253605][ T5624] EXT4-fs (loop2): unmounting filesystem 00000000-0000-00a1-0000-000000000000. [ 284.573055][ T8735] loop2: detected capacity change from 0 to 256 [ 284.628360][ T8735] FAT-fs (loop2): Directory bread(block 1285) failed [ 284.628395][ T8735] FAT-fs (loop2): Directory bread(block 1286) failed [ 284.628429][ T8735] FAT-fs (loop2): Directory bread(block 1287) failed [ 284.628647][ T8735] FAT-fs (loop2): Directory bread(block 1288) failed [ 284.693560][ T8735] FAT-fs (loop2): FAT read failed (blocknr 1281) [ 284.980197][ T8509] 8021q: adding VLAN 0 to HW filter on device bond0 [ 285.278228][ T8509] 8021q: adding VLAN 0 to HW filter on device team0 [ 285.447063][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.490573][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 285.706942][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.781566][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 286.482067][ T8772] ------------[ cut here ]------------ [ 286.482083][ T8772] 1 [ 286.482098][ T8772] WARNING: net/ipv4/route.c:1275 at ip_rt_bug+0x2d/0x140, CPU#0: syz.4.1171/8772 [ 286.482145][ T8772] Modules linked in: [ 286.482178][ T8772] CPU: 0 UID: 0 PID: 8772 Comm: syz.4.1171 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 286.482209][ T8772] Tainted: [L]=SOFTLOCKUP [ 286.482217][ T8772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 286.482241][ T8772] RIP: 0010:ip_rt_bug+0x2d/0x140 [ 286.482271][ T8772] Code: fa 55 41 57 41 56 41 55 41 54 53 48 89 d3 e8 4a 8c 35 f8 66 90 e8 43 8c 35 f8 31 ff 48 89 de ba 02 00 00 00 e8 f4 96 68 ff 90 <0f> 0b 90 31 c0 5b 41 5c 41 5d 41 5e 41 5f 5d e9 3f 7e 9c 01 cc 49 [ 286.482291][ T8772] RSP: 0018:ffffc9000b62f160 EFLAGS: 00010286 [ 286.482311][ T8772] RAX: 49a46a17c6451800 RBX: ffff888032874dc0 RCX: 0000000000000046 [ 286.482328][ T8772] RDX: 0000000000000002 RSI: ffffffff8d62539f RDI: ffffffff8ba868e0 [ 286.482345][ T8772] RBP: ffffc9000b62f460 R08: ffffffff8f8a95f7 R09: 1ffffffff1f152be [ 286.482389][ T8772] R10: dffffc0000000000 R11: fffffbfff1f152bf R12: dffffc0000000000 [ 286.482409][ T8772] R13: 0000000000000000 R14: ffff888032874dc0 R15: dffffc0000000000 [ 286.482425][ T8772] FS: 00007f4ac30866c0(0000) GS:ffff888125f25000(0000) knlGS:0000000000000000 [ 286.482446][ T8772] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.482461][ T8772] CR2: 00007f4f8aaaf0d1 CR3: 0000000060428000 CR4: 00000000003526f0 [ 286.482486][ T8772] Call Trace: [ 286.482495][ T8772] [ 286.482510][ T8772] ip_push_pending_frames+0x8b/0x110 [ 286.482543][ T8772] __icmp_send+0x11e4/0x1690 [ 286.482574][ T8772] ? __icmp_send+0x22b/0x1690 [ 286.482629][ T8772] ? __pfx___icmp_send+0x10/0x10 [ 286.482690][ T8772] ? ip_route_input_noref+0xad/0x270 [ 286.482728][ T8772] ? __pfx_ip_route_input_noref+0x10/0x10 [ 286.482766][ T8772] ? tcp_v4_early_demux+0x2e4/0x9c0 [ 286.482807][ T8772] ip_options_compile+0x80/0xb0 [ 286.482835][ T8772] ip_rcv_finish_core+0xaa2/0x1c00 [ 286.482887][ T8772] ip_rcv_finish+0x14c/0x2a0 [ 286.482927][ T8772] NF_HOOK+0x336/0x3c0 [ 286.482960][ T8772] ? sock_wfree+0x26e/0x750 [ 286.482986][ T8772] ? __pfx_ip_rcv_finish+0x10/0x10 [ 286.483019][ T8772] ? NF_HOOK+0x9e/0x3c0 [ 286.483052][ T8772] ? __pfx_NF_HOOK+0x10/0x10 [ 286.483090][ T8772] ? __pfx_ip_rcv_finish+0x10/0x10 [ 286.483134][ T8772] ? netif_receive_skb+0x102/0xbf0 [ 286.483164][ T8772] ? __pfx_ip_rcv+0x10/0x10 [ 286.483198][ T8772] netif_receive_skb+0x45b/0xbf0 [ 286.483236][ T8772] ? __pfx_netif_receive_skb+0x10/0x10 [ 286.483266][ T8772] ? rcu_is_watching+0x15/0xb0 [ 286.483289][ T8772] ? __local_bh_disable_ip+0x3c/0x420 [ 286.483321][ T8772] ? tun_rx_batched+0x191/0x760 [ 286.483355][ T8772] ? tun_rx_batched+0x191/0x760 [ 286.483392][ T8772] tun_rx_batched+0x1ee/0x760 [ 286.483435][ T8772] ? __pfx_tun_rx_batched+0x10/0x10 [ 286.483483][ T8772] ? tun_get_user+0x278d/0x4400 [ 286.483519][ T8772] ? tun_get_user+0x278d/0x4400 [ 286.483559][ T8772] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 286.483587][ T8772] ? lockdep_hardirqs_on+0x7a/0x110 [ 286.483629][ T8772] tun_get_user+0x2bd1/0x4400 [ 286.483662][ T8772] ? __pfx_snprintf+0x10/0x10 [ 286.483703][ T8772] ? tun_get_user+0x278d/0x4400 [ 286.483749][ T8772] ? __pfx_trim_netdev_trace+0x10/0x10 [ 286.483776][ T8772] ? stack_trace_save+0xa9/0x100 [ 286.483807][ T8772] ? __pfx_tun_get_user+0x10/0x10 [ 286.483867][ T8772] ? ref_tracker_alloc+0x332/0x4a0 [ 286.483894][ T8772] ? tun_get+0x157/0x2f0 [ 286.483925][ T8772] ? vfs_write+0x629/0xba0 [ 286.483951][ T8772] ? ksys_write+0x156/0x270 [ 286.483980][ T8772] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 286.484016][ T8772] ? tun_get+0x1c/0x2f0 [ 286.484057][ T8772] ? tun_get+0x1c/0x2f0 [ 286.484089][ T8772] ? tun_get+0x1c/0x2f0 [ 286.484125][ T8772] tun_chr_write_iter+0x119/0x210 [ 286.484156][ T8772] vfs_write+0x629/0xba0 [ 286.484193][ T8772] ? __pfx_vfs_write+0x10/0x10 [ 286.484237][ T8772] ? __fget_files+0x2a/0x420 [ 286.484275][ T8772] ksys_write+0x156/0x270 [ 286.484309][ T8772] ? __pfx_ksys_write+0x10/0x10 [ 286.484349][ T8772] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.484375][ T8772] do_syscall_64+0x15f/0xf80 [ 286.484399][ T8772] ? trace_irq_disable+0x3b/0x140 [ 286.484427][ T8772] ? clear_bhb_loop+0x40/0x90 [ 286.484452][ T8772] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.484473][ T8772] RIP: 0033:0x7f4ac4ded60e [ 286.484507][ T8772] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 286.484525][ T8772] RSP: 002b:00007f4ac3085fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 286.484548][ T8772] RAX: ffffffffffffffda RBX: 00007f4ac30866c0 RCX: 00007f4ac4ded60e [ 286.484562][ T8772] RDX: 000000000000005a RSI: 00002000000002c0 RDI: 00000000000000c8 [ 286.484576][ T8772] RBP: 00007f4ac4ec2d69 R08: 0000000000000000 R09: 0000000000000000 [ 286.484589][ T8772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 