last executing test programs: 17.780823254s ago: executing program 2 (id=420): r0 = socket$tipc(0x1e, 0x5, 0x0) listen(r0, 0x0) unshare(0x28000600) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x288840, 0x0) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x20000000800, 0x8, 0x100000}, 0x0, &(0x7f0000000240)={0x1f, 0x2, 0xffff, 0x3, 0x4, 0x80000000000000, 0x6ab}, 0x0, 0x0) 17.613778312s ago: executing program 2 (id=421): r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001bc0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001e00)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_MPATH(r2, &(0x7f0000001f00)={0x0, 0x0, &(0x7f0000001ec0)={&(0x7f0000001e40)={0x28, r1, 0x1, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x50) 17.542724965s ago: executing program 2 (id=422): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x16, 0x0, 0x14}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffff20, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x700, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2, 0x7ffffff}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0xfd6c) 16.792506553s ago: executing program 2 (id=424): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000340)='./bus\x00', 0x210000, &(0x7f0000000380)={[{@nobarrier}, {@barrier}, {@commit={'commit', 0x3d, 0x5}}, {@i_version}, {@data_err_ignore}, {@init_itable}, {@errors_remount}, {@inlinecrypt}, {@bh}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x1000000}}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=") setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f00000005c0)=ANY=[@ANYBLOB="02000000010000000000000004000000000000001000000000ff00002000"], 0x24, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000080)='./bus\x00', 0x10040d0, 0x0, 0x0, 0x0, 0x0) lsetxattr(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)=@known='trusted.overlay.impure\x00', 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) 16.140781696s ago: executing program 2 (id=427): unshare(0x6020400) r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x81) fsmount(r0, 0x0, 0x88) 15.396728254s ago: executing program 2 (id=432): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)={0x14, 0x0, 0x1}, 0x14}}, 0x4000) connect$inet(r0, &(0x7f0000000100)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000003c0)='cubic', 0xb) accept4(r0, 0x0, 0x0, 0x80000) 15.153104476s ago: executing program 32 (id=432): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)={0x14, 0x0, 0x1}, 0x14}}, 0x4000) connect$inet(r0, &(0x7f0000000100)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000003c0)='cubic', 0xb) accept4(r0, 0x0, 0x0, 0x80000) 6.633906695s ago: executing program 0 (id=460): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x8000, &(0x7f0000000000)={[{@errors_remount}]}, 0x80, 0x64a, &(0x7f00000001c0)="$eJzs3c9rG9kdAPDvjCwnTtw6KaU0aUsNPSRQothpaNqekvTQHAINNIdSeoiJ7dRY+UHsQOIG4kAPLbRQSq+l5NJ/oPRafC29LQu7ue15Ibss2d3D7hItMxrFsizFim1Z3sznA5LevBnpva9mnt4bjUYTQGlNZndpxLGIuJZETLTNG4/mzMliuecfPbye3ZJoNH71YRJJkdda/kXxeDi7S5rPeetixDcqm8tderCyOFNvND2KOL18887ppQcrpxZuztyYuzF3a/rMT86em/rp9P92J87DxeOly7/87l/+8Lsfz79dP5XE+bha/f1sdMSxWyab725kIbbnj0TEuSzR5X2BvVQptsdqRHwrJqKSTzVNxMKfh1o5YKAalWb/1BhtAKWTxLBrAAxHaxzQ2rcfxH7wfvbsQnZ/v0v8I8Xe+8F83+jQ86RtzyjLjTiyC+WvRsQXD4//I7tFj+8hRnahnJ7lP46Ib3db/0ke/5E80iz+NNK252XpqeK7jax+P99BHZK2dH/b36MdlLbR68Tfvh6y+M8Xj1n+xR6vv9VXPJMd02VrfwAMx9qFoiPPBiKx3v9lI8PW+Cc6xz+N/+THhjr7ru3o3f+lu/DqW8vHfyPd+v9Wf38w78PTjnFYEqufXOn+ktXOjPf+dOlvvcqfbBv/Zbes/NZYsA87Hho+exxxvCP+P+ZvffJy/Sddxr/ZItf6LOMX73xwqde8/uMfzMGyxpOIE133f9ZHpVmq4/hkEq3jk2enT88v1OemmvcbXru1Ifz3/7/9V6/yd7j+dyxb/4c2xL/yneacV6//LO9On2X8+8qTm83UgU3zxreMP31/NLmap0bz+/XmNZpcLhZpPtyfWV6+e+bVdWktkz9ON+M/+YPu7b9H/PnOx1jrI7MPd369+Lz1Odpph+v/RaPPBXvJ4p/tsf1vtf7/2mcZn/7m3ve6zmi9JRviX/9OYmybMQEAAAAAAEBZpfkx2CStvUynaa048PbNOJTWby8t/3D+9r1bsxEn899DVtPWke6J5nSSTU8Xv4dtTZ/pmP5RRByNiL9XxvLp2vVqfXbYwQMAAAAAAAAAAAAAAAAAAMA+cbg4//9FcT2wjytpWqsNu1bAnhnkBeaA/U37h/LK2//eXG8N2Gf0/1BeXdu/DwUoBU0dykv7h/LS/qG8tH8oL+0fyqt3+9805/Gg6wIAAAAA7Jqj3197OhIRqz8by2+Z0WJedag1Awato407EgglUhl2BYChednhO/0fSqevffzPij8HHHx1gCFIumXmg4PGqxv/WtdnAgAAAAAAAAAAAAADcOLY2tPE+f9QSk77g/La3vn/le0/Fdg3uv3hjz8BgnKwjw8l18eXAAd7zdjG+f9HXvsZAAAAAAAAAAAAAEBmPL8laa34GfB4pGmtFvG1/He61WR+oT43FRFfj4h3K9UD2fT0sCsNAAAAAAAAAAAAAAAAAAAAb5ilByuLM/X63N32xOebct7sROuKp/ulPu2JSAZeRBodOWMRMbyQR2KwRYy05SQRq9ma341XTna+/cR+2eoWZ+pD/mACAAAAAAAAAAAAAAAAAIASajv3uLvj/9zjGgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA3lu//v/gEsOOEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4avoyAAD//58SOU0=") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x85) lseek(r0, 0x100, 0x0) getdents(r0, 0x0, 0x0) 5.94777976s ago: executing program 0 (id=463): r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="b7", @ANYRES8], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r1, 0x0, 0x0) read$char_usb(r1, 0x0, 0x0) syz_usb_disconnect(r0) 3.717850752s ago: executing program 0 (id=469): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, &(0x7f0000000300)={0x40}, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r1, 0x80015b12, 0x0) 2.37013248s ago: executing program 4 (id=433): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000080)=ANY=[], 0x98) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7a, &(0x7f0000000340)={r1, @in6={{0xa, 0x3, 0x4, @rand_addr=' \x01\x00'}}}, &(0x7f0000000040)=0x84) 2.293649724s ago: executing program 1 (id=471): prctl$PR_SET_SECUREBITS(0x1c, 0x1d) setreuid(0x0, 0xee00) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f00000000c0)='tmpfs\x00', 0xa145cf, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00') read$FUSE(r0, &(0x7f00000024c0)={0x2020}, 0x2020) 2.118915543s ago: executing program 4 (id=472): syz_mount_image$ocfs2(&(0x7f00000026c0), &(0x7f0000004780)='./file0\x00', 0x200000, &(0x7f0000000340)=ANY=[@ANYBLOB="6a6f75726e616c5f6173796e635f636f6d6d69742c636f686572656e63793d66756c6c2c6572726f72733d636f6e74696e75652c6865617274626561743d6e6f6e652c6572726f72733d636f6e74696e75652c6e6f696e74722c67727071756f74612c001796fa694353e3807803df5ea6fd4d6e6a2613d336eb62b863dcd89e37b45f8bd04199a14c48b3e553e035ab300ba3c60c27682a8ab5656969d829535c0862f6e3a35f15fe4d50c0d5c74631344625d6224c436474bb101ff47a14c51e342ca291c09c35d9d31b06b6b86cb9dccae387b5f1e7c5e1d445d52845a3fa4c77234ea9d37c8a277c85e69a85cc6ffeb225bebbca91b569b80ee303c9a21c58db5d96fb87f1713e0e9b896e37becae2e7a978259a0847e9fb08dcb8b9f84f616463da2507db1b3489769e99"], 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzZ1ezmybb/UibpOnHJBFctCybPlXrQ1yrNpo2H9pWU2Wd3Ww3q7M76+6MFgxSgyAKghIEFT+oCqUvtSAG+lKLUPADaRVKRdH6IlKogg8GbaArM3Nvdu6d2d7JTtLS9veDdvaee8+5Z/a/99w590wKseqphdXiwmqxtFSszN6/ekvxc5VybXEuFF4lr/X56c6VyEn2r50j7/vAR+65JYQ/HPvah9bW1tZC3XDo6EDLz+f/fXq29TVRyNSpt9u5taY/1h556edveaUj8pwIIexo61ddXwjhY78IYUsIYSQuG41fB0MI20IIUQjh0d/868cDvXShxdl7X3ju2JnD+85MPf7YMxfmj254YBTCd8u7b55ffHF/323Pv+MynR4AAF7RB48fufvo5IHwZBSGzvW3f17fGb8mn4/vfNun7nq4f33/Gt3pexVDBQAAgIz1+f9w9HKH9bpkZS1ZEnzigRN3PxWt7zexfX07dNeR298/eSBe/43a9t8aF/3zvX2NNdTsum92/XckU7/z+u/6eR7+6rO/XHrr5vuf9C8573CIChOp7UJhYiKEY1PN7V3R1kK5slp95/2V2tLJzZ/3jSKdf3b1fn1Bv9v8RzPV89b/d3/i8z8b7O/lHYyF7F9tfbvY/qdMB+n8Nx7Lf/KlqKv8xzL18vK/4+nt53+1pZd3kD0jlyKdf/NC3Nd6QLE5ANTz/2Z/fv47Mu3n5f/9qXOPntjE93/q48xwVO/rQGoEeDku3+ArTGSk828GkRo641/kRtf//zL5X5NpPy//Oyv/+N3ferj/bzT+j0/10uabRzr/ZhDF1BHr1/9IIf/6vzbTfl7+vz3152c/2dO9uj3/ev/H3f+7ks4/vhGnB8/Gb7Lb8X9npv28/HeN3ffQwib6/eHBuJ9DURhr+dbpufotbGh9vboxpanvXt7ESd4E0vk3f2upS2eo+dK4/ofzx/9dmfbz8n9oz9ffc7qn7/92Hv8njf9dSec/2Ci7lPxfyuS/O9N+Xv4/PP33v9x3mcf/+vZB+Xclnf/Wtv3rz38KXc3/rsvUz3v+s2/0qUf+2sP8P+lfct7k+U/yHGI8aj7/obN0/ldteFy39/89mXp51/+3/vP80/t7Gf+jAU8AepDOf1uzsMMEsNv8r8+0n5f/F+758sf/tIn5X+MT30CSf8v8f0uz/Kjxvyvp/Lc3C1P/GOrBxv8b9/+oPff/ZvK/IdN+Xv4XDk30f+Uy3//r/R/v8Cibdun8hzY8rp7/77u4/9+YqZeX/xf3/vTFm3v6/B/CpLn+pqXzv3rD4xrX/0B+/jdl6uXl/51v/PqJB3vo/9t7qEs2/+a9PnU5xZ/Nu53/FzPt5+X/o/HzZ/dfgfnfre7/XUnn31w1v5T8s/P/vZn28/L/3pEfrPRfgec/d8gfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgU0bj1+EQFSZS24XCxEQIY/H2rrA1mimdnJ4pV2Y/sxrCjri8GEaj+XJlplSeXliqnJybLpXLldkQron37wgD0Wq5Up1eLC1fe7GtwejUXGmlOjNXqoYQdsbl14ftSVszC9XF0nLj2KTOVVHps7VKtTRRW51bCbsvlm9LyudXKrXl6y62dXWhsrJ8qrQ0fXJh5d2Tk5OTYc/FPo9Ecw9U55aqzd4299brJHWHo5Y309h9Q8v5Pl2prSyVyo3yG1vqlCuzpXJLnZtazlddqS3Nlqpz0+XKfHK+YkvdlvfW2L033jceRlLvL6mbdTB+vf3Q8Y8eP3ygbX8xSue9VFucm9ze+W8CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDeuJ29717dDCH3NrUII4WDyQxT/l3L23heeO3bm8L4zU48/9syF+aOdjgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVh535equjiOACfGd/7WiCltBFyGRgiojsJC/pFJJXXyJZtWge1SsigKDCMaFkQBEHtooKgVVD5F0QtXLaqNrVoYRBBxehMXu4IN7zQMed5YDgzzL1nvjBw78z5HA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD6cXbHYlfWXtq1eWnr7g+hMz/3fwhhNFne/7y3I/SEEL5+mTkdVmkLPU39v5mcGy9fNfm9t3/84fXRZO31F98trtsdknSo4XhnkqZDQ2vvf6O6M/hsejAJIY1dCFEsjD05UwshdMQuhCh+fpy/mP2+/xe7EKLo/3C3K7v/tdiFEMXW3Z/6avkzHtVzvn5hsPG/v9UjeBuP6KxDb09eeZe6qZX3Mn//T/LN+2A1zJ448v557CKIZnZu6mjsGgAAgL/rXIv8P2xZ3r9/OQk93eXc/1tT/t/b1P/q+f+Ke9tvjM20FUJsK41NZsfD+9rpc+M7NXD19uua8Z6qkv9Xm/y/2uT/1Sb/rzb5f7XJ/8m8kv9X0uObexZfxC6CaOT/AABQPYeOT0zVh0eyl/9NPzrLeX1f3tbzPP3BremBRw3jRvLDf9vhYxMHDg6P5Pe9PCC4sv5DunT2ez7fo7ktTDbNu2i1/kPv04X5a53lT9T/cP5GUV9xXes/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/2J17GgbBKAyj321F1EarogkLPwk+0MCIAKQwowEdTBiAgRBQwEDOWe5NnuUFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnu9f5XXx/aUx0muNSFPZZdf+OZ5mP3PfDsv77HHjVgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjYgQMZAAAAAGH+1nm0HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKcCAAD//wTsyzo=") syz_mount_image$vfat(&(0x7f0000000b00), &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x181d011, 0x0, 0x40, 0x0, &(0x7f0000000140)) creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r0, &(0x7f0000001fc0)=""/184, 0x20002078) 1.811167729s ago: executing program 3 (id=474): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_SET_CCA_MODE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd700007000000241e000008000300", @ANYRES32=r3, @ANYBLOB='\b\x00\f'], 0x24}, 0x1, 0x0, 0x0, 0x40001}, 0x24000800) 1.528530583s ago: executing program 3 (id=475): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x2000081, &(0x7f0000000480)=ANY=[], 0x2, 0x245, &(0x7f00000007c0)="$eJzs3b9qU2EYB+A3/9pUh2RwEsEDOjiVtleQIhXETkoGddBiW5AkFCwEWsXQySvwSrwOF+/ACxC66VA4cnJS00JqG0yaUp9n6Qvn+/V9T/KFTOfL6zud1ubO7vbBh+9RrRai2IhG4TCiHsXIzAcAcN38StM4THPjJcvFac0EAEzXBb//Fy5xJABgyp49f/FkdX197WmSVCM6n7rNQuR/8+ur2/E22rEVS1GLo4j0j7x+9Hh9LcpJph73O71uM0t2Xn2NSp7/EdHPL0ct6qPzy0nuRL7XbVbixqB/I8uvRC1ujc6vjMhHcy4e3Dsx/2LU4tub2Il2bEaWHeY/LifJw/Tzz/cvs4mzfKHXbc731w2lpRm8PQAAAAAAAAAAAAAAAAAAAAAAXFOLSZIkafolTdO0d+r8ndJR//picqx++nyePH/W+UC9E+frLCVJcnxY8DBfjtvlKM/w1gEAAAAAAAAAAAAAAAAAAODK2N3bb22021vvJlocP9Y/+f/8r0WUBqO1CxFXYJ5+sZDNczm97saYvRpjtoji3n4ra5LtgdZGIc5JVae0SdIR2690ZmpuQt3nbl5scem8l2VQFCKiMtixf19cjMqEPykAAAAAAAAAAAAAAAAAAMAlGz70O+LiwQwGAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAZGP7+/xhFbxC+YGrGtwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/4HcAAAD//+xqeWQ=") recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@rights={{0x10}}], 0x10}, 0x40002000) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0xa02000000000000, 0x60, &(0x7f0000000000)={'filter\x00', 0xb001, 0x4, 0x3e8, 0x0, 0x0, 0x130, 0x300, 0x300, 0x300, 0x7fffffe, 0x0, {[{{@arp={@local, @empty, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pimreg\x00', 'veth0_to_bridge\x00'}, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f67b23ffdfa27f907a03732da3acbc6518e62a77ca06f258762e88c0d9f9d2f413b94a105f4bdf01425ce81c5d000000000000000500ffffffff00"}}}, {{@arp={@multicast2, @empty, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_to_team\x00', 'ip6tnl0\x00'}, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE3={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x438) 1.479492195s ago: executing program 1 (id=476): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000300)=0x1a) r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0xfe) ioctl$TCFLSH(r1, 0x540b, 0x0) 1.18824658s ago: executing program 3 (id=477): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000006380)={@val={0x8, 0x800}, @val={0x6, 0x0, 0x6, 0x0, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x2, 0x16, 0xfc0, 0x66, 0x0, 0xb, 0x2, 0x0, @private=0xa010100, @broadcast}, "3297e3ba0fa8a2e71bd9fe1a399b5110420b70460c0dad392d66248a43540df968e7fcaab34569c0e36170578c0d3c546a98b26295e2592f360905866eb4720fed03a977a3df4224895629fd6ccec64f13a999f18f518e3ee28798381975e862f1db9dccdb2f1c1fb60f5ffc7a339d40a8bd1f24cede8a32f186f142e194d4fb48224759faf813ea80e6a853e79b4fe27fe3e1aec5897b314a7f0d515b07b1835986b4885e9826d902c40f16cd77c58b6433ab039955ce9db11f36f459e7114ace6c9989eecea80a81fd39f339356c7c3391af83da2486503a7973f6db4806cf3e5ca94cf7e1f79fd00decd76100c18251a59d1474caabf4d3ca6a9a9885df710e68c5b0dc11832dbb5eecb5c88c2f8f02bdbd88569ad4a740359cbca8c378118220d73bdd1e661c3a74f77aa931b11cd38119b0f084bb96e84803fca6566c33ee1e4e34ab0253fbf24f9f5974af5e1fc2a43a4ec9dd9928a8f38a128ea27c429300ae5a6bd7740471f973d8224b2b07879f4fbe7dcbed776a72ebdc713bcf1d7aa45b01c32a1003e6670d58510bd79ba2fde5cb2b82cef2cc315648f4e9d96d848ba327949b8926253cbdef6888a8982108b6ac7a1108533dd3fe125002e2e286362d1055082a9d73ec5ac3080f2a501ff27250b62c8965f371cf92b32d6422d79f66261eb08a2f8fe50049e102c69ce703d116d0834208cc957d0f1376457a90245816d7642412897fdd2f982fdfbc3af65aa0446b00c767b79aec40e460887ea02188e3a0960eea39b144859467b881978378c9fd593259e0f63148179fe2c2f6d40987b63a6e384e63027f03d8039d705822942d5dc88fd842524d006290b6a65e9cc86cc5b401a60ec4aedfb3bf4d0447bb681810a16b9684b72c2f4593ef834a0203e78cd1d9dbc978e9ae8f3ab62c07f1e41d59470decee7b0cc41ac49e4b7589ab6da65849f62ec217bb39ed161e7d337822d96badbd74d66451ea9a74bed591dc9631bf639dcf7846ee428a9fa55bfceedf3b1c23642f3b58dd0a7273664c6c49c9160a4b9cc5b72d0210e305b94e2cb09ae1d4af9d365b5093851f229c8c30aef75d45ccdbab4b86d801a9ad3b27f26ba601d531c0743717aa7aae29d37f496fec7682c5a1abd321ad61941a2d23fcac6af1d1875e308c8d8c64a5152be47b59c09d293f46b857310a99f1885f0a49d432aa0d39a3e8fc885e75e66b63215133175a19267c8d0adf7d8f644e742ed5369d1405e99e63b78727f135e0243f24d9ce354a1562102ee8de4c191508343b86bf7e7519ddd770ce55e17e590561b2f437194c97ad46622a6ae3dd68d9993e6744954f4cd308bd6594fdccedc578e80aed274a65219697229059723ac37d535cca0e9c314e7941b4160bbd2ffba71f26ffe3228431bc81463078ad70583277ef18bce23ca2e5b9a00670956ea8e0e2c739c006106c8c9ee3f92ba728d8490742b74a9a18cbedfc4e69bb87e0da4c7dfb964374c28c837d4641fb99a19b233675f8526af395335e0185cf3934805442ac379980b687a7128e53284ba9e741b5fe9bc969bfbd55cbce76842915e076e2adf844338d16d3802c681bafdcc60465bd34dfc2d1c069ceee40060e0570fc1275ccabfe3f9be3e84ceedf72cd649c082232008e2b0c94594588c00e0fe911bbf1c12eb6c37ce05674a7597feecf27f5e051ffa824d9ff93638dfa9a84c77562aa2cf897f55a97b79c18544ad03480e1011b8f93e0ead9c2c6672448f585c5803ae99be777fbc662ef4450c1e936ed8b3c8047f00e72adc84561f417f8e5e1dde4967005d96a64fc75d9f486b3ebdb5904a0a56ec48542f0efce939f66fd69259e7376ad37e84434ea90f35b2d3bd63b5c36b267d8f2c7dc5a50b46e00ed086dff8b039e07b84c60611269d4f282ad04dc8e0b481eece2f8a614734be73617f0ad5be195446b09dca4cf1f32653dd3e188aece76f3014deb2ba61744835c0f735234b6a4637c948a7b4fd4203b286ca87d669e325d70277075b094f59eb1dff6c9c05c40d5e464c563df79486e1a32e6ed9bcf675aac7968b4e98dc4e210215b0d3b6a2525b2e3df11f3f1490eb39cabffbe32e23659121fde8e4e346e0f595aaf3666a5f6f118c1a1128039502ac04c40b85eb4c54e6c95b8d1c2aac74ae9e1c355ccde9d54d5d833293f5df09224482179e5bcd8e227c99172a6e14c2cd4e6462ceb0a905a1d64804840ce62e350c6efac10a7fcb029f84af64e2256d45afd3b3f59379895740e0cd2fd24c63264f785bb6e3f40ec72ed67d1a7d