last executing test programs: 56.205714983s ago: executing program 0 (id=73): bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x63) write$P9_RLERRORu(r0, &(0x7f0000000300)=ANY=[@ANYRESHEX], 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$tcp_congestion(r0, &(0x7f00000005c0)='bbr\x00', 0x4) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)=[0x2], 0x0, 0x0, 0x1, 0x1}}, 0x40) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x10012, r0, 0x0) 55.963020767s ago: executing program 0 (id=74): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9) r3 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_udp_int(r3, 0x11, 0xa, 0x0, &(0x7f0000000200)) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f00000003c0)) 55.595132605s ago: executing program 0 (id=77): sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000006180)={0x0, 0x0, &(0x7f0000006140)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16, @ANYBLOB="110026bd7000fddbdf2507002600"/26, @ANYRES32, @ANYBLOB="0c009900fb"], 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x20004014) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{}], 0x1, 0x40800) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x4, 0x4, 0x398, 0xffffffff, 0x1c0, 0x1c0, 0x0, 0xfeffffff, 0xffffffff, 0x310, 0x310, 0x310, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x2}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00', 0x1, 0x41, {0x6}}}}, {{@ipv6={@private0, @local, [0xff, 0x0, 0xff000000, 0xffffffff], [0x0, 0xff, 0xff000000, 0xffffff00], 'team0\x00', 'batadv_slave_0\x00', {0xff}, {}, 0xff, 0xe6, 0x4, 0x44}, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@private=0xa010100, [0xffffff00, 0x0, 0xffffffff, 0xffffff00], 0x4e24, 0x4e21, 0x4e21, 0x4e23, 0x8a, 0x0, 0x5, 0x2, 0x3fd}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3f8) 54.427028376s ago: executing program 0 (id=80): mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x200000000000, &(0x7f0000000000)='.\x00', 0x0, 0x8b7848, 0x0) mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x84000, 0x0) mount$bpf(0x200000000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x989046, 0x0) mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x2042, 0x0) 54.183451398s ago: executing program 0 (id=81): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10) setsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000040), 0x4) sendmsg$tipc(r1, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4010}, 0x8820) setsockopt$TIPC_GROUP_LEAVE(r0, 0x10f, 0x88) 53.708428885s ago: executing program 0 (id=84): openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0) r0 = syz_io_uring_setup(0x88f, &(0x7f0000000180)={0x0, 0x40c989, 0x0, 0xffffffdf, 0x175}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffa, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}}) io_uring_enter(r0, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000a00)={'syz0\x00', {0x6ec9, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0x2, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x3, 0x8, 0x81, 0x6, 0xf5, 0x9, 0x39, 0x747d5a13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x4, 0x800, 0x300000, 0x7, 0xe, 0x101, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x6, 0xd, 0x3, 0xba55, 0x8da8, 0x2, 0x200, 0x2, 0x400008, 0xe, 0x4, 0x2, 0xde, 0x8, 0x9, 0x1, 0x3, 0x808, 0x2, 0x9, 0x1, 0x4, 0x2, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x5], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0xffffffff, 0x7fff, 0x72c, 0x1c32, 0x3, 0x9, 0x10000, 0x400, 0x8001, 0x3, 0x1, 0x29a, 0x5, 0x0, 0xfffffffa, 0x4, 0x2, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000000, 0x10, 0xfffffff9, 0x0, 0x5, 0x1, 0x8001, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffffd, 0x101, 0x0, 0x2, 0x401, 0xc, 0x10001, 0x379, 0x9, 0xe, 0x5, 0x7, 0x4, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x2003], [0x401, 0xc584, 0xffff, 0xcd4, 0x7, 0x20, 0x7, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0xffffffff, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x10, 0x80000001, 0x4, 0x4, 0x5, 0x9, 0x2, 0x5, 0x80, 0x9, 0x9, 0x8001, 0x2, 0x7, 0x4, 0x3, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x95a, 0x1, 0x3ff, 0x3, 0x6, 0x100fffd, 0x2005, 0x7, 0x4, 0xea, 0x9, 0x9b77, 0x9, 0xd9, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x88, 0x2, 0x6, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x2, 0x4, 0x1000, 0x7f, 0x5, 0x3fa8, 0x0, 0x0, 0x9, 0x1e0, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x3b, 0x2, 0x7, 0x800, 0xa80a, 0x65f413f9, 0x2, 0x8, 0x8a8, 0x2, 0x40, 0x3, 0x2, 0x84, 0x4, 0x10, 0x0, 0x0, 0x7fff, 0x0, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0x4edf, 0x1, 0xf, 0xe, 0x2, 0xe, 0xf, 0x173, 0x6]}, 0x45c) 53.149918809s ago: executing program 32 (id=84): openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0) r0 = syz_io_uring_setup(0x88f, &(0x7f0000000180)={0x0, 0x40c989, 0x0, 0xffffffdf, 0x175}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffa, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}}) io_uring_enter(r0, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000a00)={'syz0\x00', {0x6ec9, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0x2, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x3, 0x8, 0x81, 0x6, 0xf5, 0x9, 0x39, 0x747d5a13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x4, 0x800, 0x300000, 0x7, 0xe, 0x101, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x6, 0xd, 0x3, 0xba55, 0x8da8, 0x2, 0x200, 0x2, 0x400008, 0xe, 0x4, 0x2, 0xde, 0x8, 0x9, 0x1, 0x3, 0x808, 0x2, 0x9, 0x1, 0x4, 0x2, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x5], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0xffffffff, 0x7fff, 0x72c, 0x1c32, 0x3, 0x9, 0x10000, 0x400, 0x8001, 0x3, 0x1, 0x29a, 0x5, 0x0, 0xfffffffa, 0x4, 0x2, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000000, 0x10, 0xfffffff9, 0x0, 0x5, 0x1, 0x8001, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffffd, 0x101, 0x0, 0x2, 0x401, 0xc, 0x10001, 0x379, 0x9, 0xe, 0x5, 0x7, 0x4, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x2003], [0x401, 0xc584, 0xffff, 0xcd4, 0x7, 0x20, 0x7, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0xffffffff, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x10, 0x80000001, 0x4, 0x4, 0x5, 0x9, 0x2, 0x5, 0x80, 0x9, 0x9, 0x8001, 0x2, 0x7, 0x4, 0x3, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x95a, 0x1, 0x3ff, 0x3, 0x6, 0x100fffd, 0x2005, 0x7, 0x4, 0xea, 0x9, 0x9b77, 0x9, 0xd9, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x88, 0x2, 0x6, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x2, 0x4, 0x1000, 0x7f, 0x5, 0x3fa8, 0x0, 0x0, 0x9, 0x1e0, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x3b, 0x2, 0x7, 0x800, 0xa80a, 0x65f413f9, 0x2, 0x8, 0x8a8, 0x2, 0x40, 0x3, 0x2, 0x84, 0x4, 0x10, 0x0, 0x0, 0x7fff, 0x0, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0x4edf, 0x1, 0xf, 0xe, 0x2, 0xe, 0xf, 0x173, 0x6]}, 0x45c) 5.796839823s ago: executing program 5 (id=328): r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) recvmsg(r0, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x40002102) bind$llc(r0, &(0x7f0000000140)={0x1a, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) sendfile(r0, r1, 0x0, 0xffffffff000) recvmmsg(r0, &(0x7f0000000640), 0x3fffffffffffce3, 0x0, 0x0) 4.601674883s ago: executing program 3 (id=338): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) recvfrom(r1, 0x0, 0x0, 0x32, 0x0, 0x0) 4.188620802s ago: executing program 2 (id=341): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = eventfd2(0xe5c, 0x80000) r3 = eventfd2(0x4009c, 0x800) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r2, 0x7, 0x2, r3}) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f00000000c0)={0x7, 0x80}) 3.883756696s ago: executing program 5 (id=343): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) close(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r1, &(0x7f0000001380), &(0x7f0000000000)=""/10, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000000c0)={r1, &(0x7f0000000880)="f2", &(0x7f0000000000)=""/10, 0x2}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000cd03000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0xedf0e51957efc755, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x18000000000002a0, 0x5ee, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 3.848693486s ago: executing program 2 (id=344): timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc)=0x4, 0x0, 0x4, 0x0, 0x0, 0xfffffffd) socket$inet_tcp(0x2, 0x1, 0x0) 3.767991302s ago: executing program 1 (id=345): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x2}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10) setsockopt$TIPC_GROUP_LEAVE(r0, 0x10f, 0x88) 3.517611268s ago: executing program 1 (id=346): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000000)="362e0fc77de80f01f6f3660f0017c4c35d46deb98246fb0cc744240004000000c744240214b9cc13c7442406000000000f011c240fb0dab961020000b800000100ba000000000f303e0f08c4e17853f6", 0x50}], 0x1, 0x51, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000005700)=@vmx={0x0, 0x0, 0x2080}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.256627663s ago: executing program 1 (id=347): syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') r0 = socket(0x1, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000340)=0x14) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'bond_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0xff00, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x28, 0x10, 0x401, 0x7ffffffe, 0x3, {0x0, 0x0, 0x600, r4, 0x60, 0x880}, [@IFLA_MASTER={0x8, 0x3, r1}]}, 0x35}, 0x1, 0xd, 0x0, 0x480c5}, 0x10) 3.24210801s ago: executing program 5 (id=348): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0) r2 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r2, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30000091) 3.04446542s ago: executing program 3 (id=349): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) rt_sigprocmask(0x0, &(0x7f0000000200)={[0xf7fffbfd]}, 0x0, 0x8) ioctl$VIDIOC_LOG_STATUS(0xffffffffffffffff, 0x5646, 0x0) 3.010831237s ago: executing program 1 (id=350): r0 = syz_usb_connect$midi(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0xd8c, 0x102, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x1, 0x5, 0x60, 0x1, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x3, 0x20, 0x2}}}}}]}}, 0x0) syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x80c}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$rtl8150(r0, &(0x7f0000000180)={0x14, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 2.497645469s ago: executing program 2 (id=351): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x4, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x8, 0x0, 0x0, 0x41100}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) recvmmsg(r0, &(0x7f0000001180)=[{{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000003cc0)=""/4096, 0x1000}], 0x1}, 0x3}], 0x1, 0x400000ea, 0x0) 2.261592389s ago: executing program 4 (id=352): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="480000001c00110c0000001400000f0007000000", @ANYRES32=r1, @ANYBLOB="800202000a000200577f0000aabb000020000e80050001008f000000050001000100000004000200050001"], 0x48}}, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0x48}}, 0x0) sendmmsg$alg(r2, &(0x7f00000000c0), 0x492492492492627, 0x0) 1.964192666s ago: executing program 3 (id=353): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000040)=[@in6={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, &(0x7f0000000180)=0x10) r1 = socket(0x2, 0x80805, 0x0) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x74, &(0x7f0000000200)={r3, 0x5, 0x20}, &(0x7f00000001c0)=0x18) 1.850436828s ago: executing program 3 (id=354): syz_open_procfs(0x0, &(0x7f00000000c0)='net/igmp\x00') mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) epoll_create1(0x0) openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) write$FUSE_DIRENTPLUS(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="10000000", @ANYRES64=r0], 0x10) 1.751659278s ago: executing program 3 (id=355): syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="696f636861727365743d6d616363726f617469616e2c646973636172643d3078303030303030303030303030303030332c6e6f646973636172642c6572726f72733d636f6e74696e75652c696f636861727365743d6d6163637972696c6c69632c0067add4ceec7cb8702b1b4a0ff322839e69b507d7478e0706b00408dc59283f5c0159b8e3c0289dcb182504844ef8e6972cdb3f50680fc9602ed27c1f6b47a91f941f154ae205d34a9b7a7c67efa0c0e2a70251d664fce12ae64a5a521aa83080b7672c4e1566a61a0ade4b6c9d78151053d9fb31fd2cfc77f269f873e14e5fe3c46c0acbb22d40391ae31d2025dcd947adf76739ae4ecbe3b630040b37e2b09d7816e0b93981de1147532cf2f46d4d4904f68fb43cd165b9"], 0x1, 0x61d0, &(0x7f0000016fc0)="$eJzs3c2OHFfZB/Cn+ms+8saxsojyWghNEgMJIf4MxhAgyQIWbFggb5GtySSycADZBjmRhSeaDQsuAoTEEhBLVlxAFmzZcQFYspGArFKoZs4Z1zTd7rGd6eqZ8/tJk6qnTtX0qfy7prtdVX0CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIjvffcHZ6uIuPzztOB4xP9FP6IXsdLUaxGxsnY8rz+IiOdjuzmei4jhUkSVG5+JeD0iPj4Wce/+7fVm0bl99uM7f/zbb3/41Pf/+vvh6X//6Wb/jWnr3br1q3/9+c7j7y8AAACUqK7rukof80+kz/e9rjsFAMxFfv2vk7xcvXD15oL1R61Wq9WHsG6rJ7vTLiJis71N857B6XgAOGQ245Ouu0CH5F+0QUQ81XUngIVWdd0BDsS9+7fXq5Rv1X49WNtpz9eC7Ml/s9q9v2PadJbxa0zm9fzain48O6U/K3PqwyLJ+ffG87+80z5K6x10/vMyLf/Rzq1Pxcn598fzH3N08u9NzL9UOf/BI+Xflz8AAAAAACyw/O//xzs+/7v05LuyLw87/7s2pz4AAAAAAAAAwGftScf/21UZ/w8AAAAWVfNZvfHrYw+WTfsutmb5pSri6bH1gcKkm2VWu+4HAAAAAAAAAAAAAJRksHMN76UqYhgRT6+u1nXd/LSN14/qSbc/7ErffyhZ13/kAQBgx8fHxu7lryKWI+JS+q6/4erqal0vr6zWq/XKUn4/O1parldan2vztFm2NNrHG+LBqG5+2XJru7ZZn5dntY//vuaxRnV/Hx2bjw4DB4CI2Hk1uucV6Yip62ei63c5HA6O/6PH8c9+dP08BQAAAA5eXdd1lb7O+0Q659/rulMAwFzk1//x8wJqtVqtVquPXt1WT3anXUTEZnub5j2D4fgB4JDZjE+67gIdkn/RBhHxfNedABZa1XUHOBD37t9er1K+Vfv1II3vnq8F2ZP/ZrW9Xd5+0nSW8WtM5vX82op+PDulP8/NqQ+LJOffG8//8k77KK130PnPy7T8m/083kF/upbz74/nP+bo5N+bmH+pcv6DR8q/L38AAAAAAFhg+d//jy/U+d/R4+7OTA87/7t2YI8KAAAAAAAAAAfr3v3b6/m+13z+/3MT1nP/59GU86/kX6Scf7r/f/fCm5fH1uu35u++/SD/f96/vf67m//4/zzdb/5LeaZKz6wqPSOq9EjVIE0fc8em2Br2R80jDatef5Cu+amH78bVuBYbcWbPur10PDxoP7unvenpcLu97u+0n9vTPthtz9uf39M+TFc61Su5/VSsx0/iWryz3d60Lc3Y/+UZ7fWM9px/3/FfpJz/oPXT5L+a2quxaePuR73/Oe7b00mP89bVz//yzMHvzkxb0d/dt7Zm/17soD/b/0+eGsXPbmxcP3Xrys2b189GmuxZei7S5DOW8x+mn5z/yy/ttOe/++3j9e5Ho0fOf1FsxWBq/i+15pv9fWXOfetCzn+UfnL+76T2ycf/Yc5/+vH/agf9AQAAAAAAAAAAAAAAgIep63r7FtG3IuJCuv+nq3szAYD5yq//dZKXz6vuP+72f9i7H131X62ec10tWH/mWn9aL1Z/1AtZ/2fB+rNwdVs92ZvtIiL+0t6mec/wi0m/DABYZJ9GxN+77gSdkX/B8vf9NdOTXXcGmKsbH3z4oyvXrm1cv9F1TwAAAAAAAACAx5XH/1xrjf98sq7rO2Pr7Rn/9e1Ye9LxPwd5ZneA0SkDVfcffZ8eZqs36vdaw42/ENPG/x7uzj1s/O/BjMcbzmgfzWhfmtG+PKN94o0eLTn/F1rjnZ+MiBNjw6+XMP7r+Jj3Jcj5v9h6Pjf5f2lsvXb+9W8Oc/69Pfmfvvn+T0/f+ODD166+f+W9jfc2fnz+7Nkz5y9cuHjx4ul3r17bOLPz3w57fLBy/nnsa9eBliXnnzOXf1ly/l9ItfzLkvP/YqrlX5acf36/J/+y5PzzZx/5lyXn/0qq5V+WnP+XUy3/suT8X021/MuS8/9KquVflpz/a6mWf1ly/qdSLf+y5PxPp3qf+a8cdL+Yj5x/PsPl+C9Lzj9f2SD/suT8z6Va/mXJ+Z9PtfzLkvN/PdXyL0vO/6upln9Zcv4XUi3/suT8v5Zq+Zcl538x1fIvS87/66mWf1ly/t9ItfzLkvN/I9XyL0vO/5upln9Zcv7fSrX8y5Lz/3aq5V+WnP+bqZZ/WR58/78ZM2bM5Jmu/zIBAAAAAAAAAAAAAOPmcTlx1/sIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/2YEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUV9u4tRq67vgP4mb1540BiIKROasLGMcY4m+z6El9oXUy4NtxKQij0gu1612bBN7x2CTSqHQVKJIyKKtqGh7aAUJuXCqvigVaA8oBaVaoE7QN9QVSoPERVQAGpKq0gW82c//+/M7OzM7ve8ebMOZ+PlPyyM2fmnDnzn9n92vnuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM3ufMPsp2pZltVqtfyCTVn2ovq8YWJT45LXvrDHBwAAAKzdLxr/fu7mdMHhFdyoaZt/uuPbX11YWFjI3jf8p6OfW1hIV0xk2eiGLGtcF139wftrzdsEj2fjtaGmr4d67H64x/UjPa4f7XH9WI/rN/S4frzH9UtOwBI3ZLV0Z9sa/7kpP6XZLdlo47ptHW71eG3DUP3cpdtmtcZtFkZPZHPZqWw2m27ZPt+21tj+63fW9/XWLO5rqGlfW+or5CePHo/HUAvneFvLvhbvM/rR67OJn/7k0eN/feHZ2zrNnqeh5f7y49yxtX6cnwiX5MdayzakcxKPc6jpOLd0eE6GW46z1rhd/b/bj/O5FR7n8OJhrqv253w8G2r893ca52mklnU4T1vCZT+7K8uyy4uH3b7Nkn1lQ9nGlkuGFp+f8XxF1u+jvpRemo2sap3euYJ1Wp8z21rXaftrIj7/d4bbjSxzDM1P048eG2t63n++cC3rNKo/6uVeK+1rsN+vlaKswbguvtN40E90XIPbwuN/dPvya7Dj2umwBtPjblqDW3utwaGx4cYxpyeh1rjN4hrc1bL9cGNPtcZ8Znv3NTh14fS5qfmPffyeudPHTs6enD2zZ9eu6T379h04cGDqxNyp2en839d4totvYzaUXgNbw7mLr4FXt23bvFQXvji25P33Wl+H411eh5vatu3363Ck/cHV1ucFuXRN56+N99RP+viVoWyZ11jj+dm59tdhetxNr8ORptdhx+8pHV6HIyt4Hda3ObdzZT+zjDT90+kYlv9esLY1uKlpDbb/PNK+Bvv980hR1uB4WBff27n894It4XifmFztzyPDS9Zgerjhvad+Sfp5f/xAY3Ral7fXr7hxLLs4P3v+3keOXbhwflcWxrp4WdNaaV+vG5seU7ZkvQ6ter0enrvjids7XL4pnKvxe+r/Gl/2uapvs/fe7s9V47tb5/PZcunuLIw+W+/z2em7ef18jmXZ57/12IPfePTzb1j2fNbz5iem1v6zeMqlTe+/o8u8/8bc/3y+v3RXjw+PjuSv3+F0dkZb3o9bn6qRxntXrbHv56ZW9n48Gv5Z7/fjW7q8H29u27bf78ej7Q8uvh/Xev1px9q0P5/jYZ2cmu7+flzfZvPu1a7Jka7vx3eFWQvn/zUhKaRc1LR2llu3aV8jI6PhcY3EPbSu0z0t24+GbFbf11O7r22d7rgrv6/h9OgWrdc6nWjbtt/rNP3Z13LrtNbrT9+uTfvzOR7WxS17uq/T+jZP7137e+cN8T+b3jvHeq3B0eGx+jGPpkXYeL/PFm6Ia/De7Hh2NjuVzTSuHWusp1pjX5P3rWwNjoV/1vu9cnOXNbijbdt+r8H0fWy5tVcbWfrg+6D9+RwP6+LJ+7qvwfo2b9zf359dd4RL0jZNP7u2//nacn/mdXvbabpea2UkHOe39nf/s9n6NqcOrDZndj9Pd4dLbuxwntpfv8u9pmay9TlPm8NxPntg+fNUP576Np87uML1dDjLsksfub/x573h71f+7uJ3v9ry9y6d/k7n0kfu//GLT/zjao4fgMH3fD425t/rmv5maiV//w8AAAAMhJj7h8JM5H8AAAAojZj74/8Vnsj/AAAAUBox94+EmVQk/29+47Nzz1/KUjN/IYjXp9PwQL5d7LhOh68nFhbVL7//y7P//Q+XVrbvoSzLfv7AH3TcfvMD8bhyE+E4r76p9fIlvnrPivZ99OFLab/N/fUvhPuPj2ely6BTBXc6y7Kv3/yZxn4m3n+lMZ9+4GhjPnj5icfr2zx3MP863v6Zl+Xb/0Uo/x4+cazl9s+E8/DDMKff1vl8xNt95cprtux/7+L+4u1qW29qPOwnP5Dfb/w9OZ99PN8+nufljv8bn37qK/XtH3lV5+O/NNT5+J8K9/vlMP/3Ffn2zc9B/et4u0+G44/7i7e790vf7Hj8Vz+Vb3/uzfl2R8OM+98Rvt725mfnms/XI7VjLY8re0u+Xdz/9Hf/uHF9vL94/+3HP37kSsv5aF8fT/9bfj9TbdvHy+N+or9v23/9fprXZ9z/U390tOU899r/1QefeUX9ftv3f3fbduc+srOx/8X7a/2NTX/5yc903F88nsN/e67l8Rx+d3gdh/0/+YGwHsP1/3c1v7/2365w9N2t7z9x+y9sutTyeKK3/jTf/9XXnWzMDeM3bLzxRS++6fIr6+cuy76zIb+/Xvs/+VdnW47/i7fm5yNeHzv67ftfTtz/+Y9Onjk7f3FuJp3VR29u/O6ct+fHE4/35vDe2v71kbMXPjh7fmJ6YjrLJsr7K/Su2ZfC/HE+LnffemHJO+jOh8Pzefuff33j9n/9dLz839+TX37lbfn3rVeH7T4bLt8Unr/V7X+pJ++8tfH6rj0djnBh6e8LXost2/7rwIo2DI+//eeCuN7PvfyDjfNQv67xfSO+rtd4/N+fye/na+G8LoTfzLz11sX9NW8ffzfClYfy1/uaz194m4vP69+E5/sdP8zvPx5XfLzfDz/HfHNz6/tdXB9fuzTUfv+N3+JxObyfZJfz6+NW8Xxfee7WjocXfw9Jdvm2xtd/ku7ntlU9zOXMf2x+6tTcmYuPTF2Ynb8wNf+xjx85ffbimQtHGr/L88iHet1+8f1pY+P9aWZ2396s8W51Nh/X2Qt9/OcePj6zf3r7zOyJYxdPXHj43Oz5k8fn54/PzsxvP3bixOxHe91+bubQrt0H9+zfPXlybubQgYMH9xycnDtztn4Y+UH1sG/6w5Nnzh9p3GT+0N6Du+67b+/05OmzM7OH9k9PT17sdfvG96bJ+q1/f/L87KljF+ZOz07Oz3189tCug/v27e752wBPnzsxPzF1/uKZqYvzs+en8scycaFxcf17X6/bU07z/5H/PNuulv8ivuxdd+9Lv5+17suPLXtX+SZtv0D02fC7aP75JecOrOTrmPtHw0wqkv8BAACgCmLuHwszkf8BAACgNGLu3xBmIv8DAABAacTcPx5mUpH8X7r+/+ZLK9q//r/+f/P50v+vWP//oaL1//P3C/3//lhr/17/P9D/1//X/9f/1/+nD4rW/4+5/4Ysq2T+BwAAgCqIuX9jmIn8DwAAAKURc/+NYSbyPwAAAJRGzP0vCjOpSP7X/9f/1//X/9f/77x//f/BpP/fnf5/D/r/U1m1+v+X+3n8+v/6/yxVtP5/zP0vDjOpSP4HAACAKoi5/6YwE/kfAAAASiPm/pvDTOR/AAAAKI2Y+zeFmVQk/+v/6//r/+v/6/933r/+/2DS/+9O/78H/X+f/6//r/9PXxWt/x9z/0vCTCqS/wEAAKAKYu5/aZiJ/A8AAADFM3JtN4u5/2VhJkvy/zXuAAAAAHjBxdx/S9ZWBK/I3//r/+v/F7//vyFdp/+v/58Vsv8/nOn/F4f+f3f6/z3o/+v/6//r/9NXRev/N3J/Np69PMykIvkfAAAAqiDm/lvDTOR/AAAAKI2Y+38pzET+BwAAgNKIuX9zmElF8r/+v/5/8fv/Pv9f/7/o/X+f/18k+v/d6f/3oP+v/6//r/9PXxWt/x9z/21hJhXJ/wAAAFAFMfffHmYi/wMAAEBpxNz/y2Em8j8AAACURsz9W8JMKpL/9f8L3v+PzVH9f/1//X/9f/3/FdH/707/vwf9f/1//X/9f/qqaP3/mPtfEWZSkfwPAAAAVRBz/x1hJvI/AAAAlEbM/a8MM5H/AQAAoDRi7p8IM6lI/tf/L3j/P+/Bj/n8f/1//X/9f/3/ldH/707/vwf9f/3/vvT/Fy7p/+v/kyta/z/m/jvDTCqS/wEAAKAKYu7fGmYi/wMAAEBpxNx/V5iJ/A8AAAClEXP/tjCTiuR//f+B6P9n+v/6//r/+v/6/yuj/9+d/n8P+v/6/z7/X/+fvipa/z/m/leFmVQk/wMAAEAVxNy/PcxE/gcAAIDSiLn/1WEm8j8AAACURsz9O8JMKpL/9f/1//X/9f/1/zvvX/9/MOn/d6f/34P+v/6//r/+P31VtP5/zP2vCTOpSP4HAACAKoi5f2eYifwPAAAApRFz/91hJvI/AAAAlEbM/ZNhJhXJ//r/+v/6//r/+v+d96//P5j0/7vT/+9B/1//X/9f/5++Klr/P+b+e8JMKpL/AQAAoApi7r83zET+BwAAgNKIuX8qzET+BwAAgNKIuX86zKQi+V//X/9f/1//f1X9/1cu3q/+f07/v1j0/7vT/+9B/1///wXv/4/q/1MqRev/x9y/K8ykIvkfAAAAqiDm/t1hJvI/AAAAlEbM/XvCTOR/AAAAKI2Y+/eGmVQk/+v/6//r/+v/+/z/zvvX/x9M+v/d9b//Hx+i/r/+v/6/z//X/2epovX/Y+6/L8ykIvkfAAAAqiDm/n1hJvI/AAAAlEbM/fvDTOR/AAAAKI2Y+w+EmVQk/+v/6//r/+v/6/933r/+/2DS/+/O5//3oP+v/6//r//PGj30h81fFa3/H3P/wTCTiuR/AAAAqIKY+18bZiL/AwAAQGnE3P8rYSbyPwAAAJRGzP2/GmZSkfyv/9/SPa8/XP1//X/9f/3/Bv3/waT/353+fw/6//r/+v/6//TVsv3/EL3Xu/8fc/+hMJOK5H8AAACogpj7fy3MRP4HAACA0oi5/3VhJvI/AAAAlEbM/YfDTCqS//X/ff6//r/+v/5/5/2vd/9/LN6v/v+a6P93p//fg/6//r/+v/4/fVW0z/+Puf/1YSYVyf8AAABQBTH33x9mIv8DAABAacTc/4YwE/kfAAAASiPm/jeGmVQk/+v/6//r/+v/6/933r/P/x9M+v/d6f/3oP+v/6//r/9PXxWt/x9z/5vCTCqS/wEAAKAKYu5/c5iJ/A8AAAClEXP/W8JM5H8AAAAojZj73xpmUpH8r/+v/6//r/+v/995//r/g0n/vzv9/x70//X/9f/1/+mrovX/Y+7/9TCTiuR/AAAAqIKY+x8IM5H/AQAAoDRi7n9bmIn8DwAAAKURc//bw0wqkv/1//X/9f/1//X/O+9f/38w6f93N2D9/1/cFC7X/8/p/xf7+Ffb/x9p+/q69P9/sFz/f2FD++31/7keitb/j7n/HWEmFcn/AAAAUAUx978zzET+BwAAgNKIuf9dYSbyPwAAAJRGzP2/EWZSkfyv/18/jsX2sv5/Wfv/Q/r/+v/6/xWh/9/dgPX/ff5/G/3/Yh+/z//X/2epovX/Y+5/d5hJRfI/AAAAVEHM/Q+Gmcj/AAAAUBox9z8UZiL/AwAAQGnE3P+eMJOK5H/9f5//X43+v8//z/T/9f8rQv+/O/3/HvT/9f+L1v//T/1/BlvR+v8x9z8cZlKR/A8AAABVEHP/e8NM5H8AAAAojZj7fzPMRP4HAACA0oi5/31hJhXJ//r/g9L/nxjQ/v9j+v/Xsf9/x035dvr/+v8s0v/vTv+/B/1//f+i9f99/j8Drmj9/5j73x9msvL8P77iLQEAAIAXRMz9vxVmUpG//wcAAIAqiLn/t8NM5H8AAAAojZj7fyfMpCL5X/9/UPr/Pv8/0//3+f9tj0f/X/+/k/Xr/8d3Hv1//X/9/0j/X/9f/592Rev/x9z/u2EmFcn/AAAAUAUx938gzET+BwAAgIHQ6f/Jbhdz/5EwE/kfAAAASiPm/qNhJhXJ//r/+v/6/wXt///Z1n/53rffeXSX/r/+v/7/qqzr5//XX/w+/1//X/8/0f/X/9f/p13R+v8x9x8LM6lI/gcAAIAqiLn/98JM5H8AAAAojZj7j4eZyP8AAABQGjH3z4SZVCT/6//r/+v/F7T/P8Cf/x/Ph/5/q771/+Obrv5/R3n/Pq2i69v/f+9iT1z/f7X9/7GOl+r/6/8P8vHr/+v/s1TR+v8x98+GmVQk/wMAAEAVhNw/dCKfi1fI/wAAAFAaMfefDDOR/wEAAKA0Yu7/YJhJRfK//r/+v/6//r/P/++8/279/9qIz/8vqtS//1njhaL/36Y4/f/O9P/1/wf5+PX/9f9Zqmj9/5j758JMKpL/AQAAoApi7v9QmIn8DwAAAKURc/+Hw0zkfwAAACiNmPtPhZlUJP/r/+v/6//r/+v/d95/YT//X/+/q7X27/X/A/3/avf//0f/X/9f/5/+KFr/P+b+02EmFcn/AAAAUAUx958JM5H/AQD+n707abKzLvs4fvp5wpNO8SzcuXBjlUtfAgtd6wtw4caNVZYLJ1ScCc4jioqzIjgPOIAgooLzAE4ozqDiPA84IUrFonNdV9Ldd9+nOzndfd///+ezyCVtmnOkUgm/dL7eANCM3P2PjVvsfwAAAGhG7v7HxS2d7H/9/9n0/6cqZf3/5vc/if7/Qfr/nV5f/6//b5n+f5z+fwn9v+f/6//1/6zU1Pr/3P2Pj1s62f8AAADQg9z9T4hb7H8AAABoRu7+8+MW+x8AAACakbv/iXFLJ/t/S/+/tuiz/8+M1/P/W+r/Pf9/x9fX/+v/W3aw/f9F9/7Mp//X/+v/g/5/V/3/0Z0+X/9Pi6bW/+fuf1Lc0sn+BwAAgB7k7n9y3GL/AwAAQDNy918Qt9j/AAAA0Izc/U+JWzrZ/6t7/v+xjY/PtP8v+n/9/8YH9P/6f/3/bHn+/7ie+v/zbz33MXdee7/r9vL6+n/9v+f/6/9Zran1/7n7nxq3dLL/AQAAoAe5+58Wt9j/AAAA0Izc/U+PW+x/AAAAaEbu/mfELZ3s/9X1/7N+/n/R/+v/Nz6g/9f/6/9nS/8/rqf+/0xeX/+v/9f/6/9Zran1/7n7nxm3dLL/AQAAoAe5+58Vt9j/AAAA0Izc/RfGLfY/AAAANCN3//G4pZP9r//f//7/Hv2//j+u/l//r//ff/r/cfr/JfT/+n/9v/6flZpa/5+7/6K4pZP9DwAAAD3I3f/suMX+BwAAgGbk7n9O3GL/AwAAQDNy9z83bulk/+v/Pf9f/6//1/8Pv77+f570/+P0/0vo/8+2nz9H/6//1/9zuj32/3eP/LS9kv4/d//z4pZO9j8AAAD0IHf/8+MW+x8AAACakbv/BXGL/Q8AAADNyN3/wrilk/2v/9f/6//1/2fc/2//obdB/z9M/38w9P/jJtP/rx0Z/LD+f/b9v+f/6//1/2wytef/5+5/UdzSyf4HAACAHuTuf3HcMrL/9/yb+QAAAMChyt3/krjF1/8BAABg9rI6y93/0rilk/2v/9f/6//1/57/P/z6Y/3/dae9P/3/tOj/x02m/9+B/l//P+f3r//X/7Pd1Pr/3P0vi1s62f8AAADQg9z9F8ct9j8AAAA0I3f/y+MW+x8AAACakbv/FXFLJ/t/uP8/9d/r/3dH/7/5/ev/h398rKr/z7+j/n+0/3+w5//3Sf8/7uD7/6P6/81/f/3/Pjrs9994/39s2efr/xkytf4/d/8lcUsn+x8AAAB6kLv/lXGL/Q8AAADNyN3/qrjF/gcAAIBm5O5/ddzSyf73/H/9v/5/fv2/5/+fdJjP/18ceP9/RP+/S/r/cZ7/v4T+X/+v//f8f1Zqav1/7v5L45ZO9j8AAAD04NK7Fhu7/zWLhf0PAAAAc3T6nx3Y+gdKQ+7+18Yt9j8AAAA0I3f/6+KWTva//l//r//X/+v/h19/Wv2/5//vlv5/nP5/Cf3/fvTzRxrr/y/b6fOn0P9fqP9nYjb1/zec+vhh9f+5+18ft3Sy/wEAAKAHufvfELfY/wAAANCM3P1vjFvsfwAAAGhG7v43xS2d7P997/+P7fza+n/9v/5f/6//1/+vmv5/nP5/Cf2/5/97/r/+n5U61f9v/vnwsPr/3P1vjls62f8AAADQg9z9b4lb7H8AAABoRu7+y+IW+x8AAACakbv/rXFLJ/vf8//1//p//b/+f/j19f/zpP8fp/9fQv+v/9f/6/9ZqU3P/z/NYfX/ufsvj1s62f8AAADQg9z9V8Qt9j8AAAA0I3f/2+IW+x8AAACakbv/7XFLJ/tf/7+//X9+XP+v/1/o//X/+v8D0W3/vzb0K9F2O/T/Nz/q+EM3f0T/r//X/+v/9f+swCT6/xOn/u0yd/874pZO9j8AAAD0IHf/O+MW+x8AAACakbv/XXGL/Q8AAADNyN3/7rhlj/v/Pit9VwdH/+/5//p//b/+f/j19f/z1G3/v0ue/7+E/l//r//X/7NSk+j/T/vr3P3viVt8/R8AAACakbv/vXGL/Q8AAADNyN3/vrjF/gcAAIBm5O5/f9zSyf7X/+v/9f/6f/3/8Oufaf+/vhim/z8Y+v9x+v8l9P/6f/2//p+Vmlr/n7v/yrilk/0PAAAAPcjd/4G4xf4HAACAZuTu/2DcYv8DAABAM3L3fyhu6WT/6//1//p//b/+f/j1Pf9/nvT/4/T/i8XiqpE3MNT/nziq/9f/6//1/5yhqfX/ufs/HLd0sv8BAACgB7n7r4pb7H8AAABoRu7+q+MW+x8AAACakbv/I3FLJ/tf/6//1//r//X/w6+v/58n/f84/f8Snv+v/9f/6/9Zqan1/7n7r4lbOtn/AAAA0IPc/dfGLfY/AAAANCN3/0fjFvsfAAAAmpG7/7q4pZP9r//X/+v/9f/70v8f1/9vpf8/GPvX/y/0//p//f8S+n/9v/6frQ6q/787fr5f1v/n7v9Y3NLJ/gcAAIAe5O6/Pm6x/wEAAKAZufs/HrfY/wAAANCM3P2fiFs62f/6f/2//l//7/n/w6+v/58nz/8fp/9fQv+v/9f/6/9ZqYPq/3fq/bf+de7+T8Ytnex/AAAA6EHu/hviFvsfAAAAmpG7/8a4xf4HAACAZuTu/1Tc0sn+1//r/zf3/4uF/l//r/8/6QD6//WF/n/l9P/j9P9L6P/b7P//Z9FQ/39sx8/X/zNFU+v/c/d/Om7pZP8DAABAD3L3fyZusf8BAACgGbn7Pxu32P8AAADQjNz9n4tbWtr/9+ycvs2//z+65RP1/4vF4rYLPP9f/z/y+vr/yfT/9U9V/786+v9x+v8l9P9t9v+e/6//59BMrf/P3f/5uKWl/Q8AAACdy93/hbjF/gcAAIBm5O7/Ytxi/wMAAEAzcvd/KW7pZP/Pv//f+on6/8VZPf9f/7/xAf2//l//P1tn299fvh6/pun/9f/6/8F+fm2Hf+9Z6P/1//p/Bkyt/8/d/+W4pZP9DwAAAD3I3X9T3GL/AwAAQDNy998ct9j/AAAA0Izc/V+JWzrZ//p//b/+f579/7r+X/+v/x80lef/n3feQ27R/+v/W+z/x+j/9f/6f7aaWv+fu/+rcUsn+x8AAAB6kLv/a3GL/Q8AAADNyN3/9bjF/gcAAIBm5O7/RtzSyf7f3v+fszhZqJ401P9Ho6b/P43+f/P71/8P//jw/H/9v/5//02l//f8/zN7//p//f+c3/+e+v/7b/98/T8tmlr/n7v/lrilk/0PAAAAPcjd/824xf4HAACAZuTu/1bcYv8DAABAM3L33xq3dLL/Pf9f/6//1//r/4dfX/8/T/r/cfr/JfT/Z9/P58+q+v/5Pv//f/X/rM7U+v/c/d+OWzaG3wP+/wz/ZwIAAAATkrv/O3FLJ1//BwAAgB7k7v9u3GL/AwAAQDNy938vbulk/+v/9f/6f/2//n/49fX/86T/H6f/X6Kf/n996IOH3c+frcN+/830/57/zwpNrf/P3f/9uKWT/Q8AAABtu2vj29z9P4hb7H8AAABoRu7+H8Yt9j8AAAA0I3f/bXFLJ/tf/6//b7//f4T+f8vr6//1/y3T/+ev6MP0/0v00/8POux+fu7vX/+v/2e7qfX/uftvj1s62f8AAADQg9z9P4pb7H8AAABoRu7+H8ct9j8AAAA0I3f/T+KWTva//r+v/n9t0WP/7/n/+n/9f0/m0/9fcWToo57/r//X/8/3/ev/9f9sN7X+P3f/HWtHutz/AAAAMFcPe+Cjb9/t971j49v1xU/jFvsfAAAAmpG7/2dxi/0PAAAAzcjd//O4pZP9r//vq//v8/n/+n/9v/6/J/Pp/4fp//X/+v/5vn/9v/6f7abW/+fu/0XcctrwG/w/6AEAAAAOz//t7bvn7v9l3NLJ1/8BAACgB7n7fxW3bNv/J3b5p9oBAACAqcnd/+u4pZOv/+v/J97/L/ap/4/vp/8/Sf+v/x96ff3/POn/x51l/39iTf+v/x+h/9f/6//Zamr9f+7+669ZdLn/AQAAoFGbfkfhNxvfri9+G7fY/wAAANCM3P2/i1vsfwAAAGhG7v7fxy2d7H/9/8T7/zN6/v+x+k+e/995/3/x+uDr6//1/y3T/4/z/P8l9P/6f/2//p+V2kP/vzFI97v/z93/h7ilk/0PAAAAPcjd/8e4xf4HAACAZuTu/1PcYv8DAABAM3L3/zlu6WT/6/8Pof+/5Ohisa/9/y6e/6//76P/3+H12+n/73vu8Zse/sirr9T/c8pB9v/5Y0H/r//X/5+k/9f/6//ZamrP/8/d/5e4pZP9DwAAAD3I3X9n3GL/AwAAQDNy9/81brl3/994WO8KAAAAWKXc/X+LWzr5+r/+v8Xn/8+z/89/1ofQ/x+fX/+fTXHv/b/n/+v/t/P8/3H6/yX0//p//b/+n5WaWv+fu//vcUsn+x8AAAB6kLv/H3FL7v+1Pf/WPQAAADAxufv/Gbf4+j8AAAA0I3f/XXFLJ/tf/6//n0r/nzz//9Tnef7/Sfp//f9e6P/H6f+X0P/r//X/+n9Wamr9f+7+f8Utnex/AAAA6EHu/rvjFvsfAAAAmpG7/99xi/0PAAAAzcjd/5+4pZP9r//X/+v/9f/6/+HX1//Pk/5/nP5/Cf2//l//r/9npabW/+fu/28AAAD//xDQcaQ=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r1 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4142, 0x1f7) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) sendfile(r1, r2, 0x0, 0x20fffe82) pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) 1.316395731s ago: executing program 2 (id=356): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000080)={0xfffffffc, 0xb, 0xb86026a, 0xfffffffc, 0x7f, "db8f2d2b3b7596160c6981acf8805944823a7f"}) write$binfmt_aout(r0, &(0x7f0000000300)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000001c0)={0x0, 0x0, 0x6, 0x0, 0x18, "00000000000700000000fffe00"}) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000040)={0x6c2, 0x4, 0x0, 0x1, 0x4, "eced0ecfb3d7c67a8adb80ed823b544a7eba70"}) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000240)=0x1) 1.220491725s ago: executing program 4 (id=357): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000080)={0x200001fe0000, 0x3}) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x4, 0x9000, 0x2000, &(0x7f0000ffc000/0x2000)=nil, 0x0, r2}) close_range(r2, 0xffffffffffffffff, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f0000000340)={0x9000, 0x12000}) 1.186308981s ago: executing program 5 (id=358): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0), 0x200, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937e, &(0x7f00000019c0)={{0x1, 0x1, 0x1018, r0}, './file1\x00'}) 1.013672191s ago: executing program 5 (id=359): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = semget$private(0x0, 0x4000000009, 0x0) semop(r1, &(0x7f0000000100)=[{0x0, 0xec7b, 0x1000}], 0x1) semop(r1, &(0x7f0000000000)=[{0x0, 0xffff}], 0x1) semop(r1, &(0x7f0000000080)=[{0x0, 0x4}], 0x1) 945.017181ms ago: executing program 4 (id=360): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x101e01, 0x0) mkdir(&(0x7f0000000080)='./file1\x00', 0x8) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000140)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x5ae1, 0x9ee, 0x7ac, 0x3, 0x2, 0xcd, 0xfffffffffffffffc, 0x7}) 799.637588ms ago: executing program 4 (id=361): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$can_j1939(r1, &(0x7f00000000c0)={0x1d, r2}, 0x18) connect$can_j1939(r1, &(0x7f0000000140)={0x1d, r2, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0x2}, 0x18) sendmmsg(r1, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000000100), 0x1}}], 0x4000253, 0x44) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848160000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x80054) 523.821532ms ago: executing program 4 (id=362): sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000), 0x20000328) getsockopt$inet_tcp_buf(r0, 0x6, 0xb, 0x0, &(0x7f0000000400)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, r0, 0x0) 364.255436ms ago: executing program 1 (id=363): r0 = socket$nl_route(0x10, 0x3, 0x0) fstat(r0, &(0x7f00000003c0)) r1 = socket$kcm(0x2, 0x5, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r3) recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r1, 0x84, 0x7b, &(0x7f0000000000)=r4, 0x8) 302.147219ms ago: executing program 2 (id=364): r0 = fsopen(&(0x7f0000000040)='sysfs\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0xc1000c42) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x181) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) close(r0) 225.523748ms ago: executing program 1 (id=365): bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x63) write$P9_RLERRORu(r0, &(0x7f0000000300)=ANY=[@ANYRESHEX], 0x10) write$9p(r0, &(0x7f0000000380)="e927", 0x2) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x5], 0x0, 0x0, 0x1, 0x1}}, 0x40) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x10012, r0, 0x0) 204.309307ms ago: executing program 4 (id=366): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) r1 = socket$packet(0x11, 0x3, 0x300) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) 196.509137ms ago: executing program 3 (id=367): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x8, 0x0, 0x7fff7fff}]}) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket(0xa, 0x5, 0x0) connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10) ptrace(0x10, r0) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0xffffffffffffffa8, &(0x7f0000000040)={0x1}) 104.112156ms ago: executing program 2 (id=368): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) read$FUSE(r2, &(0x7f0000009780)={0x2020}, 0x2020) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) 0s ago: executing program 5 (id=369): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1, 0x8}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=@newtfilter={0x64, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {}, {0x10, 0x10}}, [@filter_kind_options=@f_flow={{0x9}, {0x34, 0x2, [@TCA_FLOW_EMATCHES={0x30, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xff}}, @TCA_EMATCH_TREE_LIST={0x24, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x10, 0x1, 0x0, 0x0, {{0xe6a7}, "fe"}}, @TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0xd12b, 0x8, 0x8}, {0x1, 0x5, 0x1}}}]}]}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x20048084}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.35' (ED25519) to the list of known hosts. [ 78.101957][ T5825] cgroup: Unknown subsys name 'net' [ 78.255352][ T5825] cgroup: Unknown subsys name 'cpuset' [ 78.264474][ T5825] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 79.914733][ T5825] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 82.215502][ T5850] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 82.226070][ T5850] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 82.235910][ T5850] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 82.245266][ T5850] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 82.252924][ T5850] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 82.260775][ T5850] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 82.268761][ T5850] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 82.277194][ T5850] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 82.279681][ T5856] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 82.289848][ T5850] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 82.293148][ T5856] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 82.304407][ T5850] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 82.307599][ T5856] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 82.320019][ T5850] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 82.325795][ T5856] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 82.335121][ T5850] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 82.335383][ T5856] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 82.353023][ T5856] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 82.361804][ T5859] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 82.370377][ T5859] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 82.377674][ T5856] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 82.385274][ T5859] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 82.393449][ T5856] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 82.401812][ T5859] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 82.414428][ T5856] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 83.053767][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 83.142497][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 83.304549][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 83.442096][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.449977][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.457333][ T5840] bridge_slave_0: entered allmulticast mode [ 83.465754][ T5840] bridge_slave_0: entered promiscuous mode [ 83.475458][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 83.501197][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 83.513898][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.521481][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.528893][ T5839] bridge_slave_0: entered allmulticast mode [ 83.536856][ T5839] bridge_slave_0: entered promiscuous mode [ 83.546121][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.553901][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.561235][ T5840] bridge_slave_1: entered allmulticast mode [ 83.568974][ T5840] bridge_slave_1: entered promiscuous mode [ 83.598953][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.606367][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.615791][ T5839] bridge_slave_1: entered allmulticast mode [ 83.623746][ T5839] bridge_slave_1: entered promiscuous mode [ 83.737075][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.773179][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.793293][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.825584][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.908295][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.915660][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.924013][ T5847] bridge_slave_0: entered allmulticast mode [ 83.931991][ T5847] bridge_slave_0: entered promiscuous mode [ 83.976639][ T5840] team0: Port device team_slave_0 added [ 83.983211][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.990755][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.998227][ T5847] bridge_slave_1: entered allmulticast mode [ 84.006424][ T5847] bridge_slave_1: entered promiscuous mode [ 84.030333][ T5839] team0: Port device team_slave_0 added [ 84.052149][ T5840] team0: Port device team_slave_1 added [ 84.092647][ T5839] team0: Port device team_slave_1 added [ 84.098594][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.106415][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.113933][ T5838] bridge_slave_0: entered allmulticast mode [ 84.122189][ T5838] bridge_slave_0: entered promiscuous mode [ 84.156363][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.164428][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.172440][ T5837] bridge_slave_0: entered allmulticast mode [ 84.180187][ T5837] bridge_slave_0: entered promiscuous mode [ 84.202065][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.209447][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.216813][ T5838] bridge_slave_1: entered allmulticast mode [ 84.224696][ T5838] bridge_slave_1: entered promiscuous mode [ 84.253435][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.262944][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.270249][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.277797][ T5837] bridge_slave_1: entered allmulticast mode [ 84.285867][ T5837] bridge_slave_1: entered promiscuous mode [ 84.319705][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.326954][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.352961][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.368590][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.391760][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.398752][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.425924][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.426101][ T5854] Bluetooth: hci3: command tx timeout [ 84.456924][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.463925][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.490293][ T5852] Bluetooth: hci0: command tx timeout [ 84.490907][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.496951][ T5854] Bluetooth: hci4: command tx timeout [ 84.506662][ T5859] Bluetooth: hci1: command tx timeout [ 84.514399][ T5852] Bluetooth: hci2: command tx timeout [ 84.552770][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.559748][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.585874][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.603345][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.643350][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.664565][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.692500][ T5847] team0: Port device team_slave_0 added [ 84.702192][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.757197][ T5847] team0: Port device team_slave_1 added [ 84.780777][ T5837] team0: Port device team_slave_0 added [ 84.803764][ T5838] team0: Port device team_slave_0 added [ 84.839182][ T5837] team0: Port device team_slave_1 added [ 84.852617][ T5840] hsr_slave_0: entered promiscuous mode [ 84.859681][ T5840] hsr_slave_1: entered promiscuous mode [ 84.870023][ T5838] team0: Port device team_slave_1 added [ 84.958632][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.965770][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.992247][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.010997][ T5839] hsr_slave_0: entered promiscuous mode [ 85.018079][ T5839] hsr_slave_1: entered promiscuous mode [ 85.025471][ T5839] debugfs: 'hsr0' already exists in 'hsr' [ 85.031364][ T5839] Cannot create hsr debugfs directory [ 85.040673][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.047726][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.073823][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.086574][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.093610][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.119879][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.139404][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.146581][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.172592][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.208333][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.215390][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.241423][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.254203][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.261217][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.287436][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.493301][ T5847] hsr_slave_0: entered promiscuous mode [ 85.500170][ T5847] hsr_slave_1: entered promiscuous mode [ 85.507186][ T5847] debugfs: 'hsr0' already exists in 'hsr' [ 85.512992][ T5847] Cannot create hsr debugfs directory [ 85.610954][ T5837] hsr_slave_0: entered promiscuous mode [ 85.617970][ T5837] hsr_slave_1: entered promiscuous mode [ 85.624972][ T5837] debugfs: 'hsr0' already exists in 'hsr' [ 85.630764][ T5837] Cannot create hsr debugfs directory [ 85.642884][ T5838] hsr_slave_0: entered promiscuous mode [ 85.649773][ T5838] hsr_slave_1: entered promiscuous mode [ 85.656635][ T5838] debugfs: 'hsr0' already exists in 'hsr' [ 85.662425][ T5838] Cannot create hsr debugfs directory [ 86.228691][ T5840] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 86.243698][ T5840] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 86.265216][ T5840] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 86.289326][ T5840] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 86.368026][ T5839] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 86.383012][ T5839] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 86.399236][ T5839] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 86.440243][ T5839] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 86.483140][ T5854] Bluetooth: hci3: command tx timeout [ 86.544416][ T5847] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 86.562080][ T5852] Bluetooth: hci2: command tx timeout [ 86.563069][ T5859] Bluetooth: hci1: command tx timeout [ 86.567963][ T5854] Bluetooth: hci4: command tx timeout [ 86.572970][ T5856] Bluetooth: hci0: command tx timeout [ 86.588418][ T5847] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 86.603740][ T5847] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 86.616523][ T5847] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 86.848289][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.867780][ T5838] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 86.905082][ T5838] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 86.939252][ T5838] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 86.984121][ T5838] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 87.069446][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.105785][ T5837] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 87.129883][ T5837] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 87.144173][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.151738][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.170908][ T5837] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 87.182525][ T5837] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 87.214129][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.221426][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.252366][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.379841][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.392583][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.419708][ T5840] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 87.431073][ T5840] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 87.467513][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.474741][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.543906][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.551622][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.598184][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.618988][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.653903][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.661210][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.724836][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.732113][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.783350][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.828211][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.835424][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.900110][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.920598][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.927870][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.955801][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.029484][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.106825][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.114070][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.157385][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.164744][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.388813][ T5840] veth0_vlan: entered promiscuous mode [ 88.476904][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.502593][ T5840] veth1_vlan: entered promiscuous mode [ 88.563128][ T5854] Bluetooth: hci3: command tx timeout [ 88.577753][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.643809][ T5852] Bluetooth: hci2: command tx timeout [ 88.643841][ T5856] Bluetooth: hci0: command tx timeout [ 88.649371][ T5854] Bluetooth: hci4: command tx timeout [ 88.661464][ T5859] Bluetooth: hci1: command tx timeout [ 88.799677][ T5840] veth0_macvtap: entered promiscuous mode [ 88.837431][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.854003][ T5839] veth0_vlan: entered promiscuous mode [ 88.870416][ T5840] veth1_macvtap: entered promiscuous mode [ 88.916364][ T5839] veth1_vlan: entered promiscuous mode [ 88.978058][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.994865][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.004895][ T5847] veth0_vlan: entered promiscuous mode [ 89.030675][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.100729][ T5847] veth1_vlan: entered promiscuous mode [ 89.123768][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.133412][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.164684][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.175247][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.193923][ T5838] veth0_vlan: entered promiscuous mode [ 89.275251][ T5839] veth0_macvtap: entered promiscuous mode [ 89.316030][ T5838] veth1_vlan: entered promiscuous mode [ 89.327464][ T5839] veth1_macvtap: entered promiscuous mode [ 89.458225][ T5847] veth0_macvtap: entered promiscuous mode [ 89.470913][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.482051][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.520387][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.534212][ T5847] veth1_macvtap: entered promiscuous mode [ 89.581836][ T5838] veth0_macvtap: entered promiscuous mode [ 89.597368][ T5838] veth1_macvtap: entered promiscuous mode [ 89.610444][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.633344][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.641696][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.672501][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.684324][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.712303][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.727949][ T5837] veth0_vlan: entered promiscuous mode [ 89.746246][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.768546][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.793695][ T5840] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 89.823173][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.835790][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.867443][ T5837] veth1_vlan: entered promiscuous mode [ 89.891958][ T49] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.901918][ T49] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.917516][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.960160][ T49] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.977837][ T49] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.035530][ T49] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.045066][ T49] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.074126][ T49] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.083568][ T49] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.100548][ T1175] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.110940][ T1175] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.219015][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.235892][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.258159][ T5837] veth0_macvtap: entered promiscuous mode [ 90.292716][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.311307][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.328594][ T5837] veth1_macvtap: entered promiscuous mode [ 90.416031][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.445558][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.467188][ T112] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.476866][ T112] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.536774][ T1175] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.562249][ T1175] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.569723][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.609865][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.643006][ T5856] Bluetooth: hci3: command tx timeout [ 90.668147][ T1175] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.704524][ T1175] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.723239][ T5856] Bluetooth: hci1: command tx timeout [ 90.723322][ T5859] Bluetooth: hci4: command tx timeout [ 90.728721][ T5856] Bluetooth: hci2: command tx timeout [ 90.735066][ T5854] Bluetooth: hci0: command tx timeout [ 90.760030][ T1175] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.796574][ T1175] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.240549][ T5982] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 91.310999][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.335584][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.359801][ T5986] Bluetooth: MGMT ver 1.23 [ 91.415096][ T5854] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 91.423705][ T5982] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 91.562960][ T24] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0 [ 91.585155][ T24] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0 [ 91.612062][ T24] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0 [ 91.639737][ T24] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0 [ 91.665794][ T24] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0 [ 91.694224][ T24] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0 [ 91.717778][ T24] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0 [ 91.746507][ T24] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0 [ 91.759355][ T24] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0 [ 91.768734][ T24] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0 [ 91.812289][ T807] cfg80211: failed to load regulatory.db [ 91.840467][ T24] hid-generic 0006:0004:0009.0001: hidraw0: VIRTUAL HID v0.04 Device [syz1] on syz0 [ 91.938986][ T5994] loop0: detected capacity change from 0 to 4096 [ 92.112115][ T6002] fido_id[6002]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 92.126326][ T5994] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 92.217928][ T5994] ntfs3(loop0): Failed to load $Extend (-22). [ 92.251771][ T5994] ntfs3(loop0): Failed to initialize $Extend. [ 92.792398][ T5908] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 93.020395][ T5908] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 93.056995][ T112] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.071701][ T5908] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 93.089203][ T5908] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 93.130442][ T5908] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.185526][ T5908] usb 2-1: config 0 descriptor?? [ 93.355761][ T112] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.441956][ T5859] Bluetooth: hci0: command 0x0401 tx timeout [ 93.448900][ T5854] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 93.502102][ T112] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.637797][ T6037] loop2: detected capacity change from 0 to 512 [ 93.660364][ T112] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.679391][ T6037] EXT4-fs: Ignoring removed oldalloc option [ 93.853549][ T5908] usb 2-1: string descriptor 0 read error: -22 [ 93.864580][ T6037] EXT4-fs (loop2): 1 truncate cleaned up [ 93.904334][ T6037] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.930826][ T5859] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 93.959400][ T5859] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 93.969502][ T5859] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 93.985938][ T5859] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 93.996007][ T5859] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 94.067260][ T5908] uclogic 0003:256C:006D.0002: failed retrieving string descriptor #200: -71 [ 94.149544][ T5908] uclogic 0003:256C:006D.0002: failed retrieving pen parameters: -71 [ 94.187537][ T5908] uclogic 0003:256C:006D.0002: failed probing pen v2 parameters: -71 [ 94.225988][ T5908] uclogic 0003:256C:006D.0002: failed probing parameters: -71 [ 94.246482][ T6055] loop0: detected capacity change from 0 to 256 [ 94.266855][ T5908] uclogic 0003:256C:006D.0002: probe with driver uclogic failed with error -71 [ 94.304673][ T6055] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 94.346967][ T5908] usb 2-1: USB disconnect, device number 2 [ 94.403770][ T6055] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 94.668396][ T112] bridge_slave_1: left allmulticast mode [ 94.700852][ T112] bridge_slave_1: left promiscuous mode [ 94.721831][ T112] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.821228][ T29] audit: type=1804 audit(1773920998.354:2): pid=6053 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.20" name="/newroot/7/file1/file1" dev="loop2" ino=15 res=1 errno=0 [ 94.864852][ T112] bridge_slave_0: left allmulticast mode [ 94.887006][ T112] bridge_slave_0: left promiscuous mode [ 94.920395][ T29] audit: type=1804 audit(1773920998.414:3): pid=6057 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.20" name="/newroot/7/file1/file1" dev="loop2" ino=15 res=1 errno=0 [ 94.920446][ T112] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.239137][ T5840] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.521683][ T5854] Bluetooth: hci0: command 0x0401 tx timeout [ 95.627898][ T6091] ======================================================= [ 95.627898][ T6091] WARNING: The mand mount option has been deprecated and [ 95.627898][ T6091] and is ignored by this kernel. Remove the mand [ 95.627898][ T6091] option from the mount to silence this warning. [ 95.627898][ T6091] ======================================================= [ 95.881864][ T112] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 95.914876][ T112] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 95.936476][ T112] bond0 (unregistering): Released all slaves [ 96.089508][ T5854] Bluetooth: hci1: command tx timeout [ 96.971773][ T112] hsr_slave_0: left promiscuous mode [ 96.998912][ T112] hsr_slave_1: left promiscuous mode [ 97.029833][ T112] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 97.067007][ T112] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 97.103227][ T112] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 97.128267][ T112] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 97.141068][ T6128] loop3: detected capacity change from 0 to 128 [ 97.214460][ T112] veth1_macvtap: left promiscuous mode [ 97.225073][ T6128] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 97.252634][ T6128] hpfs: filesystem error: improperly stopped [ 97.252716][ T112] veth0_macvtap: left promiscuous mode [ 97.297763][ T6128] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 97.303909][ T112] veth1_vlan: left promiscuous mode [ 97.337744][ T6128] hpfs: You really don't want any checks? You are crazy... [ 97.338518][ T112] veth0_vlan: left promiscuous mode [ 97.371422][ T6128] hpfs: hpfs_map_sector(): read error [ 97.393186][ T6128] hpfs: code page support is disabled [ 97.413579][ T6128] hpfs: hpfs_map_4sectors(): unaligned read [ 97.434439][ T6128] hpfs: hpfs_map_4sectors(): unaligned read [ 97.458639][ T6128] hpfs: filesystem error: unable to find root dir [ 97.519958][ T6128] hpfs: hpfs_map_4sectors(): unaligned read [ 97.534581][ T807] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 97.557765][ T6128] hpfs: hpfs_map_sector(): read error [ 97.595958][ T6128] hpfs: hpfs_map_4sectors(): unaligned read [ 97.618243][ T6128] hpfs: hpfs_map_sector(): read error [ 97.634909][ T6128] hpfs: hpfs_map_4sectors(): unaligned read [ 97.660381][ T6128] hpfs: hpfs_map_sector(): read error [ 97.721934][ T807] usb 3-1: Using ep0 maxpacket: 8 [ 97.753568][ T807] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 97.787487][ T807] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 97.806606][ T807] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 97.836696][ T807] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 97.896073][ T807] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 97.929224][ T807] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.959224][ T6123] loop1: detected capacity change from 0 to 32768 [ 98.034449][ T6123] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.39 (6123) [ 98.162081][ T5854] Bluetooth: hci1: command tx timeout [ 98.173440][ T6123] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 98.197589][ T807] usb 3-1: GET_CAPABILITIES returned 0 [ 98.205424][ T6123] BTRFS info (device loop1): using crc32c checksum algorithm [ 98.217840][ T807] usbtmc 3-1:16.0: can't read capabilities [ 98.227567][ T6123] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 98.427608][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 98.442936][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 98.452100][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 98.461207][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 98.470329][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 98.482576][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 98.491720][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 98.506217][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 98.515387][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 98.524492][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 98.533608][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 98.544248][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 98.553373][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 98.562476][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 98.571559][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 98.584434][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -2 [ 98.603388][ T5908] usb 3-1: USB disconnect, device number 2 [ 98.708697][ T6123] BTRFS info (device loop1): rebuilding free space tree [ 98.722178][ T1664] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 98.837825][ T6123] BTRFS info (device loop1): disabling free space tree [ 98.847343][ T6123] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 98.848565][ T112] team0 (unregistering): Port device team_slave_1 removed [ 98.860753][ T6123] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 98.894507][ T6123] BTRFS info (device loop1): enabling ssd optimizations [ 98.901881][ T1664] usb 1-1: Using ep0 maxpacket: 32 [ 98.919408][ T1664] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 98.932749][ T1664] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 98.937242][ T6123] BTRFS info (device loop1): turning off barriers [ 98.956872][ T1664] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 98.987686][ T6123] BTRFS info (device loop1): enabling disk space caching [ 98.992554][ T112] team0 (unregistering): Port device team_slave_0 removed [ 99.021237][ T1664] usb 1-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 99.030572][ T6123] BTRFS info (device loop1): force clearing of disk cache [ 99.047792][ T1664] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.048558][ T6123] BTRFS info (device loop1): force lzo compression, level 1 [ 99.082133][ T6123] BTRFS info (device loop1): max_inline set to 0 [ 99.097363][ T1664] usb 1-1: config 0 descriptor?? [ 99.552506][ T6169] loop3: detected capacity change from 0 to 128 [ 99.573841][ T6169] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 99.593884][ T6169] hpfs: filesystem error: improperly stopped [ 99.613387][ T6169] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 99.622039][ T6169] hpfs: You really don't want any checks? You are crazy... [ 99.638775][ T6169] hpfs: hpfs_map_sector(): read error [ 99.658037][ T6169] hpfs: code page support is disabled [ 99.676249][ T6169] hpfs: hpfs_map_4sectors(): unaligned read [ 99.691022][ T6169] hpfs: hpfs_map_4sectors(): unaligned read [ 99.716910][ T1664] input: HID 0458:5011 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5011.0003/input/input5 [ 99.730269][ T6169] hpfs: filesystem error: unable to find root dir [ 99.766197][ T6169] hpfs: hpfs_map_4sectors(): unaligned read [ 99.801054][ T6169] hpfs: hpfs_map_sector(): read error [ 99.830334][ T6169] hpfs: hpfs_map_4sectors(): unaligned read [ 99.853591][ T6169] hpfs: hpfs_map_sector(): read error [ 99.948115][ T1664] input: HID 0458:5011 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5011.0003/input/input6 [ 100.117564][ T6045] chnl_net:caif_netlink_parms(): no params data found [ 100.132987][ T5847] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 100.241374][ T5854] Bluetooth: hci1: command tx timeout [ 100.270117][ T1664] kye 0003:0458:5011.0003: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.0-1/input0 [ 100.452865][ C1] kye 0003:0458:5011.0003: Event data for report 17 was too short (7 vs 0) [ 100.890045][ C1] kye 0003:0458:5011.0003: usb_submit_urb(ctrl) failed: -1 [ 101.130508][ T6173] loop2: detected capacity change from 0 to 32768 [ 101.169883][ T6173] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.50 (6173) [ 101.243416][ T6173] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 101.268340][ T6045] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.280087][ T6173] BTRFS info (device loop2): using crc32c checksum algorithm [ 101.288317][ T6045] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.307386][ T6045] bridge_slave_0: entered allmulticast mode [ 101.333374][ T6045] bridge_slave_0: entered promiscuous mode [ 101.379718][ T6045] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.393211][ T6045] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.403890][ T6045] bridge_slave_1: entered allmulticast mode [ 101.413424][ T6045] bridge_slave_1: entered promiscuous mode [ 101.576920][ T6173] BTRFS info (device loop2): enabling ssd optimizations [ 101.611264][ T6173] BTRFS info (device loop2): turning on flush-on-commit [ 101.622219][ T6173] BTRFS info (device loop2): enabling free space tree [ 101.639538][ T6173] BTRFS info (device loop2): enabling auto defrag [ 101.666090][ T6173] BTRFS info (device loop2): use lzo compression, level 1 [ 101.693939][ T6173] BTRFS info (device loop2): max_inline set to 4096 [ 101.773547][ T1664] usb 1-1: USB disconnect, device number 2 [ 101.786602][ T6045] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.870831][ T6045] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.303293][ T6045] team0: Port device team_slave_0 added [ 102.321367][ T5854] Bluetooth: hci1: command tx timeout [ 102.356981][ T6045] team0: Port device team_slave_1 added [ 102.376026][ T5840] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 103.209714][ T6045] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.238399][ T6045] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 103.305649][ T6045] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.460355][ T6045] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.491333][ T6045] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 103.636187][ T6045] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.706537][ T6253] Zero length message leads to an empty skb [ 104.261360][ T1664] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 104.373186][ T6045] hsr_slave_0: entered promiscuous mode [ 104.401280][ T6045] hsr_slave_1: entered promiscuous mode [ 104.427251][ T6045] debugfs: 'hsr0' already exists in 'hsr' [ 104.443638][ T6045] Cannot create hsr debugfs directory [ 104.467378][ T1664] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 104.527985][ T1664] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 104.556049][ T1664] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 104.586911][ T1664] usb 3-1: Product: syz [ 104.600932][ T1664] usb 3-1: Manufacturer: syz [ 104.630104][ T1664] usb 3-1: SerialNumber: syz [ 104.934569][ T1664] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 105.018452][ T6286] trusted_key: syz.0.66 sent an empty control message without MSG_MORE. [ 106.723959][ C1] usblp0: nonzero write bulk status received: -71 [ 106.732415][ T1664] usb 3-1: USB disconnect, device number 3 [ 106.758028][ T1664] usblp0: removed [ 106.994268][ T6045] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 107.055516][ T6045] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 107.097378][ T6045] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 107.144255][ T6045] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 107.560336][ T6045] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.676834][ T6045] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.772977][ T6157] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.780215][ T6157] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.847815][ T6157] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.855083][ T6157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.925534][ T6312] loop1: detected capacity change from 0 to 40427 [ 107.980594][ T6312] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 108.003037][ T6312] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 108.070502][ T6312] F2FS-fs (loop1): invalid crc value [ 108.462903][ T6312] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 108.504735][ T6312] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 108.536727][ T6312] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 108.742765][ T6045] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.751392][ T6157] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.102838][ T6157] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.290204][ T6157] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.290765][ T6389] kvm: user requested TSC rate below hardware speed [ 110.420552][ T5859] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 110.437427][ T5859] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 110.449334][ T5859] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 110.464954][ T5859] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 110.474832][ T5859] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 110.605911][ T6157] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.758862][ T6045] veth0_vlan: entered promiscuous mode [ 110.847014][ T6407] netlink: 'syz.1.89': attribute type 1 has an invalid length. [ 110.919185][ T6045] veth1_vlan: entered promiscuous mode [ 111.224055][ T6157] bridge_slave_1: left allmulticast mode [ 111.240870][ T6157] bridge_slave_1: left promiscuous mode [ 111.251738][ T6157] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.279646][ T6157] bridge_slave_0: left allmulticast mode [ 111.305582][ T6157] bridge_slave_0: left promiscuous mode [ 111.330140][ T6157] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.818124][ T6157] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 111.842931][ T6157] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 111.864516][ T6157] bond0 (unregistering): Released all slaves [ 111.922632][ T1664] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 112.096300][ T1664] usb 3-1: Using ep0 maxpacket: 32 [ 112.143366][ T1664] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 112.185087][ T1664] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.235653][ T1664] usb 3-1: Product: syz [ 112.256872][ T1664] usb 3-1: Manufacturer: syz [ 112.287018][ T1664] usb 3-1: SerialNumber: syz [ 112.347519][ T1664] usb 3-1: config 0 descriptor?? [ 112.379335][ T6395] chnl_net:caif_netlink_parms(): no params data found [ 112.422683][ T6435] loop3: detected capacity change from 0 to 32768 [ 112.433722][ T1664] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 112.443405][ T6435] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.98 (6435) [ 112.471835][ T6435] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 112.485165][ T6435] BTRFS info (device loop3): using crc32c checksum algorithm [ 112.546584][ T6045] veth0_macvtap: entered promiscuous mode [ 112.564100][ T5859] Bluetooth: hci2: command tx timeout [ 112.605039][ T6045] veth1_macvtap: entered promiscuous mode [ 112.650999][ T6435] BTRFS info (device loop3): setting nodatasum [ 112.657352][ T6435] BTRFS info (device loop3): setting nodatacow [ 112.663694][ T6435] BTRFS info (device loop3): turning on async discard [ 112.670497][ T6435] BTRFS info (device loop3): enabling free space tree [ 112.677372][ T6435] BTRFS info (device loop3): enabling auto defrag [ 112.683915][ T6435] BTRFS info (device loop3): max_inline set to 0 [ 112.785395][ T6435] BTRFS info (device loop3): scrub: started on devid 1 [ 112.796791][ T6435] BTRFS info (device loop3): left=0, need=98304, flags=2 [ 112.804554][ T6435] BTRFS info (device loop3): space_info SYSTEM (sub-group id 0) has 0 free, is not full [ 112.814594][ T6435] BTRFS info (device loop3): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 112.828644][ T6435] BTRFS info (device loop3): global_block_rsv: size 1441792 reserved 1441792 [ 112.837823][ T6435] BTRFS info (device loop3): trans_block_rsv: size 0 reserved 0 [ 112.845583][ T6435] BTRFS info (device loop3): chunk_block_rsv: size 0 reserved 0 [ 112.853493][ T6435] BTRFS info (device loop3): remap_block_rsv: size 0 reserved 0 [ 112.862446][ T6435] BTRFS info (device loop3): delayed_block_rsv: size 0 reserved 0 [ 112.870312][ T6435] BTRFS info (device loop3): delayed_refs_rsv: size 0 reserved 0 [ 112.918597][ T6435] BTRFS info (device loop3): scrub: finished on devid 1 with status: 0 [ 112.975814][ T6458] overlayfs: invalid origin (00000079000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 113.189571][ T5838] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 113.578954][ T6157] hsr_slave_0: left promiscuous mode [ 113.609429][ T6157] hsr_slave_1: left promiscuous mode [ 113.637252][ T6157] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 113.665346][ T6157] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 113.709089][ T6157] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 113.741302][ T6157] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 113.809113][ T6157] veth1_macvtap: left promiscuous mode [ 113.842139][ T6157] veth0_macvtap: left promiscuous mode [ 113.848149][ T6157] veth1_vlan: left promiscuous mode [ 113.859582][ T6157] veth0_vlan: left promiscuous mode [ 113.869304][ T1664] gspca_ov534_9: reg_r err -71 [ 114.151192][ T1664] gspca_ov534_9: Unknown sensor 0000 [ 114.151296][ T1664] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22 [ 114.208732][ T1664] usb 3-1: USB disconnect, device number 4 [ 114.641902][ T5859] Bluetooth: hci2: command tx timeout [ 114.683378][ T6157] team0 (unregistering): Port device team_slave_1 removed [ 114.769549][ T6157] team0 (unregistering): Port device team_slave_0 removed [ 115.109099][ T6395] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.124191][ T6395] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.142080][ T6395] bridge_slave_0: entered allmulticast mode [ 115.160749][ T6395] bridge_slave_0: entered promiscuous mode [ 115.219664][ T6395] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.239929][ T6395] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.257336][ T6395] bridge_slave_1: entered allmulticast mode [ 115.275214][ T6395] bridge_slave_1: entered promiscuous mode [ 115.380203][ T6395] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 115.412518][ T6395] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 115.511066][ T6045] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 115.636159][ T6395] team0: Port device team_slave_0 added [ 115.657762][ T6395] team0: Port device team_slave_1 added [ 115.684405][ T6510] loop2: detected capacity change from 0 to 256 [ 115.755179][ T6045] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 115.836425][ T6510] FAT-fs (loop2): Directory bread(block 64) failed [ 115.853557][ T6510] FAT-fs (loop2): Directory bread(block 65) failed [ 115.874959][ T6395] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 115.876415][ T6505] loop1: detected capacity change from 0 to 32768 [ 115.890616][ T6510] FAT-fs (loop2): Directory bread(block 66) failed [ 115.910702][ T6395] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 115.937371][ T6510] FAT-fs (loop2): Directory bread(block 67) failed [ 115.944343][ T6510] FAT-fs (loop2): Directory bread(block 68) failed [ 115.961267][ T6510] FAT-fs (loop2): Directory bread(block 69) failed [ 115.968415][ T6510] FAT-fs (loop2): Directory bread(block 70) failed [ 115.977198][ T6395] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 115.988221][ T6510] FAT-fs (loop2): Directory bread(block 71) failed [ 115.995408][ T6510] FAT-fs (loop2): Directory bread(block 72) failed [ 116.023343][ T6510] FAT-fs (loop2): Directory bread(block 73) failed [ 116.030820][ T6395] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 116.041055][ T6395] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 116.072995][ T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 116.092183][ T6395] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 116.170984][ T6505] XFS (loop1): DAX unsupported by block device. Turning off DAX. [ 116.188772][ T6505] XFS (loop1): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 116.205751][ T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.231548][ T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.262539][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 116.273177][ T9] usb 4-1: config 0 has no interfaces? [ 116.282508][ T9] usb 4-1: config 0 has no interfaces? [ 116.299508][ T9] usb 4-1: config 0 has no interfaces? [ 116.310389][ T9] usb 4-1: config 0 has no interfaces? [ 116.321198][ T9] usb 4-1: New USB device found, idVendor=046d, idProduct=08b3, bcdDevice=6d.2a [ 116.341434][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.375907][ T9] usb 4-1: config 0 descriptor?? [ 116.387400][ T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.430297][ T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.458022][ T6505] XFS (loop1): Ending clean mount [ 116.559221][ T6395] hsr_slave_0: entered promiscuous mode [ 116.571732][ T6395] hsr_slave_1: entered promiscuous mode [ 116.579036][ T6395] debugfs: 'hsr0' already exists in 'hsr' [ 116.584997][ T6395] Cannot create hsr debugfs directory [ 116.604669][ T6505] XFS (loop1): Quotacheck needed: Please wait. [ 116.722507][ T5859] Bluetooth: hci2: command tx timeout [ 116.845651][ T6505] XFS (loop1): Quotacheck: Done. [ 116.926999][ T6505] XFS (loop1): User initiated shutdown received. [ 116.953585][ T6505] XFS (loop1): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x71/0x150 (fs/xfs/xfs_fsops.c:466). Shutting down filesystem. [ 117.007369][ T6505] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 117.171834][ T5847] XFS (loop1): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 117.225962][ T5842] usb 4-1: USB disconnect, device number 2 [ 117.264390][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.282974][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.404029][ T6536] mmap: syz.2.115 (6536) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 117.473354][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.501614][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.898330][ T6395] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 117.938444][ T6395] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 117.966028][ T5842] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 118.006438][ T6395] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 118.067253][ T6395] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 118.151935][ T5842] usb 2-1: Using ep0 maxpacket: 32 [ 118.186127][ T5842] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 118.221169][ T5842] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.259316][ T5842] usb 2-1: Product: syz [ 118.281556][ T5842] usb 2-1: Manufacturer: syz [ 118.293090][ T5842] usb 2-1: SerialNumber: syz [ 118.314416][ T5842] usb 2-1: config 0 descriptor?? [ 118.346470][ T6564] netlink: 8 bytes leftover after parsing attributes in process `syz.4.120'. [ 118.390847][ T6564] netlink: 8 bytes leftover after parsing attributes in process `syz.4.120'. [ 118.611973][ T29] audit: type=1800 audit(1773921022.144:4): pid=6569 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.121" name="file1" dev="overlay" ino=42 res=0 errno=0 [ 118.766021][ T5842] airspy 2-1:0.0: Board ID: 00 [ 118.784780][ T5842] airspy 2-1:0.0: Firmware version: [ 118.806161][ T5859] Bluetooth: hci2: command tx timeout [ 118.935100][ T6578] process 'syz.4.123' launched '/dev/fd/4' with NULL argv: empty string added [ 119.214968][ T6576] loop2: detected capacity change from 0 to 32768 [ 119.250401][ T6576] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 119.258920][ T6576] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 119.337399][ T6395] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.348121][ T6576] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms [ 119.365423][ T5915] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 119.401400][ T5915] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 119.436006][ T6395] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.548685][ T112] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.556124][ T112] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.710806][ T5915] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 309ms [ 119.729899][ T5915] gfs2: fsid=syz:syz.0: jid=0: Done [ 119.752892][ T6576] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 119.785922][ T5842] airspy 2-1:0.0: usb_control_msg() failed -71 request 10 [ 119.898442][ T5842] airspy 2-1:0.0: Registered as swradio24 [ 119.900489][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.911530][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.928051][ T5842] airspy 2-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 119.987963][ T5842] usb 2-1: USB disconnect, device number 3 [ 120.312498][ T6576] gfs2: fsid=syz:syz.0: found 1 quota changes [ 121.027959][ T6395] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 121.251700][ T5915] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 121.426617][ T5915] usb 2-1: unable to get BOS descriptor or descriptor too short [ 121.466058][ T5915] usb 2-1: config 63 has an invalid interface number: 66 but max is 0 [ 121.514407][ T5915] usb 2-1: config 63 has an invalid descriptor of length 55, skipping remainder of the config [ 121.574048][ T5915] usb 2-1: config 63 has no interface number 0 [ 121.603712][ T5915] usb 2-1: config 63 interface 66 has no altsetting 0 [ 121.625877][ T5915] usb 2-1: string descriptor 0 read error: -22 [ 121.632325][ T5915] usb 2-1: New USB device found, idVendor=174f, idProduct=8acf, bcdDevice=39.f4 [ 121.652976][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.758690][ T5915] uvcvideo 2-1:63.66: Found UVC 0.07 device (174f:8acf) [ 121.774596][ T5915] uvcvideo 2-1:63.66: No valid