286.484609][ T8772] R13: 00007f4ac50a6038 R14: 00007f4ac50a5fa0 R15: 00007ffe42a14dd8 [ 286.484712][ T8772] [ 286.484731][ T8772] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 286.484751][ T8772] CPU: 0 UID: 0 PID: 8772 Comm: syz.4.1171 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 286.484783][ T8772] Tainted: [L]=SOFTLOCKUP [ 286.484790][ T8772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 286.484804][ T8772] Call Trace: [ 286.484812][ T8772] [ 286.484821][ T8772] vpanic+0x56c/0xa60 [ 286.484854][ T8772] ? __pfx__printk+0x10/0x10 [ 286.484877][ T8772] ? __pfx_vpanic+0x10/0x10 [ 286.484904][ T8772] ? is_bpf_text_address+0x292/0x2b0 [ 286.484937][ T8772] ? is_bpf_text_address+0x26/0x2b0 [ 286.484982][ T8772] panic+0xc5/0xd0 [ 286.485011][ T8772] ? __pfx_panic+0x10/0x10 [ 286.485066][ T8772] __warn+0x315/0x4c0 [ 286.485094][ T8772] ? ip_rt_bug+0x2d/0x140 [ 286.485125][ T8772] ? ip_rt_bug+0x2d/0x140 [ 286.485155][ T8772] __report_bug+0x29a/0x540 [ 286.485179][ T8772] ? NF_HOOK+0x336/0x3c0 [ 286.485209][ T8772] ? netif_receive_skb+0x45b/0xbf0 [ 286.485236][ T8772] ? tun_rx_batched+0x1ee/0x760 [ 286.485275][ T8772] ? ip_rt_bug+0x2d/0x140 [ 286.485303][ T8772] ? __pfx___report_bug+0x10/0x10 [ 286.485348][ T8772] ? ip_rt_bug+0x2d/0x140 [ 286.485376][ T8772] report_bug+0x16a/0x220 [ 286.485400][ T8772] ? ip_rt_bug+0x2d/0x140 [ 286.485426][ T8772] ? ip_rt_bug+0x2f/0x140 [ 286.485453][ T8772] handle_bug+0x9c/0x200 [ 286.485482][ T8772] exc_invalid_op+0x1a/0x50 [ 286.485511][ T8772] asm_exc_invalid_op+0x1a/0x20 [ 286.485533][ T8772] RIP: 0010:ip_rt_bug+0x2d/0x140 [ 286.485562][ T8772] Code: fa 55 41 57 41 56 41 55 41 54 53 48 89 d3 e8 4a 8c 35 f8 66 90 e8 43 8c 35 f8 31 ff 48 89 de ba 02 00 00 00 e8 f4 96 68 ff 90 <0f> 0b 90 31 c0 5b 41 5c 41 5d 41 5e 41 5f 5d e9 3f 7e 9c 01 cc 49 [ 286.485583][ T8772] RSP: 0018:ffffc9000b62f160 EFLAGS: 00010286 [ 286.485615][ T8772] RAX: 49a46a17c6451800 RBX: ffff888032874dc0 RCX: 0000000000000046 [ 286.485632][ T8772] RDX: 0000000000000002 RSI: ffffffff8d62539f RDI: ffffffff8ba868e0 [ 286.485647][ T8772] RBP: ffffc9000b62f460 R08: ffffffff8f8a95f7 R09: 1ffffffff1f152be [ 286.485663][ T8772] R10: dffffc0000000000 R11: fffffbfff1f152bf R12: dffffc0000000000 [ 286.485680][ T8772] R13: 0000000000000000 R14: ffff888032874dc0 R15: dffffc0000000000 [ 286.485722][ T8772] ip_push_pending_frames+0x8b/0x110 [ 286.485755][ T8772] __icmp_send+0x11e4/0x1690 [ 286.485785][ T8772] ? __icmp_send+0x22b/0x1690 [ 286.485831][ T8772] ? __pfx___icmp_send+0x10/0x10 [ 286.485891][ T8772] ? ip_route_input_noref+0xad/0x270 [ 286.485928][ T8772] ? __pfx_ip_route_input_noref+0x10/0x10 [ 286.485965][ T8772] ? tcp_v4_early_demux+0x2e4/0x9c0 [ 286.486005][ T8772] ip_options_compile+0x80/0xb0 [ 286.486033][ T8772] ip_rcv_finish_core+0xaa2/0x1c00 [ 286.486084][ T8772] ip_rcv_finish+0x14c/0x2a0 [ 286.486124][ T8772] NF_HOOK+0x336/0x3c0 [ 286.486156][ T8772] ? sock_wfree+0x26e/0x750 [ 