87dd264743d9c951cb5aa8bc6f1d1bc9b23303d5aa7f8f6f961326757456057000cb2bacf78cc229002777e932c2640b8dfa793846ca49fa93996db42394a8808a1906b19df17e754b90582b6c49efb3ddce067dd9292291cfd2bb0323ce8098f29e4fce0de31cf5c7e2e2da5d0d0996a8be776de8fecfd3ce68e80d21f1701f6b90ac51278abbd727d19415e0ebe001b990b177b8db0c592b18a4b5e4a6221902362e5b20e6e6f2131a5a5e03c1150b179ef40c933c2fef1b79de738652ec4c32565f5cf751a11db177099c4e2e5bd7616cd0dd501d5bfccf5691de3cca590365328648baf8a9487a3c212193c9bb837594460967e823067a9465eba7001eaf609a810488ef5c147aaa5e9e8c75b585ac3582b6915e20b5aa2f79b7a94857122988c56dbce1ea52de1a56652e839bb853be3ee16052b33fb83ca54d8e4e19440a5e81492107043a66286f63ca87a1f7b8a4e9547a7eb6005419cfd28cb37e9e374f4d0143973286e87070754025c1a6fccfdc6858eaca8c35ecb19584ce7141cc79a5bc813469161b87a19fc21f3373d1f25b3427916dd1be2a589b70ea3b39fcc7801e13beaf19b76164faf3dc4ab8faa5648d24eddd6caceaa0d5ac9cad633c19a4a4d059ee823a49b7cf82c5777d376c111f58ea8fd473429907852301a2c856f27bd0c687ab5be0e2bbef64ddee1601375a4440e3f59d60f57caebfe457f82432523ec4a61cdbb7f1e91e4b05fda892df131c274b19929d26f7a5a6d3ca487983f729601ed9bb4bf5c1cc3d453d406e9534688dec6a2dd0b9db149365c125a95e129565e62cc91f7d960abe1055b730ae0994e7eb08392d5745d0e4f529c4defc3d3e43d0815b0cc63effa88d20c13b14e780c2f6c89a1ee5e4db45a5c272186cc3e51b13dab3add5f467e8ca0f4c45a1fc76db2f0cbf794102946aafcd8cd8a3e935a606b9721645c4d550ae0907f345593736506efc626498c974753d474a73626041d3a54f8fb50de2a6335611a3779da3a02daceb2256d9b102d4d30dd3cd389a04b1a7a6076879f36534bb3379debb46ed1fa2c40096c752017dd024345c58313b43070ff7bef94dc3cafbe6ec20d59e5ea3c196ba3b783bfa87384407efc664cd350c80ac397516018e35371956e414755cde304d2a228c1540ba6fd6a7402d11c666964f024da4c016eb556ba2c5fab86c60c12efb1496295d80f0383526e8e0fc55a287bbd3cb966a916f57958d8b6ef97aa0c4b47f7746bab6b99698c1c96b25c4e2e084147866fe0970b109dd26984adc0758eb6442712cc46dcd8ed3038b0595252eed1b8a46525862662d1e67eba66ac341f8d27853eed54854f488f079bd48df6ce7a4be8b1b61fd23a2dc4d3ade0992011539cc63f80fcfc75008c20cb639348cb218f8f476a6d56917f4ca07e67fc20ea2e9642eaf2182b397e279f5f6c70438fb8aa39cba788588c181461ea7efe1a0dd5b95eb26f7158b91012f7ce0ee1b4e79ce4da377bea4551738a0f491a84f19b3be9827b4469c299527aa9c20b8bf12f919976a0356bba720fb91010763c79bcbb10d89280f0f97cdd19aa0d54828b308195fac170613cf4b515e340a9ef2c97f618a9f50b30ae34ebeed9a38b4c6969680accc740b154ecb014fb5d543a59ccb98a7de2823a2dec39f331cb503eb74fef61262c6d4050bc723caee834eb28c64ce007f6027375e936b62387cf1778970e88b0574a0106d4c855be7425767c551b2fa644d9d8a59f787e7610581b768057d229673344571c3d6e3f10975b2859f568398b1f38f89524d9ad0c1588617c3883a1227b714c81cdf28da54f33968c1c50f28da01c308eb31d319b3e77f96bec001c9300000000000000009cc0062283ac112868592619db14d629c47bfb793a723dcd2f7b07ae4ec14ca3ef4b955ea5b2b153a279b080f6236d418075b86850974c8850efb306d5c304e726bf2643b4403e6d46b0e0395b02e93308b4b2c3e957308d497dc51c753344a7878f1f0c91295fd76e3d1cc9ef813161c6b92b7ea6068ceb97d8f45a4ce57af7d7632d699951f7fe3c71c3a32b014c74425c67e5030546b10cf7edcec2eca5ba31dc62c08f83f35bc2e36b93f15f071bc2537ebe9ca19f86dce4e84272e10323d0ceaa2cc47fe4f6ad101d454c761f9863e94af91199ce5f12469bca7ba39314b84aa7efa4bdc18f7700c19511d48d6132450111d70401a8ac73565d5386ca12345e884d08b23f9c901000a95eb4167865e58c28b112f47c96beeaa6657c923e25e56529107c5c30e65bb485d5ed21b91332db4e09df7e59dcfa05c994570deb3f9b838e22ae4abbf9a9a8c319cc9112c8dba7c2278f78b9578b0254c46a4c04b8fa4fedad6bd275f70b1618971ef6503379bfb0eddfc9944328af2c820091a89e3f75e68e7f980ddc9154d273f7f2ce7a6294aefe93136860786679b80e41f6636ff45efeacfb52e2ba2bd9bd9c9030079a46caca5c4b340c17d01ba8ecbc5c561b2038481a8321c009d12136a3ad5461881d998eeaac5236fdcd8f81fb5e53848bb096d9198fd0d38830d1809f2a632b31e2b67754140c907ed58aead048b2d8af9a1c407e48db815212cfdcca97222dabdfe01f311a73e1e82c3e189ec5add48d3f8190eb9e14b58e540f7f1388a7c687629eadb19fd8a133dc8177629270ecaabff79efb6c1f750d89b9e6c5f34c6238066f8e3e425e46a27b3c0d2e9e2ed3cffe2a6f39b8e0137ea5de689b94107fb4748a5feb3902f0feba64dae4c2e69bc8d86463575c6b0ef4a8a64fef41121e57a8c67eda07e9fc8f98299677de198ea0a649ef3c00591940b2c27ba1414aaa1633deb52e3a44cfa8d7a00d014317c026a7d7f42a34b97128e1bf9cda4d8315819ac73ed5061bf9b5631d07b09b85b78ff1b6eb86e9e8c4faa0f991cd6fa0b0eb71b39c20ca9bc7c156f3bd255a5b408df172396bafd7f0fb11c6eaf1eb0a06576d37bee00424bf699584b1dfed68f0d8d8a35f0427c783fe2d79b4373628971e87501a5e4bb05b5058d0b2132741f26e76065b6f4017d963c8ee5605c4c5b6eebb96fca0a41893cb6add3fb0d728abeb860f22cedbd36e464bdaf124a7041460f7af3d64b54e9ffd240b5afad9baf6e5dd8406bc1b205da5848f51fc9dd5197716e144e1b0386614bd3cfd5ddb80ada1e5ca74c8960093a553b1f6288aa7f53663cdd867f658e51b95772dc7a6fa45fa03e14988a33250e6c16fbf0351769080d64ddfbdbf77e1215563bf2e82ecc38a682846d7e2e2ac4e87d715f97f15e84c3df04affee49612a735907d3c4d310a54a6f609873ad56f29a138f4d5661f6865e030487"}}, 0xfce) 1.137274553s ago: executing program 1 (id=478): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-384-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)=',', 0x1) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001b40)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x10002, 0x0) 1.098010724s ago: executing program 0 (id=479): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x40810) recvmsg$kcm(r0, &(0x7f0000000380)={0x0, 0x61, &(0x7f00000027c0)=[{&(0x7f0000000500)=""/4096, 0x1000}], 0x1}, 0x10100) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a80258c6394f90324fc60100005000a000200053582c137153e3704000780fc0b09000300", 0x33fe0}], 0x1}, 0x0) 959.336542ms ago: executing program 1 (id=480): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$nfc_llcp(r0, &(0x7f0000001040)={0x27, 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x0, "d92984bd1ca44c226af5160e961711a077609475b78411e88509de050000000000f2170e65e3f50327e422000000000000000000000200000000001900", 0x3c}, 0x60) listen(r0, 0xf5f) accept(r0, 0x0, 0x0) 728.757043ms ago: executing program 0 (id=481): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000001240)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0xb29, 0x14}, @ipv4=@udp={{0x6, 0x4, 0x3, 0x1b, 0x7f1, 0x66, 0x0, 0x40, 0x11, 0x0, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x3a}, {[@timestamp={0x44, 0x4, 0x1e, 0x0, 0x6}]}}, {0x4e20, 0x4e21, 0x7d9, 0x0, @wg=@data={0x4, 0x202, 0x1ff, "e8771ac366586e56f446dcd22ec94c672f1cd650516a2fbeddd0cb5cffc4ef63a1c2be9551171e48bb8559ac9077c099289048d76df434e4ec536c04816b127eb525176f5737b934b37a9d109ea3aa64d0fb30013becb29f6a39d4cbdbc4e2540996ed75b90498301c99df853d4baac4654e6f1a06cf03a87aa2d2d74199bcafa0dc84a8ea112fba51687b8727bb905c7b42a0c9b26559b4ecc397c6a33731df0fca1aee35968435e8129f8e6d52a0754fcaa693706c4557af6be8821983e702fdd3dac90b6cbe00b1fe59f5bcd890dbb87c0d8d80ba8727e4ff6b89af3ecda43705a9dc113396c950947e85193eabe1364909509babcad37d21392d071480ff4f69dc5db442263d4608ff94e5157c65bb35c3f4a7af6bfb562a317cf13292abdbd5ac3f31d47da6fe5e8be324c78b37e2f351955bbf5f18f86a0cd98d68dca14aea59917ce05e0dc0e3a2033d22a506109db846c49f8c7d575c02349736311e40bc497c9a7da1fe4f94d8e601a5cff4cbd63ed730a01c7f07dd74d603b951557b93e551b0e028232412d568dadc29c2c9e01ca85b83d779cd3b918f9c73ba471ee9079fc42b511b45c3d4f80a46f8e9ad22a05ef5422348ff415b2131e2b2ae0ef5fab9f678bc5ef02d611655d6264e0755e176ade135a971851bd22666ae753ff5135bf14a005cea45a8b163706ea52af786f2b48362ec8619f8f728ab9fee21bcc9e000d1c470a51cec5a510f06de4dc52fc82e0be10fe0ac55f09e086cdb7f5d5f935033e4925a6ca1b1ea42f511dafd63a3cc32bcfe20aca26adb6eded22fc956b96cf2b70b5e78dbf4c2da06438c9be342f44f1dbc9bc4e453bad09f8e7d2b611e9f33f681c4342e31fee49d613b170d9ae6c93c7ece1bf0d8aaf00870b6896b8fee4ee9d705608a044ec3537ae6c46b5345e4c41576911757d4ed5bdee8e14f73df14b88af36b4c303346d88b424fea428c77cabc55198fafbcec9b027f9a9759638d733fe2dec7996ddba717fd7e0f0188f9213701c304a2b01186c72a8cfdcb87dd9c8711ec0c438eb7c229b8dfbec5c14bfeec20810b4be8944f7d6f44e5bb8839b84afe25a8654ac821efb9c850394d452873db8e9f05de381103b1278f3b34ec0b920d3aa111c82fe424588debe04dd75ac991c5f650f0b8e72c1783d975d663fc0d939f32bca98650141b381af26436c6352d98a6e30843d956ad68f998851b8c64c49a59ca6937355ac4412009cd0a2e4cacf5b02063908f7937e7563e6f63703adc5aff159f3628eb64071fc74e4e66e142113a176c2a649d653f55e833a3f184f91995547a79f46c7ca02813136c920fe6f69fe466656518478ccb84c02d751a502dff90558ce066d9be71c8fa800d7a1d56b5ca52be3122aae2cfbfe1b11d454ad72bdf7fd9d450a74734594f5e566ac2a37ca8b648fee012bf7f83f1126743b0f4791592e17dfca010a3dafeac81b88c5a47d948fc772fe4b48146b10aa319a13ca4f4dc05861859929d3c1d69967d18290cc87777a4231a6ce8dc2a4e34450e3a7659c05e5e12239d768ef8394f82278b975a68497571d1e5191ac329a66b5219f3f7f20f21261cdc3028a3662b6c10198bf7d3d513b5b823d4703cb29d89b84da69a6358a269769a8b23712c6291e77fc4da837e0857b4bbc08bba0659c55a1e06fdf1736df13948824a37515f8c49de6d502519077197debfc74709ed564315279ec804c7a0305526b14efcab44364105aa805efd97f0444d6016e35712dba75b038ea63917e6163614a3a6c694d7612e00cddab8bd31f6ba146d08e949d50ed3b0ef8fd3412ffd020bfabbcfbc5c3fa436022de3fd973869066871ec639653f3b4b5f01374adf3b60940d241a5dda6df550662ccb1a4575e2419baf1a76a246c9b7f39a05c03d832aa28293a54c619865fed0fdccd570859ffc7b1844ea8cff1e12389382e39211e665fec9d82faf11fd2300412d24dab176515aff938a6b12b5427b7fa6b42a3042248977b2f4eae9d96534a85b9ed500f62866d39f5301a3b6e60d392248fcfad25c2803c875e00010f40caca1a5932e00765c3b52427a2a8d6875a73ccb3b8e78dd27555994bf4358b2e577efe8886939515be37889e3656a5e0a949619f0f0b9cae7dc59a2415bec72df3439e563cfe69b7952abfad6cb6a979c146355e590ace810017d04075f23a1554a81bcdfb82c2396fd61fe95cd0f9c2e394bdbb0900648675ec09b94b1d4672e613be577cb398bb5d188b7c09865e2edbb273f8d9b0ae836f24b34ae6cd22e37e1ab31c835c23bd8f6deb49402f19406b0c7cddfbe357ab496910a8efa939dd9ab91de3ba67d07103063fbf9ee6fbd7b61c6b65ebe735cfab2c1162b379a3cbcbdb14d82b7f2e707ddd896ac5085ef5b15da85663df079bd5ef6180c775a4b7d645630aa9ea704f69ec8ea052f8f41e62f0e6f78a5a846e9130c53eb29a7bab9b102bf08729243f6ffe0ee6f28e98e4d0c1f49813aa04c2774f1f076310d923e900fe1c609bc5a308421fb82a12b03b9be47ce6d88635bb1722739d1abcdbc28133de131d2151d76f565be56813bb3edcf4d870f4acd0bfe5b30d60ef065158bf7b8401096a1647de88c7b0144eacecabfdf9d48d91573e82f2efecab095339e799e36ab3ee1eb66db9f9c21d96bcb2b7bf4ab01e8e56df8c4bca2bed7732472468a3b447024bc997adff639ba35e2af10f661199c4a8a2b2a8e3e59ff4ed5da468c1c2c41001efc0529636ce4ef9dd6b28deed0ad5a758abd2a3a3f024f56dd17fb4b1"}}}}, 0x7ff) 572.681321ms ago: executing program 3 (id=482): r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000340)="2600000022004701050007108980e8ff06006d20002b1ffec0e90101c7bb0000b00000000000", 0x26) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000d9bffc), 0x4) sendto(r0, &(0x7f0000000380)="120000001200e7ef007b00000000000000a1", 0x12, 0x20000090, 0x0, 0x0) recvmsg(r0, &(0x7f0000003f00)={0x0, 0x0, 0x0}, 0x2000) 361.988211ms ago: executing program 1 (id=483): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000004c0)={r0}, 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x4, 0x19, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xb6}}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x0, 0x10, 0x10, &(0x7f00000006c0)="0000000005000000", &(0x7f0000000700)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 307.780404ms ago: executing program 3 (id=484): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000880)={0x54, r0, 0x1, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x10}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_FRAME={0x22, 0x33, @data_frame={@msdu=@type00={{0x0, 0x2, 0x8, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x1}, @device_a, @broadcast, @random="1f5ebc28d903", {0x4, 0xc}, "", @value={0x8, 0x0, 0x0, 0x0, 0x5}, @value=@ver_80211n={0x0, 0x7, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1}}, @a_msdu}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000085}, 0x80) 28.291998ms ago: executing program 0 (id=485): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) writev(r0, &(0x7f0000000840)=[{&(0x7f0000000080)="2e9b3d0007e03dd65193dfb6c57596", 0xf}, {&(0x7f0000000180)='\x00\x00\x00', 0x3}], 0x2) 14.248839ms ago: executing program 3 (id=486): syz_io_uring_setup(0x46a8, 0x0, 0xfffffffffffffffc, 0x0, 0x0) r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x82) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 0s ago: executing program 1 (id=487): r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20fffe82) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xec302, 0x0) preadv2(r2, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x1, 0x2000, 0x0, 0x1f) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.159' (ED25519) to the list of known hosts. [ 77.213750][ T5757] cgroup: Unknown subsys name 'net' [ 77.357296][ T5757] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 79.049631][ T5757] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 80.498116][ T5770] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.506793][ T5770] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.520584][ T5770] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.528968][ T5770] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.537063][ T5770] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 80.544671][ T5770] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.573186][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 80.581960][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.589824][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.598750][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.607134][ T51] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 80.614765][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.643648][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.653653][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.662861][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.671937][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.683048][ T5770] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 80.691187][ T5770] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.701111][ T5770] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.710478][ T5774] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.718078][ T5774] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.727878][ T5774] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.736898][ T5085] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 80.745695][ T5774] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 81.015414][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 81.172616][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.179946][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.187876][ T5771] bridge_slave_0: entered allmulticast mode [ 81.194909][ T5771] bridge_slave_0: entered promiscuous mode [ 81.207558][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.214946][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.222572][ T5771] bridge_slave_1: entered allmulticast mode [ 81.229376][ T5771] bridge_slave_1: entered promiscuous mode [ 81.236810][ T5768] chnl_net:caif_netlink_parms(): no params data found [ 81.294137][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.333629][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.401922][ T5775] chnl_net:caif_netlink_parms(): no params data found [ 81.416912][ T5771] team0: Port device team_slave_0 added [ 81.430547][ T5771] team0: Port device team_slave_1 added [ 81.456349][ T5777] chnl_net:caif_netlink_parms(): no params data found [ 81.510746][ T5768] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.517993][ T5768] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.525446][ T5768] bridge_slave_0: entered allmulticast mode [ 81.533340][ T5768] bridge_slave_0: entered