video chain found. [ 121.882729][ T6395] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 122.002585][ T5842] usb 2-1: USB disconnect, device number 4 [ 122.074654][ T6634] loop3: detected capacity change from 0 to 2048 [ 122.133589][ T6634] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 122.815318][ T6653] kvm: emulating exchange as write [ 122.993169][ T6395] veth0_vlan: entered promiscuous mode [ 123.043852][ T6395] veth1_vlan: entered promiscuous mode [ 123.236620][ T6395] veth0_macvtap: entered promiscuous mode [ 123.284645][ T6395] veth1_macvtap: entered promiscuous mode [ 123.376735][ T6395] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 123.426818][ T6395] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 123.479874][ T1050] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.516927][ T1050] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.540086][ T1050] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.570007][ T1050] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.602463][ T6667] loop2: detected capacity change from 0 to 512 [ 123.634268][ T6667] EXT4-fs: Ignoring removed nobh option [ 123.666292][ T6667] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 123.739112][ T6673] loop4: detected capacity change from 0 to 512 [ 123.747753][ T6667] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 123.840765][ T6667] EXT4-fs (loop2): 1 truncate cleaned up [ 123.876500][ T6667] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 123.890334][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.906437][ T6673] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 123.926821][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.984060][ T6673] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 124.023766][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.040470][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.115430][ T5840] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.126683][ T6673] EXT4-fs error (device loop4): ext4_do_update_inode:5572: inode #2: comm syz.4.143: corrupted inode contents [ 124.165321][ T6673] EXT4-fs error (device loop4): ext4_dirty_inode:6453: inode #2: comm syz.4.143: mark_inode_dirty error [ 124.219383][ T6673] EXT4-fs error (device loop4): ext4_do_update_inode:5572: inode #2: comm syz.4.143: corrupted inode contents [ 124.268387][ T6680] loop5: detected capacity change from 0 to 128 [ 124.287700][ T6673] EXT4-fs error (device loop4): __ext4_ext_dirty:207: inode #2: comm syz.4.143: mark_inode_dirty error [ 124.337890][ T6680] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 124.364903][ T6673] EXT4-fs warning (device loop4): ext4_es_cache_extent:1082: inode #2: comm syz.4.143: ES cache extent failed: add [0,1,21,0x1] conflict with existing [0,8,576460752303423487,0x18] [ 124.364903][ T6673] [ 124.366251][ T6680] ext4 filesystem being mounted at /0/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 124.415685][ T6673] EXT4-fs error (device loop4): ext4_lookup:1782: inode #19: comm syz.4.143: 'file0' linked to parent dir [ 124.530627][ T6045] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.622712][ T6395] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 124.972756][ T29] audit: type=1800 audit(1773921028.504:5): pid=6634 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.134" name="file1" dev="loop3" ino=1415 res=0 errno=0 [ 125.081303][ T1664] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 125.116442][ T6699] gretap0: entered promiscuous mode [ 125.251255][ T1664] usb 5-1: Using ep0 maxpacket: 16 [ 125.279809][ T1664] usb 5-1: New USB device found, idVendor=041e, idProduct=4018, bcdDevice=ed.b4 [ 125.301040][ T1664] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.326256][ T1664] usb 5-1: Product: syz [ 125.338062][ T1664] usb 5-1: Manufacturer: syz [ 125.350884][ T1664] usb 5-1: SerialNumber: syz [ 125.404958][ T1664] usb 5-1: config 0 descriptor?? [ 125.447270][ T1664] gspca_main: spca508-2.14.0 probing 041e:4018 [ 125.665106][ T1664] gspca_spca508: reg_read err -32 [ 125.696465][ T1664] gspca_spca508: reg_read err -32 [ 125.717159][ T1664] gspca_spca508: reg_read err -32 [ 125.746293][ T1664] gspca_spca508: reg_read err -32 [ 125.769564][ T1664] gspca_spca508: reg_read err -32 [ 126.000979][ T1664] gspca_spca508: reg write: error -71 [ 126.022727][ T1664] spca508 5-1:0.0: probe with driver spca508 failed with error -71 [ 126.074608][ T1664] usb 5-1: USB disconnect, device number 2 [ 126.578182][ T6705] loop1: detected capacity change from 0 to 32768 [ 126.661446][ T6705] XFS (loop1): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 126.932212][ T5908] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 126.971001][ T6705] XFS (loop1): Starting recovery (logdev: internal) [ 127.116168][ T5908] usb 4-1: unable to get BOS descriptor or descriptor too short [ 127.164078][ T5908] usb 4-1: not running at top speed; connect to a high speed hub [ 127.197648][ T5908] usb 4-1: config 1 interface 0 has no altsetting 0 [ 127.220243][ T5908] usb 4-1: string descriptor 0 read error: -22 [ 127.237275][ T5908] usb 4-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.40 [ 127.273114][ T5908] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.273154][ T6705] XFS (loop1): Ending recovery (logdev: internal) [ 127.775028][ T5908] hid_parser_main: 7 callbacks suppressed [ 127.775051][ T5908] hid-picolcd 0003:04D8:C002.0004: unknown main item tag 0x0 [ 127.824115][ T5908] hid-picolcd 0003:04D8:C002.0004: unknown main item tag 0x0 [ 127.824486][ T5847] XFS (loop1): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 127.852532][ T5908] hid-picolcd 0003:04D8:C002.0004: unknown main item tag 0x0 [ 127.860746][ T6743] syz.2.166 uses obsolete (PF_INET,SOCK_PACKET) [ 127.869837][ T5908] hid-picolcd 0003:04D8:C002.0004: unknown main item tag 0x0 [ 127.901604][ T5908] hid-picolcd 0003:04D8:C002.0004: unknown main item tag 0x0 [ 127.919863][ T5908] hid-picolcd 0003:04D8:C002.0004: unknown main item tag 0x0 [ 127.946705][ T5908] hid-picolcd 0003:04D8:C002.0004: unknown main item tag 0x0 [ 128.006575][ T5908] hid-picolcd 0003:04D8:C002.0004: unknown main item tag 0x0 [ 128.038611][ T5908] hid-picolcd 0003:04D8:C002.0004: unknown main item tag 0x0 [ 128.067219][ T5908] hid-picolcd 0003:04D8:C002.0004: unknown main item tag 0x0 [ 128.382014][ T5908] hid-picolcd 0003:04D8:C002.0004: No report with id 0x11 found [ 128.411839][ T5908] usb 4-1: USB disconnect, device number 3 [ 129.040968][ T6751] loop5: detected capacity change from 0 to 32768 [ 129.085617][ T6751] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 129.152979][ T6751] XFS (loop5): Ending clean mount [ 129.232027][ T6751] XFS (loop5): Quotacheck needed: Please wait. [ 129.533811][ T6751] XFS (loop5): Quotacheck: Done. [ 129.704476][ T29] audit: type=1800 audit(1773921033.244:6): pid=6751 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.170" name="file1" dev="loop5" ino=4428 res=0 errno=0 [ 129.820145][ T6395] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 129.872367][ T6790] loop2: detected capacity change from 0 to 4096 [ 129.964898][ T6790] ntfs3(loop2): mft corrupted [ 129.972836][ T6790] ntfs3(loop2): Failed to load $MFT. [ 130.310911][ T6796] loop1: detected capacity change from 0 to 2048 [ 130.390194][ T6010] loop1: p3 < > p4 < > [ 130.425979][ T6010] loop1: partition table partially beyond EOD, truncated [ 130.465944][ T6010] loop1: p3 start 4284289 is beyond EOD, truncated [ 130.616634][ T6796] loop1: p3 < > p4 < > [ 130.654980][ T6796] loop1: partition table partially beyond EOD, truncated [ 130.672697][ T6796] loop1: p3 start 4284289 is beyond EOD, truncated [ 130.918838][ T6815] loop5: detected capacity change from 0 to 1 [ 130.957083][ T6815] ldm_validate_privheads(): Disk read failed. [ 130.977890][ T6815] Dev loop5: unable to read RDB block 1 [ 130.990934][ T6815] loop5: AHDI p2 p3 [ 130.997903][ T6815] loop5: partition table partially beyond EOD, truncated [ 131.006985][ T6815] loop5: p3 start 335544320 is beyond EOD, truncated [ 131.046882][ T6179] udevd[6179]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 131.388720][ T29] audit: type=1326 audit(1773921034.924:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6831 comm="syz.1.195" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff3a7d9c799 code=0x0 [ 132.390065][ T6828] loop5: detected capacity change from 0 to 32768 [ 132.420546][ T6828] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.193 (6828) [ 132.517329][ T6828] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 132.556104][ T6828] BTRFS info (device loop5): using crc32c checksum algorithm [ 132.739227][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.747403][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.965321][ T6828] BTRFS info (device loop5): enabling ssd optimizations [ 133.006002][ T6828] BTRFS info (device loop5): turning on flush-on-commit [ 133.040439][ T6828] BTRFS info (device loop5): enabling free space tree [ 133.068957][ T6828] BTRFS info (device loop5): enabling auto defrag [ 133.103391][ T6828] BTRFS info (device loop5): use lzo compression, level 1 [ 133.141649][ T6828] BTRFS info (device loop5): max_inline set to 4096 [ 133.491193][ T5899] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 133.552524][ T5915] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 133.671196][ T5899] usb 2-1: Using ep0 maxpacket: 16 [ 133.688823][ T5899] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 133.716500][ T5899] usb 2-1: config 0 interface 0 has no altsetting 0 [ 133.757106][ T5899] usb 2-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 133.785169][ T5915] usb 3-1: config index 0 descriptor too short (expected 65183, got 72) [ 133.810394][ T5899] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.817066][ T6395] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 133.841811][ T5915] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 133.863834][ T5899] usb 2-1: config 0 descriptor?? [ 133.870915][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.933264][ T5915] usb 3-1: Product: syz [ 133.948189][ T5915] usb 3-1: Manufacturer: syz [ 133.958359][ T5915] usb 3-1: SerialNumber: syz [ 134.015619][ T5915] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 134.355107][ T807] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 134.416602][ T6933] netlink: 4 bytes leftover after parsing attributes in process `syz.3.212'. [ 134.433844][ T5899] nzxt-smart2 0003:1E71:2009.0005: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.1-1/input0 [ 134.515459][ T6935] netlink: 4 bytes leftover after parsing attributes in process `syz.3.212'. [ 134.678796][ T6918] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 134.733476][ T6918] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 134.818273][ T6918] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 134.866328][ T6918] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 134.940357][ T6918] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 134.985588][ T5899] usb 2-1: USB disconnect, device number 5 [ 135.109228][ T6918] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 135.257834][ T1664] usb 3-1: USB disconnect, device number 5 [ 135.603184][ T807] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 135.636229][ T807] ath9k_htc: Failed to initialize the device [ 135.681924][ T1664] usb 3-1: ath9k_htc: USB layer deinitialized [ 136.009799][ T6946] loop3: detected capacity change from 0 to 32768 [ 136.030738][ T6946] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.215 (6946) [ 136.034525][ T1664] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 136.125683][ T6946] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 136.142905][ T6965] loop4: detected capacity change from 0 to 1024 [ 136.153812][ T6946] BTRFS info (device loop3): using sha256 checksum algorithm [ 136.174712][ T6965] EXT4-fs: inline encryption not supported [ 136.241876][ T1664] usb 3-1: Using ep0 maxpacket: 32 [ 136.255094][ T1664] usb 3-1: config index 0 descriptor too short (expected 241, got 72) [ 136.267438][ T1664] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81 [ 136.295051][ T1664] usb 3-1: New USB device found, idVendor=110a, idProduct=2210, bcdDevice=bd.da [ 136.304675][ T1664] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.350111][ T6965] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 136.355527][ T1664] usb 3-1: config 0 descriptor?? [ 136.432378][ T6946] BTRFS info (device loop3): rebuilding free space tree [ 136.471792][ T1664] mos7840 3-1:0.0: Moschip 7840/7820 USB Serial Driver converter detected [ 136.490008][ T6965] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4222: comm syz.4.218: Allocating blocks 449-513 which overlap fs metadata [ 136.582948][ T6965] EXT4-fs (loop4): Remounting filesystem read-only [ 136.640322][ T1664] mos7840 3-1:0.0: probe with driver mos7840 failed with error -71 [ 136.671811][ T6946] BTRFS info (device loop3): enabling ssd optimizations [ 136.712380][ T6946] BTRFS info (device loop3): using spread ssd allocation scheme [ 136.741233][ T6946] BTRFS info (device loop3): turning on async discard [ 136.765902][ T6946] BTRFS info (device loop3): enabling free space tree [ 136.807114][ T6946] BTRFS info (device loop3): force clearing of disk cache [ 136.860880][ T6045] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.907352][ T1664] usb 3-1: USB disconnect, device number 6 [ 137.523540][ T29] audit: type=1800 audit(1773921041.054:8): pid=6946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.215" name="bus" dev="loop3" ino=263 res=0 errno=0 [ 137.680349][ T7010] TCP: tcp_parse_options: Illegal window scaling value 236 > 14 received [ 137.946141][ T6989] loop5: detected capacity change from 0 to 32768 [ 138.048238][ T6989] XFS (loop5): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 138.184272][ T6989] XFS (loop5): Ending clean mount [ 138.379529][ T5838] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 138.448590][ T6395] XFS (loop5): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 138.634079][ T7003] loop1: detected capacity change from 0 to 40427 [ 138.677302][ T7003] F2FS-fs: heap/no_heap options were deprecated [ 138.721854][ T7003] F2FS-fs (loop1): build fault injection rate: 19 [ 138.756795][ T7003] F2FS-fs (loop1): build fault injection type: 0x3bfe8c [ 138.811040][ T7003] F2FS-fs (loop1): invalid crc value [ 138.895290][ T7003] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1810 [ 139.308970][ T7003] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410 [ 139.368920][ T7053] loop2: detected capacity change from 0 to 512 [ 139.408981][ T7053] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 139.446364][ T7055] loop5: detected capacity change from 0 to 128 [ 139.455188][ T7003] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 139.485548][ T7053] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 139.492343][ T7055] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 139.541652][ T7053] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 139.552528][ T7003] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 139.567745][ T7055] ext4 filesystem being mounted at /21/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 139.606095][ T7053] System zones: 0-2, 18-18, 34-35 [ 139.654616][ T7053] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 139.752861][ T7003] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x911/0x2060 [ 139.849280][ T7065] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_new_inode_folio+0xed/0x140 [ 139.922460][ T6395] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 139.980960][ T7003] F2FS-fs (loop1): inject inconsistent footer in f2fs_sanity_check_node_footer of __get_node_folio+0x8b5/0xe90 [ 140.052510][ T7003] F2FS-fs (loop1): inconsistent node block, node_type:1, nid:3, node_footer[nid:3,ino:3,ofs:0,cpver:1219692001,blkaddr:4098] [ 140.128708][ T5859] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 140.157138][ T5840] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.299313][ T5847] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_write_data_summaries+0xd5/0x730 [ 140.712928][ T7084] dummy0: entered promiscuous mode [ 140.720010][ T7084] macsec1: entered allmulticast mode [ 140.725753][ T7084] dummy0: entered allmulticast mode [ 140.742830][ T7084] dummy0: left allmulticast mode [ 140.748652][ T7084] dummy0: left promiscuous mode [ 141.792002][ T7080] loop2: detected capacity change from 0 to 32768 [ 141.836241][ T7080] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.239 (7080) [ 141.926245][ T7080] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 141.953344][ T7080] BTRFS info (device loop2): using crc32c checksum algorithm [ 142.028753][ T7080] BTRFS info (device loop2): enabling ssd optimizations [ 142.046977][ T7080] BTRFS info (device loop2): turning on flush-on-commit [ 142.063846][ T7080] BTRFS info (device loop2): enabling free space tree [ 142.079756][ T7080] BTRFS info (device loop2): enabling auto defrag [ 142.102536][ T7080] BTRFS info (device loop2): use lzo compression, level 1 [ 142.162770][ T5854] Bluetooth: hci0: command 0x0401 tx timeout [ 142.170502][ T5859] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 142.211299][ T29] audit: type=1800 audit(1773921045.744:9): pid=7080 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.239" name="file1" dev="loop2" ino=260 res=0 errno=0 [ 142.246877][ T7088] loop4: detected capacity change from 0 to 32768 [ 142.338187][ T7088] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 142.461217][ T7088] XFS (loop4): Ending clean mount [ 142.625518][ T7088] XFS (loop4): Quotacheck needed: Please wait. [ 142.720237][ T5840] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 142.786283][ T7088] XFS (loop4): Quotacheck: Done. [ 143.191752][ T7139] xt_hashlimit: size too large, truncated to 1048576 [ 143.501082][ T6045] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 144.249065][ T5859] Bluetooth: hci0: command 0x0401 tx timeout [ 144.352649][ T7153] netlink: 'syz.3.258': attribute type 1 has an invalid length. [ 144.478172][ T7160] netlink: 4 bytes leftover after parsing attributes in process `syz.3.258'. [ 144.547318][ T7153] 8021q: adding VLAN 0 to HW filter on device bond1 [ 144.630513][ T7157] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 144.698560][ T7157] bond1: (slave batadv1): making interface the new active one [ 144.739784][ T7157] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 145.688003][ T7160] bond1 (unregistering): (slave batadv1): Releasing active interface [ 145.707591][ T7160] bond1 (unregistering): Released all slaves [ 145.880279][ T7175] ªªªªªª: renamed from vlan0 (while UP) [ 146.304693][ T7187] kvm: kvm [7185]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010004) = 0xcd [ 146.362947][ T807] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 146.531363][ T807] usb 3-1: Using ep0 maxpacket: 32 [ 146.547226][ T807] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 146.566320][ T807] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 146.588579][ T807] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 146.607712][ T807] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 146.628543][ T5899] IPVS: starting estimator thread 0... [ 146.636516][ T807] usb 3-1: Product: syz [ 146.650636][ T807] usb 3-1: Manufacturer: syz [ 146.729269][ T807] hub 3-1:4.0: USB hub found [ 146.751333][ T7204] IPVS: using max 26 ests per chain, 62400 per kthread [ 146.925543][ T807] hub 3-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 147.271457][ T807] usb 3-1: USB disconnect, device number 7 [ 148.692402][ T7219] loop4: detected capacity change from 0 to 32768 [ 148.835305][ T7219] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 148.867488][ T7219] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 149.092533][ T7219] gfs2: fsid=syz:syz.0: journal 0 mapped with 9 extents in 0ms [ 149.132539][ T807] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 149.139468][ T807] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 149.212118][ T807] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 72ms [ 149.247675][ T807] gfs2: fsid=syz:syz.0: jid=0: Done [ 149.269078][ T7219] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 149.357290][ T7268] loop2: detected capacity change from 0 to 1024 [ 149.385944][ T7268] EXT4-fs: Ignoring removed bh option [ 149.435200][ T7268] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 149.452949][ T7268] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (31873!=20869) [ 149.463665][ T7268] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 149.676419][ T7219] gfs2: fsid=syz:syz.0: found 1 quota changes [ 149.683580][ T7249] loop1: detected capacity change from 0 to 32768 [ 149.712845][ T7275] Illegal XDP return value 4294967262 on prog (id 22) dev syz_tun, expect packet loss! [ 149.760786][ T7249] XFS (loop1): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 149.798383][ T7268] EXT4-fs (loop2): failed to open journal device unknown-block(0,5) -6 [ 149.887627][ T7268] loop2: detected capacity change from 0 to 512 [ 149.903496][ T7268] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 150.076085][ T7249] XFS (loop1): Starting recovery (logdev: internal) [ 150.103095][ T7268] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 150.135877][ T7268] EXT4-fs (loop2): 1 truncate cleaned up [ 150.157838][ T7268] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 150.221006][ T7268] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.288'. [ 150.247478][ T7249] XFS (loop1): Ending recovery (logdev: internal) [ 150.286008][ T6045] syz-executor: attempt to access beyond end of device [ 150.286008][ T6045] loop4: rw=12289, sector=68719479080, nr_sectors = 8 limit=32768 [ 150.355020][ T6045] Buffer I/O error on dev loop4, logical block 8589934885, lost async page write [ 150.387736][ T5840] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.397214][ T6045] syz-executor: attempt to access beyond end of device [ 150.397214][ T6045] loop4: rw=12289, sector=68719479336, nr_sectors = 8 limit=32768 [ 150.430942][ T6045] Buffer I/O error on dev loop4, logical block 8589934917, lost async page write [ 150.470473][ T6045] gfs2: fsid=syz:syz.0: fatal: I/O error - block = 8589934885, function = gfs2_ail1_start_one, file = fs/gfs2/log.c, line = 116 [ 150.484479][ T6045] CPU: 0 UID: 0 PID: 6045 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 150.484510][ T6045] Tainted: [L]=SOFTLOCKUP [ 150.484517][ T6045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 150.484537][ T6045] Call Trace: [ 150.484548][ T6045] [ 150.484557][ T6045] dump_stack_lvl+0xe8/0x150 [ 150.484594][ T6045] gfs2_withdraw+0xc3/0x1b0 [ 150.484621][ T6045] gfs2_ail1_flush+0x990/0xfd0 [ 150.484668][ T6045] ? __pfx_gfs2_ail1_flush+0x10/0x10 [ 150.484710][ T6045] empty_ail1_list+0x1b3/0x330 [ 150.484743][ T6045] ? __pfx_empty_ail1_list+0x10/0x10 [ 150.484813][ T6045] ? do_raw_spin_unlock+0xf5/0x210 [ 150.484846][ T6045] gfs2_log_flush+0x1e20/0x2510 [ 150.484889][ T6045] ? __pfx_gfs2_log_flush+0x10/0x10 [ 150.484919][ T6045] ? call_rcu+0x644/0x890 [ 150.484939][ T6045] ? lockdep_hardirqs_on+0x7a/0x110 [ 150.484970][ T6045] gfs2_kill_sb+0x5c/0x430 [ 150.484998][ T6045] deactivate_locked_super+0xbc/0x130 [ 150.485040][ T6045] cleanup_mnt+0x437/0x4d0 [ 150.485060][ T6045] ? _raw_spin_unlock_irq+0x23/0x50 [ 150.485087][ T6045] task_work_run+0x1d9/0x270 [ 150.485117][ T6045] ? __pfx_task_work_run+0x10/0x10 [ 150.485155][ T6045] exit_to_user_mode_loop+0xed/0x480 [ 150.485182][ T6045] ? rcu_is_watching+0x15/0xb0 [ 150.485207][ T6045] do_syscall_64+0x32d/0xf80 [ 150.485231][ T6045] ? trace_irq_disable+0x3b/0x150 [ 150.485255][ T6045] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.485275][ T6045] ? clear_bhb_loop+0x40/0x90 [ 150.485301][ T6045] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.485320][ T6045] RIP: 0033:0x7fa63ab9d9d7 [ 150.485346][ T6045] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 150.485363][ T6045] RSP: 002b:00007ffd5d11cc48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 150.485383][ T6045] RAX: 0000000000000000 RBX: 00007fa63ac32050 RCX: 00007fa63ab9d9d7 [ 150.485397][ T6045] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd5d11cd00 [ 150.485409][ T6045] RBP: 00007ffd5d11cd00 R08: 00007ffd5d11dd00 R09: 00000000ffffffff [ 150.485422][ T6045] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd5d11dd90 [ 150.485434][ T6045] R13: 00007fa63ac32050 R14: 0000000000024a91 R15: 00007ffd5d11ddd0 [ 150.485467][ T6045] [ 150.485474][ T6045] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 150.671568][ T5949] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 150.762146][ T7249] XFS (loop1): Corruption warning: Metadata has LSN (8192:64) ahead of current LSN (1:192). Please unmount and run xfs_repair (>= v4.3) to resolve. [ 150.795904][ T7249] XFS (loop1): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xe0, xfs_bnobt block 0x4 [ 150.864866][ T6045] gfs2: fsid=syz:syz.0: gfs2_evict_inode: -5 [ 150.885221][ T7249] XFS (loop1): Unmount and run xfs_repair [ 150.891025][ T7249] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 150.898645][ T7249] 00000000: 53 55 4d 59 00 00 00 02 ff ff ff ff ff ff ff ff SUMY............ [ 150.908162][ T7249] 00000010: 00 00 00 00 00 00 00 04 00 00 20 00 00 00 00 40 .......... ....@ [ 150.917815][ T7249] 00000020: 9f 91 83 2a 3b 79 45 c3 9d 6d ed 0b c7 35 7f e4 ...*;yE..m...5.. [ 150.926865][ T7249] 00000030: 00 00 00 00 25 47 cc 81 00 00 00 0d 00 00 00 03 ....%G.......... [ 150.935957][ T7249] 00000040: 00 00 0e a8 00 00 11 58 00 00 00 00 00 00 00 00 .......X........ [ 150.943531][ T6045] gfs2: fsid=syz:syz.0: gfs2_evict_inode: -5 [ 150.945281][ T7249] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 150.992181][ T5949] usb 4-1: Using ep0 maxpacket: 16 [ 151.003698][ T5949] usb 4-1: config 0 has an invalid interface number: 105 but max is 0 [ 151.011505][ T6045] gfs2: fsid=syz:syz.0: gfs2_evict_inode: -5 [ 151.036598][ T7249] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 151.049597][ T5949] usb 4-1: config 0 has an invalid descriptor of length 229, skipping remainder of the config [ 151.075283][ T7249] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 151.084728][ T7249] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x2b0/0x490" at daddr 0x4 len 4 error 74 [ 151.103546][ T7249] XFS (loop1): page discard on page ffffea00019e97c0, inode 0x1d06, pos 325632. [ 151.109575][ T5949] usb 4-1: config 0 has no interface number 0 [ 151.127247][ T5949] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 151.139125][ T5949] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.147492][ T5949] usb 4-1: Product: syz [ 151.152284][ T5949] usb 4-1: Manufacturer: syz [ 151.156951][ T5949] usb 4-1: SerialNumber: syz [ 151.178874][ T5949] usb 4-1: config 0 descriptor?? [ 151.195823][ T5949] uvcvideo 4-1:0.105: Found UVC 0.00 device syz (046d:08f3) [ 151.210228][ T5949] uvcvideo 4-1:0.105: No valid video chain found. [ 151.276253][ T5847] XFS (loop1): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 151.298446][ T5847] XFS (loop1): Uncorrected metadata errors detected; please run xfs_repair. [ 151.307609][ T9] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 151.447941][ T5915] usb 4-1: USB disconnect, device number 4 [ 151.482856][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 151.490427][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 151.502107][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 151.527484][ T9] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 151.560828][ T9] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 151.583923][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.609175][ T9] usb 6-1: config 0 descriptor?? [ 152.027587][ T7309] loop1: detected capacity change from 0 to 32768 [ 152.052594][ T9] hid_parser_main: 3532 callbacks suppressed [ 152.052633][ T9] shield 0003:0955:7214.0006: unknown main item tag 0x0 [ 152.089792][ T7309] XFS (loop1): DAX unsupported by block device. Turning off DAX. [ 152.091524][ T9] shield 0003:0955:7214.0006: unknown main item tag 0x0 [ 152.112850][ T9] shield 0003:0955:7214.0006: unknown main item tag 0x0 [ 152.123346][ T9] shield 0003:0955:7214.0006: unknown main item tag 0x0 [ 152.132289][ T9] shield 0003:0955:7214.0006: unknown main item tag 0x0 [ 152.145081][ T9] input: HID 0955:7214 Haptics as /devices/virtual/input/input7 [ 152.164889][ T7309] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 152.240133][ T7303] random: crng reseeded on system resumption [ 152.289964][ T7309] XFS (loop1): Ending clean mount [ 152.326712][ T9] shield 0003:0955:7214.0006: Registered Thunderstrike controller [ 152.352402][ T7309] XFS (loop1): Quotacheck needed: Please wait. [ 152.362362][ T9] shield 0003:0955:7214.0006: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.5-1/input0 [ 152.401541][ T5949] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 152.451016][ T7309] XFS (loop1): Quotacheck: Done. [ 152.473095][ T5915] shield 0003:0955:7214.0006: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 152.490590][ T9] usb 6-1: USB disconnect, device number 2 [ 152.502458][ T5915] shield 0003:0955:7214.0006: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 152.515795][ T5915] shield 0003:0955:7214.0006: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 152.527355][ T5915] shield 0003:0955:7214.0006: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 152.571273][ T5949] usb 4-1: Using ep0 maxpacket: 8 [ 152.583863][ T5949] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 152.614010][ T5949] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 152.631507][ T5949] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 152.642705][ T5949] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 152.652698][ T5949] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 152.666172][ T5949] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 152.679880][ T5949] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.737068][ T5847] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 152.923531][ T5949] usb 4-1: usb_control_msg returned -32 [ 152.935284][ T5949] usbtmc 4-1:16.0: can't read capabilities [ 153.074665][ T7321] syzkaller1: entered promiscuous mode [ 153.093147][ T7321] syzkaller1: entered allmulticast mode [ 153.174666][ T7326] 9pnet_fd: p9_fd_create_unix (7326): problem connecting socket: ./file0: -111 [ 153.731249][ T5949] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 153.891258][ T5949] usb 3-1: Using ep0 maxpacket: 16 [ 153.899802][ T5949] usb 3-1: config 0 has no interfaces? [ 153.909988][ T5949] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 153.922837][ T5949] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.935049][ T5949] usb 3-1: config 0 descriptor?? [ 154.161053][ T9] usb 3-1: USB disconnect, device number 8 [ 154.168615][ T7349] usbtmc 4-1:16.0: usb_control_msg returned -32 [ 154.302351][ T5908] usb 4-1: USB disconnect, device number 5 [ 154.365059][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807ae7c400: rx timeout, send abort [ 154.377634][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88807ae7c400: 0x20000: (3) A timeout occurred and this is the connection abort to close the session. [ 154.641953][ T5915] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 154.664798][ T7360] geneve2: entered promiscuous mode [ 154.819573][ T5915] usb 3-1: config 2 has an invalid interface number: 174 but max is 0 [ 154.840605][ T5915] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 154.881381][ T5915] usb 3-1: config 2 has no interface number 0 [ 154.899448][ T5915] usb 3-1: config 2 interface 174 altsetting 0 has an endpoint descriptor with address 0x9E, changing to 0x8E [ 154.926561][ T5915] usb 3-1: config 2 interface 174 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 1023 [ 154.945813][ T5915] usb 3-1: config 2 interface 174 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 154.975665][ T5915] usb 3-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=22.7e [ 154.990262][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.010630][ T5915] usb 3-1: Product: syz [ 155.029239][ T5915] usb 3-1: Manufacturer: syz [ 155.038156][ T5915] usb 3-1: SerialNumber: syz [ 155.478173][ T5915] usb 3-1: probing VID:PID(0424:012C) [ 155.503593][ T5915] usb 3-1: vub300 testing BULK IN EndPoint(0) 8E [ 155.520414][ T5915] usb 3-1: Could not find two sets of bulk-in/out endpoint pairs [ 155.538740][ T5915] vub300 3-1:2.174: probe with driver vub300 failed with error -22 [ 155.553187][ T5915] usb 3-1: USB disconnect, device number 9 [ 155.612204][ T7375] loop1: detected capacity change from 0 to 32768 [ 155.706640][ T29] audit: type=1800 audit(1773921059.244:10): pid=7375 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.321" name="file1" dev="loop1" ino=7 res=0 errno=0 [ 156.058972][ T7389] loop5: detected capacity change from 0 to 1024 [ 156.157674][ T7389] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 156.228494][ T7389] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=8040e019, mo2=0000] [ 156.511182][ T7389] EXT4-fs error (device loop5): ext4_map_blocks:779: inode #3: block 2: comm syz.5.326: lblock 2 mapped to illegal pblock 2 (length 1) [ 156.525963][ T7389] loop5: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 156.533578][ T7389] Quota error (device loop5): qtree_write_dquot: dquota write failed [ 156.542863][ C1] EXT4-fs (loop5): error count since last fsck: 1 [ 156.542934][ C1] EXT4-fs (loop5): initial error at time 1773921060: ext4_map_blocks:779: inode 3: block 2 [ 156.542976][ C1] EXT4-fs (loop5): last error at time 1773921060: ext4_map_blocks:779: inode 3: block 2 [ 156.581227][ T7389] EXT4-fs error (device loop5): ext4_map_blocks:779: inode #3: block 48: comm syz.5.326: lblock 0 mapped to illegal pblock 48 (length 1) [ 156.595423][ T7389] loop5: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 156.608913][ T7389] Quota error (device loop5): v2_write_file_info: Can't write info structure [ 156.627546][ T7389] EXT4-fs error (device loop5): ext4_acquire_dquot:7001: comm syz.5.326: Failed to acquire dquot type 0 [ 156.639134][ T7389] loop5: lost filesystem error report for type 5 error -117 [ 156.670651][ T7389] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6249: Corrupt filesystem [ 156.680492][ T7389] loop5: lost filesystem error report for type 5 error -117 [ 156.694019][ T7389] EXT4-fs error (device loop5): ext4_evict_inode:255: inode #11: comm syz.5.326: mark_inode_dirty error [ 156.714902][ T7389] loop5: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 156.747802][ T7389] EXT4-fs warning (device loop5): ext4_evict_inode:258: couldn't mark inode dirty (err -117) [ 156.773332][ T7389] EXT4-fs (loop5): 1 orphan inode deleted [ 156.796801][ T7389] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 157.391872][ T807] gfs2: fsid=syz:syz.0: file system withdrawn [ 157.468921][ T35] EXT4-fs error (device loop5): ext4_map_blocks:779: inode #3: block 1: comm kworker/u8:2: lblock 1 mapped to illegal pblock 1 (length 1) [ 157.597838][ T35] Quota error (device loop5): remove_tree: Can't read quota data block 1 [ 157.638806][ T35] EXT4-fs error (device loop5): ext4_release_dquot:7037: comm kworker/u8:2: Failed to release dquot type 0 [ 157.745002][ T6395] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.788272][ T6395] EXT4-fs error (device loop5): __ext4_get_inode_loc:4785: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 157.830597][ T6395] loop5: lost filesystem error report for type 5 error -117 [ 157.841594][ T6395] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6249: Corrupt filesystem [ 157.917015][ T6395] loop5: lost filesystem error report for type 5 error -117 [ 157.917332][ T6395] EXT4-fs error (device loop5): ext4_quota_off:7285: inode #3: comm syz-executor: mark_inode_dirty error [ 157.986753][ T6395] loop5: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 158.612311][ T5949] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 158.821445][ T5949] usb 5-1: Using ep0 maxpacket: 16 [ 158.842193][ T5949] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.893113][ T5949] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 158.913691][ T5949] usb 5-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 158.940104][ T5949] usb 5-1: config 0 interface 0 has no altsetting 0 [ 158.950332][ T5949] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 158.968020][ T5949] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.050599][ T5949] usb 5-1: config 0 descriptor?? [ 159.519692][ T7417] loop4: detected capacity change from 0 to 512 [ 159.547979][ T7417] EXT4-fs: Ignoring removed orlov option [ 159.576630][ T7417] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 159.587815][ T7437] tipc: Failed to remove unknown binding: 66,1,1/0:1726087185/1726087187 [ 159.629866][ T7417] EXT4-fs (loop4): orphan cleanup on readonly fs [ 159.724127][ T7417] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.336: bg 0: block 248: padding at end of block bitmap is not set [ 159.773671][ T7417] loop4: lost filesystem error report for type 5 error -117 [ 159.781306][ C0] EXT4-fs (loop4): error count since last fsck: 1 [ 159.796139][ C0] EXT4-fs (loop4): last error at time 1773921063: ext4_validate_block_bitmap:441 [ 159.806943][ T7417] Quota error (device loop4): write_blk: dquota write failed [ 159.817867][ T7417] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 159.828167][ T7417] EXT4-fs error (device loop4): ext4_acquire_dquot:7001: comm syz.4.336: Failed to acquire dquot type 1 [ 159.839570][ T7417] loop4: lost filesystem error report for type 5 error -117 [ 159.911512][ T7417] EXT4-fs (loop4): 1 truncate cleaned up [ 159.987839][ T7417] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 160.069794][ T7447] netlink: 4 bytes leftover after parsing attributes in process `syz.5.348'. [ 160.086762][ T7446] all: renamed from bond_slave_0 (while UP) [ 160.100527][ T5949] hid (null): unknown global tag 0x6b [ 160.127557][ T5949] hid (null): invalid report_size 28539 [ 160.133869][ T5949] hid (null): unknown global tag 0xe [ 160.334507][ T5949] usb 5-1: USB disconnect, device number 3 [ 160.501243][ T5842] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 160.672227][ T5842] usb 2-1: Using ep0 maxpacket: 16 [ 160.689389][ T5842] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40 [ 160.716220][ T5842] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.746645][ T5842] usb 2-1: Product: syz [ 160.761435][ T5842] usb 2-1: Manufacturer: syz [ 160.774994][ T5842] usb 2-1: SerialNumber: syz [ 161.669980][ T6045] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.265501][ T5842] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -71 [ 162.287609][ T5842] usb 2-1: USB disconnect, device number 6 [ 162.449431][ T7461] loop3: detected capacity change from 0 to 32768 [ 162.513412][ T7461] [ 162.513412][ T7461] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 162.513412][ T7461] [ 162.553598][ T7479] netlink: 'syz.4.361': attribute type 10 has an invalid length. [ 162.630174][ T7479] team0: Device vxcan1 is of different type [ 163.027792][ T35] [ 163.027792][ T35] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 163.027792][ T35] [ 163.084508][ T35] [ 163.084508][ T35] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 163.084508][ T35] [ 163.102140][ T35] [ 163.102140][ T35] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 163.102140][ T35] [ 163.114285][ T5838] [ 163.114285][ T5838] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 163.114285][ T5838] [ 163.155439][ T5838] [ 163.155439][ T5838] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 163.155439][ T5838] [ 163.178030][ T119] [ 163.178030][ T119] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 163.178030][ T119] [ 163.217642][ T119] ================================================================== [ 163.225791][ T119] BUG: KASAN: slab-use-after-free in lmLogSync+0x9bb/0xa50 [ 163.233034][ T119] Write of size 4 at addr ffff88801b7e8a18 by task jfsCommit/119 [ 163.240783][ T119] [ 163.243138][ T119] CPU: 0 UID: 0 PID: 119 Comm: jfsCommit Tainted: G L syzkaller #0 PREEMPT(full) [ 163.243168][ T119] Tainted: [L]=SOFTLOCKUP [ 163.243175][ T119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 163.243187][ T119] Call Trace: [ 163.243195][ T119] [ 163.243204][ T119] dump_stack_lvl+0xe8/0x150 [ 163.243238][ T119] print_address_description+0x55/0x1e0 [ 163.243267][ T119] ? lmLogSync+0x9bb/0xa50 [ 163.243292][ T119] print_report+0x58/0x70 [ 163.243316][ T119] kasan_report+0x117/0x150 [ 163.243339][ T119] ? lmLogSync+0x9bb/0xa50 [ 163.243369][ T119] lmLogSync+0x9bb/0xa50 [ 163.243398][ T119] ? __pfx_lmLogSync+0x10/0x10 [ 163.243431][ T119] jfs_syncpt+0x7b/0x90 [ 163.243457][ T119] txEnd+0x2e5/0x530 [ 163.243487][ T119] jfs_lazycommit+0x5b8/0xaa0 [ 163.243520][ T119] ? __pfx_jfs_lazycommit+0x10/0x10 [ 163.243550][ T119] ? __pfx_default_wake_function+0x10/0x10 [ 163.243581][ T119] ? __kthread_parkme+0x7a/0x1f0 [ 163.243606][ T119] kthread+0x388/0x470 [ 163.243629][ T119] ? __pfx_jfs_lazycommit+0x10/0x10 [ 163.243658][ T119] ? __pfx_kthread+0x10/0x10 [ 163.243682][ T119] ret_from_fork+0x51e/0xb90 [ 163.243712][ T119] ? __pfx_ret_from_fork+0x10/0x10 [ 163.243739][ T119] ? __switch_to+0xc7d/0x1450 [ 163.243764][ T119] ? __pfx_kthread+0x10/0x10 [ 163.243788][ T119] ret_from_fork_asm+0x1a/0x30 [ 163.243817][ T119] [ 163.243823][ T119] [ 163.383469][ T119] Allocated by task 7461: [ 163.387810][ T119] kasan_save_track+0x3e/0x80 [ 163.392516][ T119] __kasan_kmalloc+0x93/0xb0 [ 163.397123][ T119] __kmalloc_cache_noprof+0x31c/0x660 [ 163.402509][ T119] lmLogOpen+0x2d1/0xfa0 [ 163.406769][ T119] jfs_mount_rw+0xee/0x670 [ 163.411204][ T119] jfs_fill_super+0x754/0xd80 [ 163.415893][ T119] get_tree_bdev_flags+0x431/0x4f0 [ 163.421012][ T119] vfs_get_tree+0x92/0x2a0 [ 163.425450][ T119] do_new_mount+0x341/0xd30 [ 163.429972][ T119] __se_sys_mount+0x31d/0x420 [ 163.434665][ T119] do_syscall_64+0x14d/0xf80 [ 163.439284][ T119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.445214][ T119] [ 163.447566][ T119] Freed by task 5838: [ 163.451566][ T119] kasan_save_track+0x3e/0x80 [ 163.456278][ T119] kasan_save_free_info+0x46/0x50 [ 163.461332][ T119] __kasan_slab_free+0x5c/0x80 [ 163.466124][ T119] kfree+0x1c5/0x650 [ 163.470040][ T119] lmLogClose+0x297/0x520 [ 163.474393][ T119] jfs_umount+0x2fb/0x3d0 [ 163.478748][ T119] jfs_put_super+0x8c/0x190 [ 163.483265][ T119] generic_shutdown_super+0x13d/0x2d0 [ 163.488658][ T119] kill_block_super+0x44/0x90 [ 163.493347][ T119] deactivate_locked_super+0xbc/0x130 [ 163.498751][ T119] cleanup_mnt+0x437/0x4d0 [ 163.503178][ T119] task_work_run+0x1d9/0x270 [ 163.507786][ T119] exit_to_user_mode_loop+0xed/0x480 [ 163.513087][ T119] do_syscall_64+0x32d/0xf80 [ 163.517699][ T119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.523608][ T119] [ 163.525939][ T119] The buggy address belongs to the object at ffff88801b7e8800 [ 163.525939][ T119] which belongs to the cache kmalloc-1k of size 1024 [ 163.540084][ T119] The buggy address is located 536 bytes inside of [ 163.540084][ T119] freed 1024-byte region [ffff88801b7e8800, ffff88801b7e8c00) [ 163.553979][ T119] [ 163.556309][ T119] The buggy address belongs to the physical page: [ 163.562739][ T119] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1b7e8 [ 163.571513][ T119] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 163.580026][ T119] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 163.587591][ T119] page_type: f5(slab) [ 163.591597][ T119] raw: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122 [ 163.600196][ T119] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 163.608794][ T119] head: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122 [ 163.617479][ T119] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 163.626165][ T119] head: 00fff00000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff [ 163.634865][ T119] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 163.643547][ T119] page dumped because: kasan: bad access detected [ 163.649985][ T119] page_owner tracks the page as allocated [ 163.655706][ T119] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 3954359502, free_ts 0 [ 163.675427][ T119] post_alloc_hook+0x231/0x280 [ 163.680219][ T119] get_page_from_freelist+0x2418/0x24b0 [ 163.685779][ T119] __alloc_frozen_pages_noprof+0x233/0x3d0 [ 163.691614][ T119] allocate_slab+0x77/0x660 [ 163.696141][ T119] refill_objects+0x339/0x3d0 [ 163.700833][ T119] __pcs_replace_empty_main+0x321/0x720 [ 163.706402][ T119] __kmalloc_cache_noprof+0x392/0x660 [ 163.711787][ T119] class_register+0xbd/0x3a0 [ 163.716389][ T119] chr_dev_init+0x39/0xe0 [ 163.720750][ T119] do_one_initcall+0x250/0x8d0 [ 163.725526][ T119] do_initcall_level+0x104/0x190 [ 163.730489][ T119] do_initcalls+0x59/0xa0 [ 163.734854][ T119] kernel_init_freeable+0x2a6/0x3e0 [ 163.740094][ T119] kernel_init+0x1d/0x1d0 [ 163.744463][ T119] ret_from_fork+0x51e/0xb90 [ 163.749082][ T119] ret_from_fork_asm+0x1a/0x30 [ 163.753860][ T119] page_owner free stack trace missing [ 163.759252][ T119] [ 163.761584][ T119] Memory state around the buggy address: [ 163.767223][ T119] ffff88801b7e8900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 163.775319][ T119] ffff88801b7e8980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 163.783395][ T119] >ffff88801b7e8a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 163.791467][ T119] ^ [ 163.796339][ T119] ffff88801b7e8a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 163.804425][ T119] ffff88801b7e8b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 163.812506][ T119] ================================================================== [ 163.952000][ T119] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 163.959305][ T119] CPU: 0 UID: 0 PID: 119 Comm: jfsCommit Tainted: G L syzkaller #0 PREEMPT(full) [ 163.970040][ T119] Tainted: [L]=SOFTLOCKUP [ 163.974401][ T119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 163.984490][ T119] Call Trace: [ 163.987805][ T119] [ 163.990778][ T119] vpanic+0x56c/0xa60 [ 163.994810][ T119] ? __pfx_vpanic+0x10/0x10 [ 163.999375][ T119] panic+0xc5/0xd0 [ 164.003164][ T119] ? __pfx_panic+0x10/0x10 [ 164.007638][ T119] ? preempt_schedule_thunk+0x16/0x30 [ 164.013060][ T119] ? lmLogSync+0x9bb/0xa50 [ 164.017523][ T119] ? preempt_schedule_thunk+0x16/0x30 [ 164.022972][ T119] ? lmLogSync+0x9bb/0xa50 [ 164.027436][ T119] check_panic_on_warn+0x89/0xb0 [ 164.032416][ T119] ? lmLogSync+0x9bb/0xa50 [ 164.036894][ T119] end_report+0x73/0x180 [ 164.041172][ T119] ? lmLogSync+0x9bb/0xa50 [ 164.045626][ T119] kasan_report+0x128/0x150 [ 164.050175][ T119] ? lmLogSync+0x9bb/0xa50 [ 164.054630][ T119] lmLogSync+0x9bb/0xa50 [ 164.058921][ T119] ? __pfx_lmLogSync+0x10/0x10 [ 164.063750][ T119] jfs_syncpt+0x7b/0x90 [ 164.067933][ T119] txEnd+0x2e5/0x530 [ 164.071857][ T119] jfs_lazycommit+0x5b8/0xaa0 [ 164.076647][ T119] ? __pfx_jfs_lazycommit+0x10/0x10 [ 164.081877][ T119] ? __pfx_default_wake_function+0x10/0x10 [ 164.087708][ T119] ? __kthread_parkme+0x7a/0x1f0 [ 164.092661][ T119] kthread+0x388/0x470 [ 164.096752][ T119] ? __pfx_jfs_lazycommit+0x10/0x10 [ 164.101971][ T119] ? __pfx_kthread+0x10/0x10 [ 164.106587][ T119] ret_from_fork+0x51e/0xb90 [ 164.111218][ T119] ? __pfx_ret_from_fork+0x10/0x10 [ 164.116362][ T119] ? __switch_to+0xc7d/0x1450 [ 164.121056][ T119] ? __pfx_kthread+0x10/0x10 [ 164.125694][ T119] ret_from_fork_asm+0x1a/0x30 [ 164.130479][ T119] [ 164.134334][ T119] Kernel Offset: disabled [ 164.138668][ T119] Rebooting in 86400 seconds..