286.486180][ T8772] ? __pfx_ip_rcv_finish+0x10/0x10 [ 286.486211][ T8772] ? NF_HOOK+0x9e/0x3c0 [ 286.486241][ T8772] ? __pfx_NF_HOOK+0x10/0x10 [ 286.486275][ T8772] ? __pfx_ip_rcv_finish+0x10/0x10 [ 286.486316][ T8772] ? netif_receive_skb+0x102/0xbf0 [ 286.486345][ T8772] ? __pfx_ip_rcv+0x10/0x10 [ 286.486379][ T8772] netif_receive_skb+0x45b/0xbf0 [ 286.486417][ T8772] ? __pfx_netif_receive_skb+0x10/0x10 [ 286.486451][ T8772] ? rcu_is_watching+0x15/0xb0 [ 286.486472][ T8772] ? __local_bh_disable_ip+0x3c/0x420 [ 286.486503][ T8772] ? tun_rx_batched+0x191/0x760 [ 286.486534][ T8772] ? tun_rx_batched+0x191/0x760 [ 286.486569][ T8772] tun_rx_batched+0x1ee/0x760 [ 286.486618][ T8772] ? __pfx_tun_rx_batched+0x10/0x10 [ 286.486665][ T8772] ? tun_get_user+0x278d/0x4400 [ 286.486698][ T8772] ? tun_get_user+0x278d/0x4400 [ 286.486736][ T8772] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 286.486763][ T8772] ? lockdep_hardirqs_on+0x7a/0x110 [ 286.486797][ T8772] tun_get_user+0x2bd1/0x4400 [ 286.486832][ T8772] ? __pfx_snprintf+0x10/0x10 [ 286.486876][ T8772] ? tun_get_user+0x278d/0x4400 [ 286.486923][ T8772] ? __pfx_trim_netdev_trace+0x10/0x10 [ 286.486949][ T8772] ? stack_trace_save+0xa9/0x100 [ 286.486978][ T8772] ? __pfx_tun_get_user+0x10/0x10 [ 286.487037][ T8772] ? ref_tracker_alloc+0x332/0x4a0 [ 286.487063][ T8772] ? tun_get+0x157/0x2f0 [ 286.487092][ T8772] ? vfs_write+0x629/0xba0 [ 286.487120][ T8772] ? ksys_write+0x156/0x270 [ 286.487148][ T8772] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 286.487184][ T8772] ? tun_get+0x1c/0x2f0 [ 286.487224][ T8772] ? tun_get+0x1c/0x2f0 [ 286.487255][ T8772] ? tun_get+0x1c/0x2f0 [ 286.487287][ T8772] tun_chr_write_iter+0x119/0x210 [ 286.487321][ T8772] vfs_write+0x629/0xba0 [ 286.487363][ T8772] ? __pfx_vfs_write+0x10/0x10 [ 286.487406][ T8772] ? __fget_files+0x2a/0x420 [ 286.487444][ T8772] ksys_write+0x156/0x270 [ 286.487479][ T8772] ? __pfx_ksys_write+0x10/0x10 [ 286.487519][ T8772] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.487544][ T8772] do_syscall_64+0x15f/0xf80 [ 286.487569][ T8772] ? trace_irq_disable+0x3b/0x140 [ 286.487607][ T8772] ? clear_bhb_loop+0x40/0x90 [ 286.487637][ T8772] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.487660][ T8772] RIP: 0033:0x7f4ac4ded60e [ 286.487683][ T8772] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 286.487701][ T8772] RSP: 002b:00007f4ac3085fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 286.487723][ T8772] RAX: ffffffffffffffda RBX: 00007f4ac30866c0 RCX: 00007f4ac4ded60e [ 286.487740][ T8772] RDX: 000000000000005a RSI: 00002000000002c0 RDI: 00000000000000c8 [ 286.487755][ T8772] RBP: 00007f4ac4ec2d69 R08: 0000000000000000 R09: 0000000000000000 [ 286.487769][ T8772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 286.487782][ T8772] R13: 00007f4ac50a6038 R14: 00007f4ac50a5fa0 R15: 00007ffe42a14dd8 [ 286.487821][ T8772] [ 286.488431][ T8772] Kernel Offset: disabled