promiscuous mode [ 81.542257][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.549257][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.575356][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.598328][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.605456][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.631461][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.667906][ T5768] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.675135][ T5768] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.682383][ T5768] bridge_slave_1: entered allmulticast mode [ 81.689218][ T5768] bridge_slave_1: entered promiscuous mode [ 81.750936][ T5777] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.758126][ T5777] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.765550][ T5777] bridge_slave_0: entered allmulticast mode [ 81.773248][ T5777] bridge_slave_0: entered promiscuous mode [ 81.786641][ T5777] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.794004][ T5777] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.801443][ T5777] bridge_slave_1: entered allmulticast mode [ 81.808987][ T5777] bridge_slave_1: entered promiscuous mode [ 81.829628][ T5768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.843091][ T5768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.923106][ T5775] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.930608][ T5775] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.937743][ T5775] bridge_slave_0: entered allmulticast mode [ 81.945292][ T5775] bridge_slave_0: entered promiscuous mode [ 81.969446][ T5771] hsr_slave_0: entered promiscuous mode [ 81.976183][ T5771] hsr_slave_1: entered promiscuous mode [ 81.988366][ T5768] team0: Port device team_slave_0 added [ 82.004078][ T5775] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.025469][ T5775] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.033365][ T5775] bridge_slave_1: entered allmulticast mode [ 82.046290][ T5775] bridge_slave_1: entered promiscuous mode [ 82.074906][ T5777] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.095141][ T5777] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.131109][ T5768] team0: Port device team_slave_1 added [ 82.166608][ T5775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.262819][ T5775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.317223][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.325921][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.358018][ T5768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.392715][ T5777] team0: Port device team_slave_0 added [ 82.406305][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.413408][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.444885][ T5768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.472133][ T5777] team0: Port device team_slave_1 added [ 82.504813][ T5775] team0: Port device team_slave_0 added [ 82.598265][ T5768] hsr_slave_0: entered promiscuous mode [ 82.605989][ T5768] hsr_slave_1: entered promiscuous mode [ 82.613057][ T5768] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.621504][ T5768] Cannot create hsr debugfs directory [ 82.629270][ T5775] team0: Port device team_slave_1 added [ 82.636204][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.643346][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.671502][ T5774] Bluetooth: hci0: command tx timeout [ 82.671517][ T51] Bluetooth: hci1: command tx timeout [ 82.671967][ T5777] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.700284][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.707267][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.733516][ T5777] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.815606][ T5774] Bluetooth: hci3: command tx timeout [ 82.815628][ T51] Bluetooth: hci2: command tx timeout [ 82.834528][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.841697][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.867767][ T5775] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.907844][ T5777] hsr_slave_0: entered promiscuous mode [ 82.914633][ T5777] hsr_slave_1: entered promiscuous mode [ 82.921335][ T5777] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.929036][ T5777] Cannot create hsr debugfs directory [ 82.935566][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.942860][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.968930][ T5775] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.132292][ T5775] hsr_slave_0: entered promiscuous mode [ 83.139113][ T5775] hsr_slave_1: entered promiscuous mode [ 83.153437][ T5775] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 83.161319][ T5775] Cannot create hsr debugfs directory [ 83.315671][ T5771] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 83.341253][ T5771] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 83.351481][ T5771] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 83.362778][ T5771] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 83.494885][ T5768] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 83.515570][ T5768] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 83.546570][ T5768] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 83.572029][ T5768] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 83.592696][ T5777] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 83.620752][ T5777] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 83.634048][ T5777] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 83.665218][ T5777] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 83.715413][ T5775] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 83.736946][ T5775] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 83.747897][ T5775] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 83.759155][ T5775] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 83.838317][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.895278][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.919883][ T2907] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.927276][ T2907] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.949051][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.956245][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.031680][ T5777] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.049657][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.082182][ T5768] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.102292][ T5777] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.127904][ T5771] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 84.145056][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.152295][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.180899][ T2935] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.188142][ T2935] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.223831][ T2935] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.231254][ T2935] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.249293][ T2935] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.256672][ T2935] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.382886][ T5775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.392450][ T5777] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 84.484447][ T5775] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.529029][ T2918] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.536365][ T2918] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.573256][ T2918] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.580730][ T2918] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.703268][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.731601][ T5774] Bluetooth: hci1: command tx timeout [ 84.731614][ T51] Bluetooth: hci0: command tx timeout [ 84.884080][ T5777] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.891642][ T51] Bluetooth: hci2: command tx timeout [ 84.900737][ T51] Bluetooth: hci3: command tx timeout [ 84.916505][ T5771] veth0_vlan: entered promiscuous mode [ 84.950012][ T5771] veth1_vlan: entered promiscuous mode [ 85.035360][ T5771] veth0_macvtap: entered promiscuous mode [ 85.062297][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.088863][ T5771] veth1_macvtap: entered promiscuous mode [ 85.099106][ T5777] veth0_vlan: entered promiscuous mode [ 85.158807][ T5777] veth1_vlan: entered promiscuous mode [ 85.174487][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.207311][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.248709][ T5771] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.258954][ T5771] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.270056][ T5771] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.279094][ T5771] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.306410][ T5775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.333865][ T5768] veth0_vlan: entered promiscuous mode [ 85.345322][ T5777] veth0_macvtap: entered promiscuous mode [ 85.373216][ T5777] veth1_macvtap: entered promiscuous mode [ 85.383631][ T5768] veth1_vlan: entered promiscuous mode [ 85.484318][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.498040][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.511810][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.538130][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.548943][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.563515][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.586710][ T5775] veth0_vlan: entered promiscuous mode [ 85.597325][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.602131][ T5775] veth1_vlan: entered promiscuous mode [ 85.611130][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.624428][ T5777] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.634505][ T5777] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.644085][ T5777] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.653013][ T5777] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.689295][ T5768] veth0_macvtap: entered promiscuous mode [ 85.718301][ T5768] veth1_macvtap: entered promiscuous mode [ 85.761183][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.766188][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.784071][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.798895][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.810499][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.821642][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.833349][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.866734][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.881973][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.893006][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.904461][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.915856][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.927060][ T5768] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.936809][ T5768] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.945767][ T5768] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.954751][ T5768] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.996832][ T2918] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.024681][ T2918] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.066477][ T5775] veth0_macvtap: entered promiscuous mode [ 86.107981][ T5775] veth1_macvtap: entered promiscuous mode [ 86.118131][ T2918] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.134629][ T2918] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.247561][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.268331][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.280323][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.293036][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.304087][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.318917][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.347945][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.384567][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.413605][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.438756][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.466609][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.470645][ T5835] syz.1.2[5835]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 86.476640][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.508008][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.531871][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.539315][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.555073][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.565369][ T5835] loop1: detected capacity change from 0 to 1024 [ 86.609423][ T5775] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.639266][ T5775] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.659476][ T5775] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.669284][ T5775] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.732298][ T5841] syz.0.7 uses obsolete (PF_INET,SOCK_PACKET) [ 86.739242][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.774917][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.811898][ T51] Bluetooth: hci0: command tx timeout [ 86.811912][ T5774] Bluetooth: hci1: command tx timeout [ 86.817854][ T5840] syzkaller1: entered promiscuous mode [ 86.845183][ T5840] syzkaller1: entered allmulticast mode [ 86.970361][ T5774] Bluetooth: hci3: command tx timeout [ 86.982282][ T5774] Bluetooth: hci2: command tx timeout [ 87.148481][ T28] cfg80211: failed to load regulatory.db [ 87.262339][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.297043][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.400676][ T2907] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.432909][ T2907] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.982955][ T5869] loop1: detected capacity change from 0 to 512 [ 88.070156][ T5869] EXT4-fs error (device loop1): ext4_iget_extra_inode:4739: inode #15: comm syz.1.18: corrupted in-inode xattr: e_value size too large [ 88.216497][ T5869] EXT4-fs error (device loop1): ext4_orphan_get:1409: comm syz.1.18: couldn't read orphan inode 15 (err -117) [ 88.324501][ T5869] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 88.532857][ T5777] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.891011][ T5774] Bluetooth: hci0: command tx timeout [ 88.900406][ T5774] Bluetooth: hci1: command tx timeout [ 88.960161][ T5882] loop1: detected capacity change from 0 to 4096 [ 89.003932][ T5864] loop2: detected capacity change from 0 to 40427 [ 89.027849][ T5864] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x35f7 [ 89.046043][ T5864] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x7ffff [ 89.059330][ T5864] F2FS-fs (loop2): Image doesn't support compression [ 89.069537][ T5774] Bluetooth: hci2: command tx timeout [ 89.075194][ T5774] Bluetooth: hci3: command tx timeout [ 89.093008][ T5864] F2FS-fs (loop2): invalid crc value [ 89.119544][ T5863] loop0: detected capacity change from 0 to 40427 [ 89.158509][ T5864] F2FS-fs (loop2): Found nat_bits in checkpoint [ 89.208007][ T5863] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x7ffff [ 89.244391][ T5886] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 89.259789][ T5863] F2FS-fs (loop0): invalid crc value [ 89.313328][ T5863] F2FS-fs (loop0): Found nat_bits in checkpoint [ 89.329408][ T5864] F2FS-fs (loop2): Start checkpoint disabled! [ 89.376227][ T5864] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 89.568950][ T5863] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 89.641684][ T5864] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_page of f2fs_get_new_data_page+0xcb/0x610 [ 89.780929][ T5863] syz.0.15: attempt to access beyond end of device [ 89.780929][ T5863] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 89.845045][ T5771] syz-executor: attempt to access beyond end of device [ 89.845045][ T5771] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 89.893477][ T5771] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 89.996167][ T2941] kworker/u4:11: attempt to access beyond end of device [ 89.996167][ T2941] loop2: rw=1, sector=53248, nr_sectors = 32 limit=40427 [ 90.012309][ T2941] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 90.019682][ T2941] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 90.045922][ T2941] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 90.053418][ T2941] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 90.220740][ T788] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 90.392157][ T5803] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 90.421110][ T788] usb 4-1: Using ep0 maxpacket: 16 [ 90.443239][ T788] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 90.463335][ T788] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.482540][ T788] usb 4-1: Product: syz [ 90.497932][ T788] usb 4-1: Manufacturer: syz [ 90.510877][ T788] usb 4-1: SerialNumber: syz [ 90.537944][ T788] usb 4-1: config 0 descriptor?? [ 90.555422][ T5903] loop0: detected capacity change from 0 to 128 [ 90.576256][ T5903] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1) [ 90.635902][ T5803] usb 2-1: Using ep0 maxpacket: 32 [ 90.647938][ T5803] usb 2-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 90.669718][ T5803] usb 2-1: config 0 interface 0 has no altsetting 0 [ 90.676938][ T5803] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00 [ 90.694877][ T5803] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.744324][ T5803] usb 2-1: config 0 descriptor?? [ 90.981376][ T788] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 91.019727][ T788] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 91.041997][ T788] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 91.067041][ T788] usb 4-1: media controller created [ 91.111339][ T5912] loop0: detected capacity change from 0 to 128 [ 91.129795][ T788] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 91.192046][ T5897] dtv5100: wlen = 0, aborting. [ 91.252148][ T788] zl10353_read_register: readreg error (reg=127, ret==0) [ 91.265902][ T788] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 91.275608][ T788] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 91.320124][ T788] usb 4-1: USB disconnect, device number 2 [ 91.499232][ T788] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 91.595682][ T5803] corsair-psu 0003:1B1C:1C09.0001: hidraw0: USB HID v4.08 Device [HID 1b1c:1c09] on usb-dummy_hcd.1-1/input0 [ 91.775274][ T5803] corsair-psu 0003:1B1C:1C09.0001: unable to initialize device (-95) [ 91.808460][ T5803] corsair-psu: probe of 0003:1B1C:1C09.0001 failed with error -95 [ 92.051275][ T2173] usb 2-1: USB disconnect, device number 2 [ 92.431719][ T5943] loop3: detected capacity change from 0 to 4096 [ 92.432374][ T5945] syzkaller1: entered promiscuous mode [ 92.439233][ T5943] EXT4-fs: inline encryption not supported [ 92.459234][ T5945] syzkaller1: entered allmulticast mode [ 92.598384][ T5943] EXT4-fs (loop3): Test dummy encryption mode enabled [ 92.632685][ T5943] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c019, mo2=0003] [ 92.677047][ T5943] System zones: 0-5 [ 92.696627][ T5943] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.758909][ T5952] loop0: detected capacity change from 0 to 512 [ 92.800710][ T5952] EXT4-fs (loop0): 1 truncate cleaned up [ 92.821034][ T5955] loop1: detected capacity change from 0 to 64 [ 92.831855][ T5952] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 92.994400][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.198800][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.396289][ T5965] loop3: detected capacity change from 0 to 64 [ 93.444803][ T5966] process 'syz.1.55' launched './file0' with NULL argv: empty string added [ 93.494776][ T5966] Invalid argument reading file caps for ./file0 [ 95.098186][ T2131] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 95.226170][ T6012] loop1: detected capacity change from 0 to 164 [ 95.285037][ T2131] usb 4-1: Using ep0 maxpacket: 32 [ 95.305240][ T2131] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 95.320296][ T2131] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 95.346665][ T2131] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 95.388520][ T2131] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 95.400909][ T6016] serio: Serial port ptm0 [ 95.428245][ T2131] usb 4-1: config 0 interface 0 has no altsetting 0 [ 95.446521][ T2131] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 95.469869][ T2131] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 95.479816][ T2131] usb 4-1: Product: syz [ 95.484409][ T2131] usb 4-1: Manufacturer: syz [ 95.489159][ T2131] usb 4-1: SerialNumber: syz [ 95.496751][ T2131] usb 4-1: config 0 descriptor?? [ 95.506184][ T2131] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 95.525102][ T2131] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 95.787208][ T2131] usb 4-1: USB disconnect, device number 3 [ 95.793176][ C1] ldusb 4-1:0.0: usb_submit_urb failed (-19) [ 95.816254][ T2131] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 95.823424][ T6023] netlink: 4 bytes leftover after parsing attributes in process `syz.0.78'. [ 96.429324][ T6040] loop0: detected capacity change from 0 to 4096 [ 96.770850][ T6044] loop3: detected capacity change from 0 to 1024 [ 96.856468][ T6044] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 97.013279][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.329762][ T6042] loop1: detected capacity change from 0 to 32768 [ 97.390699][ T6042] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.86 (6042) [ 97.461494][ T6042] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 97.492011][ T6042] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 97.518864][ T6042] BTRFS info (device loop1): enabling auto defrag [ 97.537950][ T6042] BTRFS info (device loop1): use no compression [ 97.561863][ T6042] BTRFS info (device loop1): force clearing of disk cache [ 97.569545][ T6042] BTRFS info (device loop1): max_inline at 4096 [ 97.609735][ T6042] BTRFS info (device loop1): disabling free space tree [ 97.728774][ T6061] loop3: detected capacity change from 0 to 2048 [ 97.868582][ T6042] BTRFS info (device loop1): enabling ssd optimizations [ 97.903350][ T6061] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 97.904803][ T6042] BTRFS info (device loop1): auto enabling async discard [ 97.934911][ T6042] BTRFS info (device loop1): rebuilding free space tree [ 98.068667][ T6042] BTRFS info (device loop1): disabling free space tree [ 98.094901][ T6042] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 98.124020][ T6042] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 98.167961][ T2935] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 98.196460][ T6085] loop0: detected capacity change from 0 to 256 [ 98.199969][ T2935] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 98.281094][ T2935] EXT4-fs (loop3): This should not happen!! Data will be lost [ 98.281094][ T2935] [ 98.303619][ T2935] EXT4-fs (loop3): Total free blocks count 0 [ 98.319538][ T2935] EXT4-fs (loop3): Free/Dirty block details [ 98.339613][ T2935] EXT4-fs (loop3): free_blocks=2415919504 [ 98.364733][ T2935] EXT4-fs (loop3): dirty_blocks=32 [ 98.387318][ T2935] EXT4-fs (loop3): Block reservation details [ 98.400311][ T2935] EXT4-fs (loop3): i_reserved_data_blocks=2 [ 98.433042][ T11] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 159 with max blocks 1 with error 28 [ 98.666590][ T5777] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 98.709299][ T6091] sctp: [Deprecated]: syz.3.98 (pid 6091) Use of int in max_burst socket option deprecated. [ 98.709299][ T6091] Use struct sctp_assoc_value instead [ 99.572213][ T6104] netlink: 12 bytes leftover after parsing attributes in process `syz.3.104'. [ 100.094539][ T6089] loop0: detected capacity change from 0 to 32768 [ 100.344034][ T6089] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 100.440191][ C1] sched: RT throttling activated [ 100.659913][ T6089] XFS (loop0): Ending clean mount [ 100.747138][ T6089] XFS (loop0): Quotacheck needed: Please wait. [ 100.762732][ T6101] loop2: detected capacity change from 0 to 131072 [ 100.792165][ T6101] F2FS-fs (loop2): invalid crc value [ 100.817021][ T6101] F2FS-fs (loop2): Found nat_bits in checkpoint [ 100.860883][ T788] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 100.899912][ T6101] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 100.908955][ T6089] XFS (loop0): Quotacheck: Done. [ 101.082642][ T788] usb 4-1: config 0 has no interfaces? [ 101.118673][ T788] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 101.151728][ T788] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.170026][ T788] usb 4-1: Product: syz [ 101.180268][ T788] usb 4-1: Manufacturer: syz [ 101.189648][ T788] usb 4-1: SerialNumber: syz [ 101.222483][ T788] usb 4-1: config 0 descriptor?? [ 101.331046][ T5771] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 101.558624][ T788] usb 4-1: USB disconnect, device number 4 [ 102.130307][ T788] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 102.261626][ T6136] loop3: detected capacity change from 0 to 4096 [ 102.281019][ T6136] EXT4-fs: inline encryption not supported [ 102.297969][ T6136] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 102.340468][ T5803] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 102.344168][ T6136] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=8856c019, mo2=0003] [ 102.360656][ T788] usb 1-1: Using ep0 maxpacket: 8 [ 102.373148][ T788] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 102.382640][ T788] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.390739][ T788] usb 1-1: Product: syz [ 102.395365][ T788] usb 1-1: Manufacturer: syz [ 102.397245][ T6136] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.400023][ T788] usb 1-1: SerialNumber: syz [ 102.423125][ T788] usb 1-1: config 0 descriptor?? [ 102.433839][ T788] gspca_main: se401-2.14.0 probing 047d:5003 [ 102.558952][ T5803] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 102.570571][ T5803] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 102.597710][ T5803] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 102.610347][ T5803] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 102.629231][ T5803] usb 2-1: SerialNumber: syz [ 102.861675][ T788] gspca_se401: ExtraFeatures: 48 [ 102.869939][ T788] gspca_se401: Frame size: 0x0 1/16th janggu [ 102.885731][ T5803] usb 2-1: 0:2 : does not exist [ 102.896638][ T788] gspca_se401: Frame size: 0x0 1/16th janggu [ 102.912776][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.924744][ T788] gspca_se401: Frame size: 0x0 1/16th janggu [ 102.941883][ T788] gspca_se401: Frame size: 0x0 1/16th janggu [ 102.953862][ T788] gspca_se401: Frame size: 0x0 1/16th janggu [ 102.963046][ T5803] usb 2-1: USB disconnect, device number 3 [ 102.971218][ T788] gspca_se401: Frame size: 0x0 1/16th janggu [ 103.021583][ T788] gspca_se401: Frame size: 0x0 1/16th janggu [ 103.064824][ T788] gspca_se401: Frame size: 0x0 1/16th janggu [ 103.084674][ T788] gspca_se401: Frame size: 0x0 1/16th janggu [ 103.100499][ T788] gspca_se401: Frame size: 0x0 1/16th janggu [ 103.145903][ T5920] udevd[5920]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 103.148380][ T788] input: se401 as /devices/platform/dummy_hcd.0/usb1/1-1/input/input5 [ 103.490302][ T788] usb 1-1: USB disconnect, device number 2 [ 104.003463][ T6140] loop3: detected capacity change from 0 to 32768 [ 104.059016][ T6140] XFS (loop3): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 104.208326][ T6140] XFS (loop3): Ending clean mount [ 104.557996][ T5775] XFS (loop3): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 104.885529][ T6173] loop1: detected capacity change from 0 to 512 [ 105.550737][ T6194] ======================================================= [ 105.550737][ T6194] WARNING: The mand mount option has been deprecated and [ 105.550737][ T6194] and is ignored by this kernel. Remove the mand [ 105.550737][ T6194] option from the mount to silence this warning. [ 105.550737][ T6194] ======================================================= [ 105.585727][ C0] vkms_vblank_simulate: vblank timer overrun [ 105.666617][ T6196] loop0: detected capacity change from 0 to 8192 [ 105.697439][ T6196] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 105.711395][ T6196] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 105.722342][ T6196] REISERFS (device loop0): using ordered data mode [ 105.729131][ T6196] reiserfs: using flush barriers [ 105.737879][ T6196] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 105.756638][ T6196] REISERFS (device loop0): checking transaction log (loop0) [ 105.883807][ T6196] REISERFS (device loop0): Using tea hash to sort names [ 105.893043][ T6196] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 106.284914][ T6205] syzkaller1: entered promiscuous mode [ 106.294719][ T6205] syzkaller1: entered allmulticast mode [ 106.854990][ T6224] loop2: detected capacity change from 0 to 256 [ 107.590432][ T28] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 107.638246][ T6230] loop0: detected capacity change from 0 to 32768 [ 107.739200][ T6230] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 107.782816][ T28] usb 4-1: config 0 has an invalid interface number: 74 but max is 0 [ 107.800391][ T28] usb 4-1: config 0 has no interface number 0 [ 107.806687][ T28] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 107.826005][ T28] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.842907][ T28] usb 4-1: config 0 descriptor?? [ 107.858468][ T28] cp210x 4-1:0.74: cp210x converter detected [ 107.944800][ T6235] (syz.0.152,6235,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=16, inode=65, rec_len=12, name_len=0 [ 107.990308][ T6235] (syz.0.152,6235,1):ocfs2_prepare_dir_for_insert:4312 ERROR: status = -2 [ 108.005316][ T6235] (syz.0.152,6235,1):ocfs2_mknod:298 ERROR: status = -2 [ 108.012875][ T6235] (syz.0.152,6235,1):ocfs2_mknod:502 ERROR: status = -2 [ 108.019918][ T6235] (syz.0.152,6235,1):ocfs2_create:676 ERROR: status = -2 [ 108.284578][ T28] cp210x 4-1:0.74: failed to get vendor val 0x000e size 3: -32 [ 108.516141][ T28] cp210x 4-1:0.74: GPIO initialisation failed: -19 [ 108.538520][ T28] usb 4-1: cp210x converter now attached to ttyUSB0 [ 108.783943][ T28] usb 4-1: USB disconnect, device number 5 [ 108.820669][ T28] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 108.835448][ T28] cp210x 4-1:0.74: device disconnected [ 109.764462][ T5771] ocfs2: Unmounting device (7,0) on (node local) [ 110.303040][ T6258] netlink: 'syz.2.164': attribute type 10 has an invalid length. [ 110.354958][ T6258] team0: Port device dummy0 added [ 110.395605][ T6261] netlink: 'syz.2.164': attribute type 10 has an invalid length. [ 110.421260][ T6263] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 110.450564][ T6261] team0: Port device dummy0 removed [ 110.503930][ T6261] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 110.532893][ T6265] block nbd0: NBD_DISCONNECT [ 110.694948][ T6258] syz.2.164 (6258) used greatest stack depth: 19920 bytes left [ 110.771891][ T6273] warning: `syz.0.170' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 110.900456][ T8] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 111.110863][ T8] usb 2-1: Using ep0 maxpacket: 32 [ 111.119006][ T8] usb 2-1: unable to get BOS descriptor or descriptor too short [ 111.132740][ T8] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 111.149912][ T8] usb 2-1: config 1 interface 0 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 111.193521][ T8] usb 2-1: config 1 interface 0 has no altsetting 0 [ 111.214149][ T8] usb 2-1: New USB device found, idVendor=03f0, idProduct=0004, bcdDevice= 0.40 [ 111.228060][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.244192][ T8] usb 2-1: Product: syz [ 111.248432][ T8] usb 2-1: Manufacturer: syz [ 111.253756][ T8] usb 2-1: SerialNumber: syz [ 111.388285][ T6286] syzkaller1: entered promiscuous mode [ 111.398664][ T6286] syzkaller1: entered allmulticast mode [ 111.500414][ T8] usb-storage 2-1:1.0: USB Mass Storage device detected [ 111.621448][ T8] usb 2-1: USB disconnect, device number 4 [ 111.793811][ T6297] capability: warning: `syz.3.181' uses deprecated v2 capabilities in a way that may be insecure [ 111.806968][ T6297] overlayfs: failed to create directory ./file1/work (errno: 13); mounting read-only [ 111.824139][ T6297] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 111.844578][ T6297] overlayfs: fs on './file0' does not support file handles, falling back to xino=off. [ 112.055662][ T6305] trusted_key: syz.0.185 sent an empty control message without MSG_MORE. [ 112.216686][ T6309] Bluetooth: MGMT ver 1.22 [ 112.346006][ T6313] loop1: detected capacity change from 0 to 1024 [ 112.545585][ T6313] hfsplus: invalid catalog entry type in lookup [ 112.921828][ T6327] netlink: 4 bytes leftover after parsing attributes in process `syz.2.196'. [ 112.980461][ T788] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 113.202512][ T788] usb 4-1: config 0 has no interfaces? [ 113.222309][ T788] usb 4-1: New USB device found, idVendor=1822, idProduct=3202, bcdDevice=13.4a [ 113.247836][ T788] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.260373][ T788] usb 4-1: Product: syz [ 113.264686][ T788] usb 4-1: Manufacturer: syz [ 113.279653][ T788] usb 4-1: SerialNumber: syz [ 113.296633][ T788] usb 4-1: config 0 descriptor?? [ 113.483083][ T6325] loop1: detected capacity change from 0 to 32768 [ 113.551697][ T28] usb 4-1: USB disconnect, device number 6 [ 113.578008][ T6325] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 113.627459][ T6345] netlink: 96 bytes leftover after parsing attributes in process `syz.0.201'. [ 113.671057][ T6325] XFS (loop1): Ending clean mount [ 113.807315][ T28] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 113.808749][ T5777] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 113.833613][ T28] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 115.206520][ T6361] loop2: detected capacity change from 0 to 32768 [ 115.597295][ T6385] netlink: 'syz.1.218': attribute type 3 has an invalid length. [ 115.605733][ T6385] netlink: 'syz.1.218': attribute type 4 has an invalid length. [ 115.620264][ T6385] netlink: 'syz.1.218': attribute type 7 has an invalid length. [ 115.628059][ T6385] netlink: 'syz.1.218': attribute type 8 has an invalid length. [ 115.639626][ T6385] netlink: 'syz.1.218': attribute type 7 has an invalid length. [ 115.647768][ T6385] netlink: 198048 bytes leftover after parsing attributes in process `syz.1.218'. [ 115.735611][ T6378] loop0: detected capacity change from 0 to 32768 [ 115.867547][ T6378] JBD2: Ignoring recovery information on journal [ 116.054838][ T6378] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 116.621485][ T5771] ocfs2: Unmounting device (7,0) on (node local) [ 116.863185][ T6405] loop3: detected capacity change from 0 to 64 [ 117.354501][ T6413] loop1: detected capacity change from 0 to 1024 [ 117.480289][ T27] audit: type=1800 audit(1776997604.202:2): pid=6413 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.226" name="file1" dev="loop1" ino=20 res=0 errno=0 [ 117.500901][ T6410] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 117.509144][ T6410] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 117.553087][ T6413] syz.1.226: attempt to access beyond end of device [ 117.553087][ T6413] loop1: rw=0, sector=5778, nr_sectors = 2 limit=1024 [ 117.585795][ T6413] Buffer I/O error on dev loop1, logical block 2889, async page read [ 117.617665][ T6413] syz.1.226: attempt to access beyond end of device [ 117.617665][ T6413] loop1: rw=0, sector=5778, nr_sectors = 2 limit=1024 [ 117.647527][ T6413] Buffer I/O error on dev loop1, logical block 2889, async page read [ 117.737377][ T27] audit: type=1800 audit(1776997604.392:3): pid=6413 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.226" name="file1" dev="loop1" ino=20 res=0 errno=0 [ 118.045770][ T6417] loop2: detected capacity change from 0 to 32768 [ 118.067643][ T6417] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 118.076488][ T6417] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 118.258271][ T6417] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 118.271780][ T28] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 118.278896][ T28] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 118.446872][ T28] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 167ms [ 118.465971][ T28] gfs2: fsid=syz:syz.0: jid=0: Done [ 118.493199][ T6417] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 118.811864][ T788] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 119.020357][ T788] usb 2-1: Using ep0 maxpacket: 16 [ 119.055911][ T788] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 119.100239][ T788] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 119.127820][ T788] usb 2-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice=e3.00 [ 119.172549][ T788] usb 2-1: New USB device strings: Mfr=30, Product=0, SerialNumber=0 [ 119.200818][ T788] usb 2-1: Manufacturer: syz [ 119.215392][ T788] usb 2-1: config 0 descriptor?? [ 119.911502][ T788] letsketch 0003:6161:4D15.0003: Device info: 騭 [ 119.993876][ T6442] loop2: detected capacity change from 0 to 8192 [ 120.113769][ T788] letsketch 0003:6161:4D15.0003: Device info: 肿 [ 120.361530][ T788] usb 2-1: Max retries (5) exceeded reading string descriptor 202 [ 120.374565][ T788] letsketch: probe of 0003:6161:4D15.0003 failed with error -71 [ 120.408399][ T788] usb 2-1: USB disconnect, device number 5 [ 120.585149][ T6437] loop3: detected capacity change from 0 to 32768 [ 120.622889][ T6437] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.235 (6437) [ 120.755501][ T6437] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 120.811902][ T6437] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 120.860962][ T6437] BTRFS info (device loop3): setting nodatacow, compression disabled [ 120.918121][ T6437] BTRFS info (device loop3): trying to use backup root at mount time [ 120.947107][ T6437] BTRFS info (device loop3): enabling auto defrag [ 120.963503][ T6437] BTRFS info (device loop3): max_inline at 0 [ 120.978008][ T6437] BTRFS info (device loop3): using free space tree [ 121.010825][ T788] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 121.195700][ T6437] BTRFS info (device loop3): auto enabling async discard [ 121.210434][ T788] usb 1-1: Using ep0 maxpacket: 32 [ 121.234693][ T788] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 121.260436][ T788] usb 1-1: config 0 has no interface number 0 [ 121.287408][ T788] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 121.324572][ T788] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.354488][ T788] usb 1-1: Product: syz [ 121.360300][ T788] usb 1-1: Manufacturer: syz [ 121.375171][ T788] usb 1-1: SerialNumber: syz [ 121.411433][ T788] usb 1-1: config 0 descriptor?? [ 121.444526][ T788] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 121.664773][ T788] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 121.700545][ T788] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 121.963474][ T6474] loop1: detected capacity change from 0 to 32768 [ 122.200700][ C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 122.212752][ T8] usb 1-1: USB disconnect, device number 3 [ 122.248678][ T8] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 122.293504][ T8] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 122.314256][ T5775] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 122.331086][ T8] quatech2 1-1:0.51: device disconnected [ 122.461926][ T6488] netlink: 'syz.1.253': attribute type 5 has an invalid length. [ 122.520975][ T2131] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 122.730296][ T2131] usb 3-1: Using ep0 maxpacket: 32 [ 122.744149][ T2131] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 122.770344][ T2131] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 122.783295][ T2131] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 122.801687][ T2131] usb 3-1: config 1 has no interface number 0 [ 122.812448][ T2131] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 122.855685][ T2131] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 122.915402][ T2131] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 122.947001][ T2131] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.977042][ T2131] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 123.219711][ T2131] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached [ 123.482574][ T6505] Trying to write to read-only block-device nullb0 [ 123.733053][ T2131] usb 3-1: USB disconnect, device number 2 [ 123.751952][ T2131] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 124.184260][ T6517] syzkaller1: entered promiscuous mode [ 124.189783][ T6517] syzkaller1: entered allmulticast mode [ 124.430317][ T8] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 124.557752][ T6528] loop3: detected capacity change from 0 to 4096 [ 124.571613][ T6528] ntfs: (device loop3): ntfs_read_locked_inode(): $DATA attribute is missing. [ 124.580804][ T6528] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 124.595308][ T6528] ntfs: (device loop3): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 124.609440][ T6528] ntfs: volume version 3.1. [ 124.620512][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 124.646850][ T8] usb 2-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 124.670273][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.688152][ T8] usb 2-1: Product: syz [ 124.703034][ T8] usb 2-1: Manufacturer: syz [ 124.708517][ T8] usb 2-1: SerialNumber: syz [ 124.729195][ T8] usb 2-1: config 0 descriptor?? [ 124.757123][ T8] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 124.915517][ T5775] ntfs: (device loop3): ntfs_put_super(): Volume has errors. Leaving volume marked dirty. Run chkdsk. [ 125.727203][ T6550] input: syz1 as /devices/virtual/input/input6 [ 125.749452][ T6550] input: failed to attach handler leds to device input6, error: -6 [ 125.859038][ T2131] usb 2-1: USB disconnect, device number 6 [ 126.055655][ T8] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 126.264776][ T8] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 126.286348][ T8] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 126.297238][ T6557] loop2: detected capacity change from 0 to 8192 [ 126.303816][ T8] usb 1-1: config 0 interface 0 has no altsetting 0 [ 126.329313][ T6557] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 126.331127][ T8] usb 1-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 126.352083][ T6557] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 126.369179][ T6557] REISERFS (device loop2): using ordered data mode [ 126.393964][ T6557] reiserfs: using flush barriers [ 126.401156][ T6557] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 126.421809][ T6557] REISERFS (device loop2): checking transaction log (loop2) [ 126.433520][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.449220][ T6557] REISERFS (device loop2): Using r5 hash to sort names [ 126.491792][ T8] usb 1-1: config 0 descriptor?? [ 126.502895][ T6557] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 126.713638][ T6557] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2 [ 126.759386][ T6557] REISERFS error (device loop2): vs-5150 search_by_key: invalid format found in block 540. Fsck? [ 126.777197][ T6557] REISERFS (device loop2): Remounting filesystem read-only [ 126.785061][ T6557] REISERFS error (device loop2): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data [ 126.915787][ T8] hid-steam 0003:28DE:1102.0004: unknown main item tag 0x0 [ 126.929473][ T8] hid-steam 0003:28DE:1102.0004: unknown main item tag 0x0 [ 126.939685][ T8] hid-steam 0003:28DE:1102.0004: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.0-1/input0 [ 127.034377][ T8] hid-steam 0003:28DE:1102.0004: Steam Controller 'XXXXXXXXXX' connected [ 127.083703][ T8] input: Steam Controller as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:28DE:1102.0004/input/input7 [ 127.183157][ T8] hid-steam 0003:28DE:1102.0005: unknown main item tag 0x0 [ 127.197726][ T8] hid-steam 0003:28DE:1102.0005: unknown main item tag 0x0 [ 127.232909][ T8] hid-steam 0003:28DE:1102.0005: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.0-1/input0 [ 127.410724][ T2131] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 127.424448][ T6577] loop1: detected capacity change from 0 to 2048 [ 127.464714][ T6577] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 127.483418][ T6577] ext4 filesystem being mounted at /65/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 127.529515][ T6577] fs-verity: sha512 using implementation "sha512-avx2" [ 127.594372][ T5777] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.619381][ T2131] usb 3-1: Using ep0 maxpacket: 32 [ 127.632812][ T2131] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 127.656456][ T2131] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.684264][ T2131] usb 3-1: config 0 descriptor?? [ 127.800966][ T5806] usb 1-1: USB disconnect, device number 4 [ 127.927413][ T5806] hid-steam 0003:28DE:1102.0004: Steam Controller 'XXXXXXXXXX' disconnected [ 127.949842][ T2131] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 127.986737][ T2131] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 128.010835][ T2131] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 128.031706][ T2131] usb 3-1: media controller created [ 128.077866][ T2131] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 128.146021][ T6590] loop0: detected capacity change from 0 to 4096 [ 128.150674][ T2131] az6027: usb out operation failed. (-71) [ 128.159106][ T2131] az6027: usb out operation failed. (-71) [ 128.168309][ T2131] stb0899_attach: Driver disabled by Kconfig [ 128.178006][ T2131] az6027: no front-end attached [ 128.178006][ T2131] [ 128.188810][ T8] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 128.206690][ T2131] az6027: usb out operation failed. (-71) [ 128.216755][ T2131] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 128.229942][ T6590] EXT4-fs (loop0): Test dummy encryption mode enabled [ 128.241457][ T2131] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input8 [ 128.264925][ T6590] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.338978][ T2131] dvb-usb: schedule remote query interval to 400 msecs. [ 128.375227][ T2131] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 128.392625][ T8] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 128.407857][ T8] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 128.426390][ T2131] usb 3-1: USB disconnect, device number 3 [ 128.428502][ T8] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 128.450726][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 128.469528][ T8] usb 2-1: SerialNumber: syz [ 128.604343][ T2131] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 128.696533][ T6599] loop3: detected capacity change from 0 to 2048 [ 128.714820][ T6590] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 128.725575][ T8] usb 2-1: 0:2 : does not exist [ 128.763683][ T6599] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 128.808521][ T8] usb 2-1: USB disconnect, device number 7 [ 128.846482][ T5761] udevd[5761]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 128.931219][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.486617][ T6612] netlink: 4 bytes leftover after parsing attributes in process `syz.1.303'. [ 129.682287][ T6602] loop3: detected capacity change from 0 to 32768 [ 129.747521][ T6602] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 129.830694][ T6602] XFS (loop3): Ending clean mount [ 129.850659][ T6602] XFS (loop3): Quotacheck needed: Please wait. [ 129.927750][ T6610] loop2: detected capacity change from 0 to 32768 [ 129.945118][ T6602] XFS (loop3): Quotacheck: Done. [ 130.045422][ T6610] JBD2: Ignoring recovery information on journal [ 130.119911][ T6610] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 130.243297][ T5775] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 130.305975][ T6610] overlayfs: upper fs does not support tmpfile. [ 130.346120][ T6610] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 130.461998][ T6610] overlayfs: upper fs missing required features. [ 130.613838][ T5768] ocfs2: Unmounting device (7,2) on (node local) [ 131.894699][ T6642] loop2: detected capacity change from 0 to 40427 [ 131.930428][ T6642] F2FS-fs (loop2): Corrupted extension count (327717 + 1 > 64) [ 131.938122][ T6642] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 131.975279][ T6642] F2FS-fs (loop2): build fault injection attr: rate: 771, type: 0x7ffff [ 132.027365][ T6642] F2FS-fs (loop2): invalid crc value [ 132.065859][ T6642] F2FS-fs (loop2): Found nat_bits in checkpoint [ 132.204202][ T6664] loop0: detected capacity change from 0 to 512 [ 132.219372][ T6664] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 132.241655][ T6664] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 132.252032][ T6642] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 132.259237][ T6642] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 132.329497][ T6664] EXT4-fs error (device loop0): ext4_orphan_get:1404: inode #15: comm syz.0.319: inode has both inline data and extents flags [ 132.386771][ T6664] EXT4-fs error (device loop0): ext4_orphan_get:1409: comm syz.0.319: couldn't read orphan inode 15 (err -117) [ 132.424513][ T6664] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 132.442310][ T6642] F2FS-fs (loop2): inject no more block in inc_valid_block_count of f2fs_map_blocks+0x12c0/0x3e60 [ 132.550825][ T6664] EXT4-fs error (device loop0): ext4_read_inline_dir:1591: inode #12: block 7: comm syz.0.319: path /99/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=40, inode=2085390, rec_len=0, size=80 fake=0 [ 132.604451][ T5768] syz-executor: attempt to access beyond end of device [ 132.604451][ T5768] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 132.631178][ T5768] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 132.663707][ T6675] loop3: detected capacity change from 0 to 256 [ 132.677026][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.784473][ T6675] FAT-fs (loop3): Directory bread(block 64) failed [ 132.815587][ T6675] FAT-fs (loop3): Directory bread(block 65) failed [ 132.849945][ T6675] FAT-fs (loop3): Directory bread(block 66) failed [ 132.866809][ T6675] FAT-fs (loop3): Directory bread(block 67) failed [ 132.875152][ T6675] FAT-fs (loop3): Directory bread(block 68) failed [ 132.883473][ T6675] FAT-fs (loop3): Directory bread(block 69) failed [ 132.894575][ T6679] netlink: 104 bytes leftover after parsing attributes in process `syz.1.328'. [ 132.904213][ T6675] FAT-fs (loop3): Directory bread(block 70) failed [ 132.912555][ T6675] FAT-fs (loop3): Directory bread(block 71) failed [ 132.919216][ T6675] FAT-fs (loop3): Directory bread(block 72) failed [ 132.940346][ T6675] FAT-fs (loop3): Directory bread(block 73) failed [ 133.226762][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.237339][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.163370][ T6681] loop0: detected capacity change from 0 to 131072 [ 134.171170][ T6681] XFS: ikeep mount option is deprecated. [ 134.291051][ T6681] XFS (loop0): Mounting V5 Filesystem b93a8937-ccd4-41a2-86c7-66a1570a2846 [ 134.316129][ T6699] loop2: detected capacity change from 0 to 128 [ 134.431236][ T6699] FAT-fs (loop2): Directory bread(block 414) failed [ 134.448773][ T6699] FAT-fs (loop2): Directory bread(block 415) failed [ 134.458864][ T6699] FAT-fs (loop2): Directory bread(block 416) failed [ 134.475483][ T6699] FAT-fs (loop2): Directory bread(block 417) failed [ 134.530570][ T6699] FAT-fs (loop2): Directory bread(block 418) failed [ 134.579820][ T6699] FAT-fs (loop2): Directory bread(block 419) failed [ 134.613076][ T6699] FAT-fs (loop2): Directory bread(block 420) failed [ 134.625971][ T6681] XFS (loop0): Starting recovery (logdev: internal) [ 134.651811][ T6699] FAT-fs (loop2): Directory bread(block 421) failed [ 134.686704][ T6681] XFS (loop0): Ending recovery (logdev: internal) [ 134.712204][ T6706] tipc: Started in network mode [ 134.749204][ T6706] tipc: Node identity , cluster identity 4711 [ 134.772865][ T6699] FAT-fs (loop2): FAT read failed (blocknr 128) [ 134.912529][ T6699] FAT-fs (loop2): FAT read failed (blocknr 128) [ 135.157593][ T5771] XFS (loop0): Unmounting Filesystem b93a8937-ccd4-41a2-86c7-66a1570a2846 [ 135.223683][ T6711] netlink: 'syz.2.337': attribute type 39 has an invalid length. [ 135.234506][ T6704] loop1: detected capacity change from 0 to 32768 [ 135.316289][ T27] audit: type=1800 audit(1776997622.042:4): pid=6704 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.333" name="file0" dev="loop1" ino=7 res=0 errno=0 [ 135.906781][ T6709] loop3: detected capacity change from 0 to 40427 [ 135.919176][ T6709] F2FS-fs (loop3): Corrupted extension count (327717 + 1 > 64) [ 135.932918][ T6709] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 135.944479][ T6709] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x7ffff [ 135.969680][ T6709] F2FS-fs (loop3): invalid crc value [ 136.010345][ T6709] F2FS-fs (loop3): Found nat_bits in checkpoint [ 136.105696][ T6709] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 136.112971][ T6709] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 136.236081][ T6714] loop2: detected capacity change from 0 to 32768 [ 136.363871][ T6709] F2FS-fs (loop3): inject no more block in inc_valid_block_count of f2fs_map_blocks+0x12c0/0x3e60 [ 136.371733][ T6714] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 136.693894][ T6714] XFS (loop2): Ending clean mount [ 136.721366][ T5775] syz-executor: attempt to access beyond end of device [ 136.721366][ T5775] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 136.741157][ T6714] XFS (loop2): Quotacheck needed: Please wait. [ 136.777105][ T5775] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 136.839130][ T6714] XFS (loop2): Quotacheck: Done. [ 136.999486][ T6714] XFS (loop2): User initiated shutdown received. [ 137.008307][ T6714] XFS (loop2): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x71/0x150 (fs/xfs/xfs_fsops.c:501). Shutting down filesystem. [ 137.026603][ T6714] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 137.070523][ T5768] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 137.826046][ T6745] overlay: filesystem on ./bus is read-only [ 137.921422][ T6747] loop2: detected capacity change from 0 to 2048 [ 137.948869][ T6747] UDF-fs: error (device loop2): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 137.976621][ T6747] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 138.003694][ T6747] UDF-fs: Scanning with blocksize 512 failed [ 138.046052][ T6747] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 138.155422][ T27] audit: type=1800 audit(1776997624.882:5): pid=6747 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.347" name="file1" dev="loop2" ino=838 res=0 errno=0 [ 138.215576][ T6753] tipc: Started in network mode [ 138.220789][ T6753] tipc: Node identity , cluster identity 4711 [ 138.361367][ T8] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 138.393972][ T6759] loop2: detected capacity change from 0 to 512 [ 138.557609][ T6764] netlink: 12 bytes leftover after parsing attributes in process `syz.2.355'. [ 138.570583][ T8] usb 4-1: Using ep0 maxpacket: 32 [ 138.579939][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 138.596740][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 138.609144][ T8] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 138.630860][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.642877][ T8] usb 4-1: config 0 descriptor?? [ 138.928796][ T6773] loop0: detected capacity change from 0 to 4096 [ 139.128038][ T8] savu 0003:1E7D:2D5A.0006: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0 [ 139.461704][ T6779] loop1: detected capacity change from 0 to 1024 [ 139.500433][ T2131] usb 4-1: USB disconnect, device number 7 [ 139.526156][ T6779] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 139.573140][ T6779] ext4 filesystem being mounted at /83/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 139.661681][ T6779] EXT4-fs error (device loop1): ext4_map_blocks:720: inode #15: comm syz.1.360: lblock 0 mapped to illegal pblock 0 (length 1) [ 139.747097][ T6779] EXT4-fs (loop1): Remounting filesystem read-only [ 139.757543][ T6788] loop0: detected capacity change from 0 to 128 [ 139.768301][ T6775] loop2: detected capacity change from 0 to 40427 [ 139.776321][ T6788] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 139.824032][ T6788] ext4 filesystem being mounted at /109/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 139.867612][ T6775] F2FS-fs (loop2): invalid crc value [ 139.896379][ T6775] F2FS-fs (loop2): Found nat_bits in checkpoint [ 139.904846][ T5777] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 140.073124][ T6788] EXT4-fs error (device loop0): dx_make_map:1328: inode #2: block 20: comm syz.0.362: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1 [ 140.154550][ T6788] EXT4-fs error (device loop0) in do_split:2095: Corrupt filesystem [ 140.194689][ T6775] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 140.317892][ T5771] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 140.506443][ T5768] syz-executor: attempt to access beyond end of device [ 140.506443][ T5768] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 140.535089][ T5768] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 140.590831][ T6801] tap0: tun_chr_ioctl cmd 1074025675 [ 140.596206][ T6801] tap0: persist enabled [ 140.637011][ T6801] tap0: tun_chr_ioctl cmd 1074025675 [ 140.650521][ T6801] tap0: persist disabled [ 140.911999][ T6794] tipc: Started in network mode [ 140.916962][ T6794] tipc: Node identity 0101010101010101, cluster identity 4711 [ 140.959205][ T6794] tipc: Enabling of bearer rejected, failed to enable media [ 141.257138][ T6812] loop2: detected capacity change from 0 to 256 [ 141.324332][ T6812] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x204dac4c, utbl_chksum : 0xe619d30d) [ 141.611437][ T6816] netlink: 'syz.1.372': attribute type 4 has an invalid length. [ 141.996195][ T6810] loop3: detected capacity change from 0 to 32768 [ 142.105377][ T6810] JBD2: Ignoring recovery information on journal [ 142.223432][ T6810] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 142.520471][ T6810] syz.3.370 (6810) used greatest stack depth: 18768 bytes left [ 142.666873][ T5775] ocfs2: Unmounting device (7,3) on (node local) [ 142.801040][ T6842] netlink: 20 bytes leftover after parsing attributes in process `syz.0.383'. [ 143.071673][ T6844] Invalid argument reading file caps for ./file0 [ 143.088761][ T6846] sctp: [Deprecated]: syz.3.382 (pid 6846) Use of int in maxseg socket option. [ 143.088761][ T6846] Use struct sctp_assoc_value instead [ 143.137073][ T6830] loop2: detected capacity change from 0 to 32768 [ 143.205498][ T6830] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 143.287185][ T6857] loop3: detected capacity change from 0 to 128 [ 143.306709][ T6857] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 143.369565][ T6857] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 143.371236][ T6830] XFS (loop2): Ending clean mount [ 143.426191][ T6857] ext2 filesystem being mounted at /100/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 143.456990][ T6859] loop0: detected capacity change from 0 to 2048 [ 143.532867][ T5768] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 143.578360][ T6859] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 143.734612][ T6857] EXT4-fs (loop3): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 144.027369][ T5775] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 144.328163][ T6869] loop3: detected capacity change from 0 to 2048 [ 144.422270][ T6869] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 144.461408][ T8] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 144.653716][ T6875] loop1: detected capacity change from 0 to 1764 [ 144.670360][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 144.700875][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 144.736529][ T8] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 144.777408][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.780547][ T5920] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 144.812808][ T8] usb 1-1: config 0 descriptor?? [ 145.126191][ T6879] netlink: 8 bytes leftover after parsing attributes in process `syz.1.395'. [ 145.240597][ T6881] loop3: detected capacity change from 0 to 4096 [ 145.290597][ T6881] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 145.293131][ T8] mcp2221 0003:04D8:00DD.0007: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 145.646612][ T6873] loop2: detected capacity change from 0 to 32768 [ 145.691460][ T6883] loop1: detected capacity change from 0 to 4096 [ 145.784779][ T6873] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 145.886545][ T2131] usb 1-1: USB disconnect, device number 5 [ 145.980464][ T6873] XFS (loop2): Ending clean mount [ 146.052105][ T6873] XFS (loop2): Quotacheck needed: Please wait. [ 146.170382][ T6873] XFS (loop2): Quotacheck: Done. [ 146.285169][ T27] audit: type=1800 audit(1776997633.012:6): pid=6873 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.392" name="file1" dev="loop2" ino=6150 res=0 errno=0 [ 146.384982][ T5768] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 147.157757][ T6919] loop3: detected capacity change from 0 to 16 [ 147.210246][ T6919] erofs: (device loop3): mounted with root inode @ nid 36. [ 147.447924][ T6916] loop2: detected capacity change from 0 to 32768 [ 147.467021][ T6916] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.407 (6916) [ 147.502866][ T6916] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 147.541103][ T6916] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 147.549939][ T6916] BTRFS info (device loop2): setting nodatasum [ 147.590302][ T6916] BTRFS info (device loop2): force zlib compression, level 3 [ 147.597791][ T6916] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_LZO (0x8) [ 147.645167][ T6916] BTRFS info (device loop2): use lzo compression, level 0 [ 147.669551][ T6916] BTRFS info (device loop2): turning on flush-on-commit [ 147.700792][ T6916] BTRFS info (device loop2): enabling auto defrag [ 147.738994][ T6916] BTRFS info (device loop2): max_inline at 4096 [ 147.770290][ T6916] BTRFS info (device loop2): using free space tree [ 147.913977][ T6916] BTRFS info (device loop2): enabling ssd optimizations [ 148.376484][ T5768] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 149.239138][ T6957] netlink: 12 bytes leftover after parsing attributes in process `syz.2.418'. [ 149.241007][ T6942] loop1: detected capacity change from 0 to 32768 [ 149.270302][ T6957] netlink: 4676 bytes leftover after parsing attributes in process `syz.2.418'. [ 149.319269][ T6942] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.412 (6942) [ 149.432716][ T6942] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 149.490491][ T6942] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 149.549114][ T6942] BTRFS info (device loop1): using free space tree [ 149.658383][ T6942] BTRFS info (device loop1): enabling ssd optimizations [ 149.689063][ T6942] BTRFS info (device loop1): auto enabling async discard [ 149.924912][ T5777] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 150.195806][ T6959] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 150.220709][ T6959] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 150.300220][ T6959] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 150.322960][ T6959] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 150.329449][ T6959] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 150.339876][ T6959] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 150.351899][ T6959] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 150.358356][ T6959] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 150.371348][ T6959] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 150.398064][ T5759] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 9 /dev/loop1 scanned by udevd (5759) [ 150.597841][ T6991] loop2: detected capacity change from 0 to 1024 [ 150.615516][ T6991] EXT4-fs: Ignoring removed i_version option [ 150.649872][ T6991] EXT4-fs: inline encryption not supported [ 150.656202][ T5806] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 150.685210][ T6991] EXT4-fs: Ignoring removed bh option [ 150.753238][ T6991] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 150.951896][ T5806] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 150.964464][ T5806] usb 2-1: can't read configurations, error -71 [ 151.139995][ T5768] EXT4-fs error (device loop2): ext4_read_inline_dir:1591: inode #12: block 7: comm syz-executor: path /87/bus/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 151.194366][ T5768] EXT4-fs (loop2): Remounting filesystem read-only [ 151.328061][ T6248] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 151.370710][ T5774] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 151.379079][ T5774] Bluetooth: hci0: command 0x0c1a tx timeout [ 151.531227][ T5774] Bluetooth: hci1: command 0x0c1a tx timeout [ 151.858344][ T59] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.968751][ T59] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.077147][ T59] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.080608][ T5806] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 152.182768][ T59] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.267343][ T7014] loop3: detected capacity change from 0 to 1024 [ 152.276474][ T5806] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 152.300509][ T7014] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 152.308179][ T5806] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 152.330382][ T5774] Bluetooth: hci2: command 0x0c1a tx timeout [ 152.346953][ T5806] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 152.354374][ T7014] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 152.364992][ T5806] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 152.399553][ T7014] EXT4-fs (loop3): orphan cleanup on readonly fs [ 152.406406][ T5806] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 152.421242][ T5774] Bluetooth: hci3: command 0x0c1a tx timeout [ 152.487187][ T7014] EXT4-fs error (device loop3): ext4_free_blocks:6694: comm syz.3.435: Freeing blocks not in datazone - block = 0, count = 4096 [ 152.508063][ T5806] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 152.525267][ T5806] usb 2-1: Manufacturer: syz [ 152.566122][ T5806] usb 2-1: config 0 descriptor?? [ 152.589467][ T7014] EXT4-fs (loop3): Remounting filesystem read-only [ 152.607004][ T7014] EXT4-fs (loop3): 1 orphan inode deleted [ 152.622658][ T7014] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 152.882595][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.002024][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 153.023378][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 153.031890][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 153.042581][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 153.042802][ T5806] appleir 0003:05AC:8243.0008: unknown main item tag 0x0 [ 153.078454][ T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 153.086700][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 153.091141][ T5806] appleir 0003:05AC:8243.0008: No inputs registered, leaving [ 153.172334][ T5806] appleir 0003:05AC:8243.0008: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 153.557708][ T5806] usb 2-1: USB disconnect, device number 9 [ 153.612344][ T5774] Bluetooth: hci1: command 0x0c1a tx timeout [ 154.204731][ T7032] loop3: detected capacity change from 0 to 32768 [ 154.267218][ T7032] JBD2: Ignoring recovery information on journal [ 154.357415][ T7032] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 154.414128][ T5774] Bluetooth: hci2: command 0x0c1a tx timeout [ 154.490798][ T5774] Bluetooth: hci3: command 0x0c1a tx timeout [ 154.535059][ T7030] loop0: detected capacity change from 0 to 40427 [ 154.595710][ T7030] F2FS-fs (loop0): Corrupted extension count (327717 + 1 > 64) [ 154.616373][ T7030] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 154.646403][ T7020] chnl_net:caif_netlink_parms(): no params data found [ 154.646499][ T7030] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x7ffff [ 154.696401][ T7030] F2FS-fs (loop0): invalid crc value [ 154.736248][ T7030] F2FS-fs (loop0): Found nat_bits in checkpoint [ 154.845963][ T59] hsr_slave_0: left promiscuous mode [ 154.853554][ T59] hsr_slave_1: left promiscuous mode [ 154.877091][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 154.894311][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 154.908411][ T7030] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 154.924836][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 154.932429][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 154.944211][ T7030] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 154.953748][ T59] bridge_slave_1: left allmulticast mode [ 154.959460][ T59] bridge_slave_1: left promiscuous mode [ 154.982710][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.025201][ T59] bridge_slave_0: left allmulticast mode [ 155.058155][ T59] bridge_slave_0: left promiscuous mode [ 155.072449][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.083197][ T5775] ocfs2: Unmounting device (7,3) on (node local) [ 155.093368][ T7030] F2FS-fs (loop0): inject no more block in inc_valid_block_count of f2fs_map_blocks+0x12c0/0x3e60 [ 155.211326][ T5774] Bluetooth: hci0: command tx timeout [ 155.233284][ T59] veth1_macvtap: left promiscuous mode [ 155.239388][ T59] veth0_macvtap: left promiscuous mode [ 155.276591][ T5771] syz-executor: attempt to access beyond end of device [ 155.276591][ T5771] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 155.281286][ T59] veth1_vlan: left promiscuous mode [ 155.291711][ T5771] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 155.340795][ T59] veth0_vlan: left promiscuous mode [ 155.690448][ T5774] Bluetooth: hci1: command 0x0c1a tx timeout [ 156.317199][ T7071] loop0: detected capacity change from 0 to 8192 [ 156.359181][ T7071] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 156.395595][ T7071] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 156.408018][ T7071] REISERFS (device loop0): using ordered data mode [ 156.414814][ T7071] reiserfs: using flush barriers [ 156.440286][ T7071] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 156.475114][ T7071] REISERFS (device loop0): checking transaction log (loop0) [ 156.498728][ T5774] Bluetooth: hci2: command 0x0c1a tx timeout [ 156.523219][ T7071] REISERFS (device loop0): Using r5 hash to sort names [ 156.528005][ T7065] loop3: detected capacity change from 0 to 40427 [ 156.547344][ T7071] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 156.556818][ T7065] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 156.564305][ T7065] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 156.572801][ T5774] Bluetooth: hci3: command 0x0c1a tx timeout [ 156.600341][ T7065] F2FS-fs (loop3): heap/no_heap options were deprecated [ 156.609858][ T7065] F2FS-fs (loop3): invalid crc value [ 156.638253][ T7065] F2FS-fs (loop3): Found nat_bits in checkpoint [ 156.710081][ T7065] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 156.717555][ T7065] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 156.856523][ T7065] syz.3.440: attempt to access beyond end of device [ 156.856523][ T7065] loop3: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 156.896252][ T7065] F2FS-fs (loop3): Remounting filesystem read-only [ 156.923089][ T7065] syz.3.440: attempt to access beyond end of device [ 156.923089][ T7065] loop3: rw=2049, sector=40984, nr_sectors = 8 limit=40427 [ 156.947967][ T7065] F2FS-fs (loop3): Remounting filesystem read-only [ 157.300794][ T5774] Bluetooth: hci0: command tx timeout [ 157.631788][ T59] team0 (unregistering): Port device team_slave_1 removed [ 157.756783][ T59] team0 (unregistering): Port device team_slave_0 removed [ 157.834099][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 157.988819][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 158.377072][ T59] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 158.458258][ T59] bond0 (unregistering): Released all slaves [ 158.886965][ T7020] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.910489][ T7020] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.917873][ T7020] bridge_slave_0: entered allmulticast mode [ 158.952083][ T7020] bridge_slave_0: entered promiscuous mode [ 158.993914][ T7020] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.014028][ T7020] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.045392][ T7020] bridge_slave_1: entered allmulticast mode [ 159.071912][ T7020] bridge_slave_1: entered promiscuous mode [ 159.226930][ T7020] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 159.297783][ T7020] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 159.381492][ T5774] Bluetooth: hci0: command tx timeout [ 159.417975][ T7020] team0: Port device team_slave_0 added [ 159.516247][ T7020] team0: Port device team_slave_1 added [ 159.673899][ T7127] loop1: detected capacity change from 0 to 256 [ 159.691829][ T7127] exfat: Deprecated parameter 'namecase' [ 159.735054][ T7127] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xee17df4f, utbl_chksum : 0xe619d30d) [ 159.779737][ T7020] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 159.804145][ T7020] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 159.880349][ T7020] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 159.922802][ T7020] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 159.929931][ T7020] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 159.957098][ T7020] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 160.054484][ T7020] hsr_slave_0: entered promiscuous mode [ 160.086464][ T7020] hsr_slave_1: entered promiscuous mode [ 160.106130][ T7020] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 160.115838][ T7135] input: syz0 as /devices/virtual/input/input9 [ 160.126122][ T7020] Cannot create hsr debugfs directory [ 160.312065][ T7137] loop1: detected capacity change from 0 to 64 [ 160.549297][ T5777] Trying to free block not in datazone [ 160.611672][ T5777] Trying to free block not in datazone [ 160.707264][ T7020] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 160.740128][ T7020] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 160.772682][ T7144] loop0: detected capacity change from 0 to 1024 [ 160.785219][ T7020] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 160.805784][ T7144] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 160.823201][ T7144] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 160.866716][ T7144] EXT4-fs (loop0): orphan cleanup on readonly fs [ 160.890969][ T7144] EXT4-fs error (device loop0): ext4_free_blocks:6694: comm syz.0.460: Freeing blocks not in datazone - block = 0, count = 4096 [ 160.906147][ T7020] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 160.930345][ T7144] EXT4-fs (loop0): Remounting filesystem read-only [ 160.951622][ T7144] EXT4-fs (loop0): 1 orphan inode deleted [ 160.958840][ T7144] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 161.127895][ T7147] loop1: detected capacity change from 0 to 8192 [ 161.160258][ T7147] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 161.199906][ T7147] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 161.209902][ T7147] REISERFS (device loop1): using ordered data mode [ 161.217003][ T7147] reiserfs: using flush barriers [ 161.227200][ T7147] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 161.245581][ T7147] REISERFS (device loop1): checking transaction log (loop1) [ 161.297580][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.298458][ T7020] 8021q: adding VLAN 0 to HW filter on device bond0 [ 161.450610][ T5774] Bluetooth: hci0: command tx timeout [ 161.481555][ T7147] REISERFS (device loop1): Using tea hash to sort names [ 161.488982][ T7147] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 161.491274][ T7020] 8021q: adding VLAN 0 to HW filter on device team0 [ 161.592362][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.599571][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 161.641389][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.648629][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 161.757590][ T7147] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [2 4 0x0 SD] (nlink == 1) not found (pos 3) [ 161.790375][ T5806] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 161.814732][ T7147] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [2 4 0x0 SD] (nlink == 1) not found (pos 3) [ 161.915121][ T7163] loop3: detected capacity change from 0 to 8192 [ 161.947871][ T7163] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 161.999363][ T5806] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 162.025094][ T7163] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 162.034372][ T5806] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 162.034400][ T5806] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 162.034471][ T5806] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 162.054873][ T5806] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 162.070017][ T7163] REISERFS (device loop3): using ordered data mode [ 162.093896][ T5806] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 162.110297][ T5806] usb 1-1: Product: syz [ 162.120611][ T5806] usb 1-1: Manufacturer: syz [ 162.148809][ T5806] cdc_wdm 1-1:1.0: skipping garbage [ 162.153192][ T7163] reiserfs: using flush barriers [ 162.165925][ T5806] cdc_wdm 1-1:1.0: skipping garbage [ 162.190837][ T5806] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 162.208926][ T5806] cdc_wdm 1-1:1.0: Unknown control protocol [ 162.231845][ T7163] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 162.313505][ T7163] REISERFS (device loop3): checking transaction log (loop3) [ 162.313564][ T7172] loop1: detected capacity change from 0 to 64 [ 162.367459][ T7163] REISERFS (device loop3): Using r5 hash to sort names [ 162.421015][ T7163] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 162.524530][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 162.531433][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 162.537964][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 162.544703][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 162.551301][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 162.557948][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 162.564366][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 162.571004][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 162.579062][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 162.585694][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 162.592574][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 162.599220][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 162.605795][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 162.612455][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 162.619102][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 162.625845][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 162.634273][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 162.641098][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 162.648929][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 162.655585][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 162.666884][ T788] usb 1-1: USB disconnect, device number 6 [ 162.672886][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 162.758228][ T7020] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 163.153805][ T7190] loop3: detected capacity change from 0 to 512 [ 163.268349][ T7190] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 163.320373][ T7190] ext4 filesystem being mounted at /127/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 163.547312][ T7020] veth0_vlan: entered promiscuous mode [ 163.573595][ T7190] EXT4-fs warning (device loop3): ext4_group_add:1722: Can't resize non-sparse filesystem further [ 163.626586][ T7020] veth1_vlan: entered promiscuous mode [ 163.705062][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.733360][ T7020] veth0_macvtap: entered promiscuous mode [ 163.777076][ T7020] veth1_macvtap: entered promiscuous mode [ 163.846503][ T7020] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.878736][ T7020] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.905166][ T7020] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.920249][ T28] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 163.937086][ T7020] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.960283][ T7020] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.990376][ T7020] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.019026][ T7020] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 164.052949][ T7020] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.079140][ T7197] loop1: detected capacity change from 0 to 32768 [ 164.085510][ T7020] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.097789][ T7020] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.116878][ T28] usb 1-1: Using ep0 maxpacket: 8 [ 164.129568][ T7020] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.145418][ T7020] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.149350][ T7197] JBD2: Ignoring recovery information on journal [ 164.157710][ T28] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 164.184935][ T7020] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.199289][ T7020] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 164.225995][ T7197] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 164.235355][ T28] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 164.238085][ T7020] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.255289][ T7020] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.264096][ T7020] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.273075][ T7020] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.299541][ T28] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 164.357823][ T28] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 164.408698][ T28] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 164.472431][ T28] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 164.510287][ T28] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.526705][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.547310][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.691845][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.729581][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.793037][ T28] usb 1-1: usb_control_msg returned -32 [ 164.798705][ T28] usbtmc 1-1:16.0: can't read capabilities [ 165.001313][ T7207] loop3: detected capacity change from 0 to 32768 [ 165.034894][ T5777] ocfs2: Unmounting device (7,1) on (node local) [ 165.334542][ T7222] usbtmc 1-1:16.0: control status returned 0 [ 165.553259][ T2173] usb 1-1: USB disconnect, device number 7 [ 165.845064][ T7238] loop3: detected capacity change from 0 to 256 [ 165.872414][ T7238] FAT-fs (loop3): bogus number of FAT sectors [ 165.891144][ T7238] FAT-fs (loop3): Can't find a valid FAT filesystem [ 166.288320][ T7243] syzkaller1: entered promiscuous mode [ 166.316532][ T7243] syzkaller1: entered allmulticast mode [ 166.347686][ T7248] netlink: 208064 bytes leftover after parsing attributes in process `syz.0.479'. [ 166.375270][ T7248] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 166.394832][ T7248] openvswitch: netlink: Message has 4 unknown bytes. [ 166.401509][ T7225] loop4: detected capacity change from 0 to 32768 [ 166.489627][ T7225] (syz.4.472,7225,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 166.517852][ T7225] (syz.4.472,7225,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 166.668105][ T7225] JBD2: Ignoring recovery information on journal [ 166.801992][ T7262] syzkaller1: entered promiscuous mode [ 166.807556][ T7262] syzkaller1: entered allmulticast mode [ 166.823825][ T7225] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 167.221324][ T7225] [ 167.223745][ T7225] ====================================================== [ 167.230799][ T7225] WARNING: possible circular locking dependency detected [ 167.237940][ T7225] syzkaller #0 Not tainted [ 167.242401][ T7225] ------------------------------------------------------ [ 167.249579][ T7225] syz.4.472/7225 is trying to acquire lock: [ 167.255964][ T7225] ffff88805ac53ff8 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_init_acl+0x30a/0x770 [ 167.265514][ T7225] [ 167.265514][ T7225] but task is already holding lock: [ 167.273005][ T7225] ffff8880311484e8 (&journal->j_trans_barrier){.+.+}-{3:3}, at: ocfs2_start_trans+0x3a8/0x6f0 [ 167.283426][ T7225] [ 167.283426][ T7225] which lock already depends on the new lock. [ 167.283426][ T7225] [ 167.293865][ T7225] [ 167.293865][ T7225] the existing dependency chain (in reverse order) is: [ 167.302921][ T7225] [ 167.302921][ T7225] -> #2 (&journal->j_trans_barrier){.+.+}-{3:3}: [ 167.311486][ T7225] down_read+0x46/0x2e0 [ 167.316219][ T7225] ocfs2_start_trans+0x3a8/0x6f0 [ 167.321805][ T7225] ocfs2_mknod+0xf1d/0x2300 [ 167.326862][ T7225] ocfs2_create+0x196/0x430 [ 167.331922][ T7225] path_openat+0x12a0/0x3230 [ 167.337163][ T7225] do_filp_open+0x1f5/0x430 [ 167.342248][ T7225] do_sys_openat2+0x134/0x1d0 [ 167.347496][ T7225] __x64_sys_openat+0x139/0x160 [ 167.352919][ T7225] do_syscall_64+0x55/0xa0 [ 167.357974][ T7225] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 167.364412][ T7225] [ 167.364412][ T7225] -> #1 (sb_internal#4){.+.+}-{0:0}: [ 167.371994][ T7225] ocfs2_start_trans+0x2a9/0x6f0 [ 167.377462][ T7225] ocfs2_xattr_set+0xeb7/0x13e0 [ 167.382932][ T7225] __vfs_removexattr+0x425/0x460 [ 167.388431][ T7225] __vfs_removexattr_locked+0x1e8/0x230 [ 167.394517][ T7225] vfs_removexattr+0x81/0x1b0 [ 167.400036][ T7225] ovl_get_workdir+0xd6c/0x17c0 [ 167.405529][ T7225] ovl_fill_super+0x13ff/0x3620 [ 167.410996][ T7225] get_tree_nodev+0xb5/0x140 [ 167.416121][ T7225] vfs_get_tree+0x8c/0x280 [ 167.421065][ T7225] do_new_mount+0x24b/0xa40 [ 167.426101][ T7225] __se_sys_mount+0x2e7/0x3d0 [ 167.431484][ T7225] do_syscall_64+0x55/0xa0 [ 167.436519][ T7225] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 167.442944][ T7225] [ 167.442944][ T7225] -> #0 (&oi->ip_xattr_sem){++++}-{3:3}: [ 167.450784][ T7225] __lock_acquire+0x2df1/0x7d40 [ 167.456415][ T7225] lock_acquire+0x19e/0x420 [ 167.461535][ T7225] down_read+0x46/0x2e0 [ 167.466222][ T7225] ocfs2_init_acl+0x30a/0x770 [ 167.471430][ T7225] ocfs2_mknod+0x140f/0x2300 [ 167.476558][ T7225] ocfs2_mkdir+0x196/0x430 [ 167.481510][ T7225] vfs_mkdir+0x296/0x440 [ 167.486367][ T7225] do_mkdirat+0x1dc/0x450 [ 167.491229][ T7225] __x64_sys_mkdirat+0x89/0xa0 [ 167.496518][ T7225] do_syscall_64+0x55/0xa0 [ 167.501458][ T7225] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 167.507887][ T7225] [ 167.507887][ T7225] other info that might help us debug this: [ 167.507887][ T7225] [ 167.518212][ T7225] Chain exists of: [ 167.518212][ T7225] &oi->ip_xattr_sem --> sb_internal#4 --> &journal->j_trans_barrier [ 167.518212][ T7225] [ 167.532226][ T7225] Possible unsafe locking scenario: [ 167.532226][ T7225] [ 167.540081][ T7225] CPU0 CPU1 [ 167.545537][ T7225] ---- ---- [ 167.550922][ T7225] rlock(&journal->j_trans_barrier); [ 167.556302][ T7225] lock(sb_internal#4); [ 167.563078][ T7225] lock(&journal->j_trans_barrier); [ 167.570897][ T7225] rlock(&oi->ip_xattr_sem); [ 167.576466][ T7225] [ 167.576466][ T7225] *** DEADLOCK *** [ 167.576466][ T7225] [ 167.584734][ T7225] 8 locks held by syz.4.472/7225: [ 167.589904][ T7225] #0: ffff8880602bc418 (sb_writers#23){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 167.599161][ T7225] #1: ffff88805ac542d8 (&type->i_mutex_dir_key#17/1){+.+.}-{3:3}, at: filename_create+0x20c/0x480 [ 167.609894][ T7225] #2: ffff8880783c6d98 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{3:3}, at: ocfs2_reserve_suballoc_bits+0x16e/0x44c0 [ 167.623569][ T7225] #3: ffff8880783c5118 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{3:3}, at: ocfs2_reserve_suballoc_bits+0x16e/0x44c0 [ 167.637431][ T7225] #4: ffff8880783c3498 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#4){+.+.}-{3:3}, at: ocfs2_reserve_local_alloc_bits+0x120/0x2600 [ 167.651453][ T7225] #5: ffff8880602bc608 (sb_internal#4){.+.+}-{0:0}, at: ocfs2_mknod+0xf1d/0x2300 [ 167.660693][ T7225] #6: ffff8880311484e8 (&journal->j_trans_barrier){.+.+}-{3:3}, at: ocfs2_start_trans+0x3a8/0x6f0 [ 167.671539][ T7225] #7: ffff88807bbea990 (jbd2_handle#2){.+.+}-{0:0}, at: start_this_handle+0x1f7a/0x21c0 [ 167.681414][ T7225] [ 167.681414][ T7225] stack backtrace: [ 167.687316][ T7225] CPU: 1 PID: 7225 Comm: syz.4.472 Not tainted syzkaller #0 [ 167.694630][ T7225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 167.704807][ T7225] Call Trace: [ 167.708125][ T7225] [ 167.711087][ T7225] dump_stack_lvl+0x18c/0x250 [ 167.715808][ T7225] ? load_image+0x420/0x420 [ 167.720334][ T7225] ? show_regs_print_info+0x20/0x20 [ 167.725560][ T7225] ? print_circular_bug+0x12b/0x1a0 [ 167.730805][ T7225] check_noncircular+0x2fc/0x400 [ 167.735845][ T7225] ? print_deadlock_bug+0x5d0/0x5d0 [ 167.741151][ T7225] ? _find_first_zero_bit+0xd3/0x100 [ 167.746446][ T7225] ? add_lock_to_list+0x191/0x280 [ 167.751580][ T7225] __lock_acquire+0x2df1/0x7d40 [ 167.756563][ T7225] ? verify_lock_unused+0x140/0x140 [ 167.761805][ T7225] ? __ocfs2_journal_access+0x648/0x840 [ 167.767387][ T7225] lock_acquire+0x19e/0x420 [ 167.771914][ T7225] ? ocfs2_init_acl+0x30a/0x770 [ 167.776865][ T7225] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 167.782512][ T7225] ? __might_sleep+0xe0/0xe0 [ 167.787111][ T7225] ? read_lock_is_recursive+0x20/0x20 [ 167.792488][ T7225] ? do_raw_spin_lock+0x11f/0x2c0 [ 167.797528][ T7225] down_read+0x46/0x2e0 [ 167.801783][ T7225] ? ocfs2_init_acl+0x30a/0x770 [ 167.806650][ T7225] ocfs2_init_acl+0x30a/0x770 [ 167.811429][ T7225] ? ocfs2_acl_chmod+0x330/0x330 [ 167.816461][ T7225] ? dquot_alloc_inode+0x8ac/0xa40 [ 167.821613][ T7225] ? ocfs2_journal_access+0x40/0x40 [ 167.826821][ T7225] ? ocfs2_block_signals+0x9b/0xe0 [ 167.831953][ T7225] ? ocfs2_metadata_cache_get_super+0x46/0x90 [ 167.838292][ T7225] ? ocfs2_inode_cache_get_super+0xd/0x40 [ 167.844106][ T7225] ocfs2_mknod+0x140f/0x2300 [ 167.848731][ T7225] ? ocfs2_mkdir+0x430/0x430 [ 167.853334][ T7225] ? verify_lock_unused+0x140/0x140 [ 167.858645][ T7225] ? ocfs2_inode_lock_tracker+0x437/0x700 [ 167.864388][ T7225] ? __lock_acquire+0x7d40/0x7d40 [ 167.869508][ T7225] ? do_raw_spin_lock+0x11f/0x2c0 [ 167.874575][ T7225] ? ocfs2_inode_unlock_tracker+0x270/0x2e0 [ 167.880588][ T7225] ? __lock_acquire+0x7d40/0x7d40 [ 167.885650][ T7225] ? __rwlock_init+0x150/0x150 [ 167.890441][ T7225] ? do_raw_spin_unlock+0x121/0x230 [ 167.895672][ T7225] ? put_pid+0xde/0x120 [ 167.900023][ T7225] ocfs2_mkdir+0x196/0x430 [ 167.904567][ T7225] ? make_kgid+0x660/0x660 [ 167.909097][ T7225] ? apparmor_path_mkdir+0x1b0/0x230 [ 167.914415][ T7225] ? ocfs2_symlink+0x2700/0x2700 [ 167.919576][ T7225] ? HAS_UNMAPPED_ID+0x11a/0x180 [ 167.924640][ T7225] ? inode_permission+0xf3/0x480 [ 167.929600][ T7225] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 167.934637][ T7225] ? security_inode_mkdir+0xb7/0x100 [ 167.939940][ T7225] vfs_mkdir+0x296/0x440 [ 167.944195][ T7225] do_mkdirat+0x1dc/0x450 [ 167.948656][ T7225] ? vfs_mkdir+0x440/0x440 [ 167.953282][ T7225] __x64_sys_mkdirat+0x89/0xa0 [ 167.958093][ T7225] do_syscall_64+0x55/0xa0 [ 167.962549][ T7225] ? clear_bhb_loop+0x40/0x90 [ 167.967247][ T7225] ? clear_bhb_loop+0x40/0x90 [ 167.972031][ T7225] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 167.977936][ T7225] RIP: 0033:0x7f535bf9bc47 [ 167.982375][ T7225] Code: 00 66 90 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 db f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 168.002079][ T7225] RSP: 002b:00007f535ce9de58 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 168.010503][ T7225] RAX: ffffffffffffffda RBX: 00007f535ce9dee0 RCX: 00007f535bf9bc47 [ 168.018485][ T7225] RDX: 00000000000001ff RSI: 00002000000005c0 RDI: 00000000ffffff9c [ 168.026652][ T7225] RBP: 0000200000000b00 R08: 0000200000000140 R09: 0000000000000000 [ 168.034643][ T7225] R10: 0000200000000b00 R11: 0000000000000246 R12: 00002000000005c0 [ 168.042633][ T7225] R13: 00007f535ce9dea0 R14: 0000000000000000 R15: 0000000000000000 [ 168.050726][ T7225] [ 168.334524][ T7020] ocfs2: Unmounting device (7,4) on (node local)