last executing test programs: 3.220937591s ago: executing program 2 (id=690): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb01001800000000000000440000004400000007000000000000000000000d020000000000000000000005fd07"], &(0x7f0000000f40)=""/4089, 0x63, 0xff9, 0x1, 0x7ff}, 0x28) 3.050361429s ago: executing program 2 (id=694): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8b20, &(0x7f0000000040)={'virt_wifi0\x00', @broadcast}) 2.878042536s ago: executing program 2 (id=697): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000640)=@updpolicy={0xc4, 0x19, 0x1, 0xfffffffd, 0x0, {{@in6=@private0, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x80, 0x80, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x80000, 0x7fff, 0x0, 0x1}, {0x0, 0x0, 0x0, 0xffc}}, [@policy_type={0xa}]}, 0xc4}}, 0x0) 2.681154605s ago: executing program 2 (id=700): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c40), 0xa8041, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x22) 2.618825947s ago: executing program 1 (id=702): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0) ioctl$PTP_PEROUT_REQUEST2(r0, 0x40383d0c, &(0x7f0000000080)={{0xff039010, 0x3}, {0xff039010, 0x10800402}, 0xc, 0x7}) 2.481002183s ago: executing program 2 (id=704): syz_mount_image$squashfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f00000002c0)={[{}]}, 0x1, 0x232, &(0x7f0000000000)="$eJzKKC4sZmdgYPj7sSaZgUGAAQRYGEQYLjAwMrAwMDDIM4KFGD4yQeipUPomlGaDyl+B0r5Q8XYo/de8KiKKgYExU+meGdMB8RRFRgEGHpGvpx4wJDPwxzJYzvNecykoc8pVobdL94PUe4VWbmJgVE/hXzRnwwSnmbxgYxkjo5DNYT4gM4sDZBADA8PkPxH3HrBIMoggmSXK8U/sVMvyVWad9xlmdExLY2A0mMXBwMCgd0R3pp0BbzcT1MziyqrsxJyc1KLiAwyo5k9m3M+kyAhSd+bv1eAHjHYM3bEMjAxyG/zVFn/7I1W5cVN95PSqiJqp3U03l66PY9im//eKidT7iRlh/x8cEtSyyMv/ME9G6fvmhjkfauqemDh2NirP5W+9/Pfd+5ja4gQ1psfiXYVs/AluWjWfnJ3cLB/PTa9u31KsuCArzWXisakX/yYcX8vAMPnCE1t9BgaGDSDnulXOjbnrFi/ItUz9fN2bFwwHoz5PZGBkZGBgYmCYGbZzD7K/yhugkcHAzMDAoMIAUsTCkJaZk2rgwcDIwMzAws6ADGCqmRg4wKr0kvNzUtoZGMFJAKxtOQML3AzDxwys/CDlII7RYwZWuIyxRQPMyHYorQKlPaD0cij9GErLoyUbFrAJ/VCeRgMDAxtDReJ//iJDNgYGhorEkpIiQ4hYSUmREVzMSABuMxPU1rlMqJ47zsQwCkbBKBgFo2AUjIJRMApGwSgYBSMZAAIAAP//kpC1eQ==") syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100006325a640402000207265970000010902240001000000000904000002214c6a0009050702000000da000905"], 0x0) 2.421827485s ago: executing program 1 (id=706): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000700)={0x5c, 0x2, 0x6, 0x3, 0x0, 0x0, {0x3, 0x0, 0x8}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0, 0x0, 0x40}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'list:set\x00'}]}, 0x5c}}, 0x0) 2.152784637s ago: executing program 1 (id=710): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r0, 0x29, 0x3a, 0x0, 0x0) 1.967980625s ago: executing program 1 (id=711): r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000900)="89000000120081ae08060cdc030ec0007f03e3f7feff000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf00d7815e381ad6e706033a0093b837dc6cc01e32efaec8c7a6ec08123d000200354001000400446b9bbc7a46e3988285dcdf12f21308f868fece01951fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0) 1.888631628s ago: executing program 1 (id=712): prlimit64(0x0, 0x2, &(0x7f0000000140)={0xa, 0x8b}, 0x0) syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x248, &(0x7f0000000000), 0xfd, 0x48d, &(0x7f0000000940)="$eJzs3M1rHGUYAPBnZjeJ/Uys9aO12mgVix9Jk1YtKPgBggcFQQ/1JDFJS23aSBPBlmKjlHoRtOBdBC+Cf0FPnkQ9CV71LoUivbR6Wpns7LpJdjcfm+ym3d8Ppjtv9p19n2dn3pl3ZnYaQNcazP5JIrZHxB8R0R8R6eIKW8ovt25cGP/nxoXxJEqlt/9OssXi5o0L45WqSf66rVwoZh+UXkri5Trtzpw7f2psamrybF4enj394fDMufPPnDw9dmLyxOSZ0aNHjxweef650WfXJc8sppt7P5net+f1d6+8OX7syvu//JDUBF2bR4te6K/OXh1KGlR6fJ0a2yx21MwnxQ4Gwqr0RUS2unrm+39/FC7trL7XH6991tHggA1VKpVKo43fnisBd7AkOh0B0BmVA312/luZ2jT02BSuv1I+AcryvpVP5XeK5esgfeVzox0b1P5gRByb+/ebbIpVX4fo2aCoAIA72Y/Z+OfpeuO/NO6rqbczvzc0EBF3R8SuiLgnInZHxL0R83Xvj4gH6jcz+F6D9gcXlZeOf9Jra89uedn478X83tbC8V/1LthAIS/tmM+/Jzl+cmryUP6dHIyevqw8UvfTk4i57PX3Lxu1Xzv+y6as/cpYMI/jWrFv4TITY7NjLSeeu/5pxN5ivfyTKP6fReyJiL1rbOPkk9/vW/iXQnVu+fybWIf7TKVvI54or/+5WJR/RdL8/uTwXTE1eWi4slUs9etvl99q1H45/zSa57+l9UQbyNb/1nrb/0vV/AeS2vu1M0s+one5Ni7/+XnDc5q1bv+9yTsLGv94bHb27EhEb/LG0r/XXOCulCv1s/wPHqjf/3fly2T5PxgR2Ub8UEQ8HBH789gfiYhHI+JAk/x/fvWxDxrmv7+F7X8dZPlP1N3/NVr/q58pnPrpaqP2V7b+j1QK80GtZP+30gBb+e4AAADgdpFGxPZI0qHqfJoODZV/L787tqZT0zOzTx2f/ujMRPkZgYHoSStXuvprroeO5NeGK+XRvHwxLx/Orxt/XdgyXx4an56a6HTy0OW2Nej/mb8KnY4O2HCe14Lupf9D91p7/7fngNvdMr04bVccQPs5ikP3qtf/L9YWkij/Sh644zj+Q/eq9v+vVlC55nGvxQ9vArefZsf/Un8bAwHazvgfulIrz/Vvipn4LqJ5nWSzhLqqmS9aWbzYhggj7eD309uRlTJaiOjgJlFc6f9qEedKF1tutNN7JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgPXxXwAAAP//sm/k4w==") 1.715922016s ago: executing program 1 (id=714): r0 = syz_usb_connect(0x3, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000225708140d8131000728f0102030109021200010001100409047801"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 1.520020735s ago: executing program 0 (id=718): syz_mount_image$erofs(&(0x7f00000005c0), &(0x7f0000000140)='./file2\x00', 0x810418, &(0x7f0000000000)=ANY=[@ANYRES8=0x0], 0x5, 0x1d6, &(0x7f0000000200)="$eJzsmb/P0kAYx7937Quvb4yJi4OLg68Ro5S2qGEhBhN3E/DXJpFK0AIGagIkDsTFxdHBxNV/wMHBycHNzVUHNTFxkNG55o5re7ZAwKmJz2c4vvfc3XPPHfAloSAI4r/l+7ffX59frbUuADiKQxRV/KeRzOHa/C8vH59/Ub/26s3n1x8Gx55cSedjAMJw+/2PAHjfMBBEnRSH6rUFHusb4Din9C0wnFH6LjhuKu2B4Y7SDzQ9jPbwPeve0O/c7/meLRpHNK5oqvr+JoDFnKEDYF+eLQyZNj6ezh62fd8bpcVeGO2TGdpVbLo/WV+Do676oj7xft1+9nQuKrZU3NbuzwGHo3QVDE2layjCsqzkSrTznzST/MY258+DOF7ORRkk8iVYOiK+0HHkxOLdx+yqH3kp/h+ENC4AmaFPB7vkEQ7wd6SgTGDlqsSfmAmc1fzJhBn7RyXoP6qMp7Nyr9/uel1v4LrVy/ZF277kVqQRLdsN/rcv/elAy7+XtUhJgRUwaQfByJkAwciJ++6y1Ry3+Xb4S67h0v84SqeXOcRHRR67uLqe6LeBSy16JWNt8QRBEARBEARBEARBEARBEDtxCkz+C6oeVIVrcK/L2X8CAAD//+lAY1E=") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x48241, 0x141) 1.442177658s ago: executing program 0 (id=719): capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) 1.406643109s ago: executing program 3 (id=720): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newlink={0x48, 0x10, 0x439, 0x70bd2c, 0xffffffea, {0x0, 0x0, 0xe403, 0x0, 0x40083, 0x1}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @sit={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_6RD_RELAY_PREFIX={0x8}, @IFLA_IPTUN_6RD_PREFIXLEN={0x6, 0xd, 0x9}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @multicast1}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x24008080}, 0x4040) 1.320742103s ago: executing program 0 (id=721): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a03000000000000000000010000000900030073797a32000000000900010073797a300000000054000000060a01040000000000000000010000002c00048028000180080001006e6174001c000280080005400000000408000140000000010800024000004f0208000b40000000000900010073797a30"], 0xc8}}, 0x0) 1.042432975s ago: executing program 0 (id=722): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @dev={0xfe, 0x80, '\x00', 0x30}}]}]}, 0xac}}, 0x0) 1.042232875s ago: executing program 3 (id=723): r0 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) ioctl$VIDIOC_G_SLICED_VBI_CAP(r0, 0xc0745645, &(0x7f0000000540)={0x8, [0x9, 0x0, 0x7, 0x4, 0x1, 0x8, 0x3ab1, 0x5, 0x3, 0x7ff, 0x0, 0x3, 0x7, 0x31, 0x89da, 0x2, 0x7, 0x3, 0x1, 0x4, 0x6, 0xa, 0xc, 0x814, 0x81, 0x459, 0x15d1, 0x2, 0x1, 0xc6, 0x3, 0x9, 0xf6, 0x84, 0xc, 0x0, 0x7e, 0x4, 0x6, 0x0, 0x7, 0x8, 0x400, 0x9, 0x46e5, 0x0, 0x16dc, 0x5], 0x7}) 802.002145ms ago: executing program 3 (id=724): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e24, 0x2, @dev={0xfe, 0x80, '\x00', 0xc}, 0xc}}, 0x8, 0x4, 0x3, 0x6, 0x1dc, 0x8, 0x3}, 0x98) 734.687788ms ago: executing program 0 (id=725): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x5}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) 527.148077ms ago: executing program 3 (id=726): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0) ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0xc000003, 0xf, &(0x7f0000000180)=[0x138b, 0x9, 0xf909, 0x899d, 0x80, 0xfffffffb, 0x7, 0x10, 0xfffffe01, 0x1, 0x4, 0x2, 0x6, 0x8811, 0x0], 0x1, 0x4000007}) 421.732552ms ago: executing program 0 (id=727): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b0008850000000800000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000140)="c1188e99000000000000000088a8", 0x0, 0x200406, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 282.299728ms ago: executing program 3 (id=728): pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f0000002a80)=[{&(0x7f0000000a00)="1b", 0x1}], 0x1) 153.052033ms ago: executing program 2 (id=729): r0 = syz_mount_image$btrfs(&(0x7f00000023c0), &(0x7f0000005600)='./file0\x00', 0x2004853, &(0x7f0000000000)={[{@flushoncommit}, {@nossd}, {@nossd_spread}, {@noacl}, {@nobarrier}, {@discard}]}, 0x0, 0x559e, &(0x7f0000005680)="$eJzs3X1sVeUdB/BzKQWkQLs4FEMyGUNdls0gZoJOscjAUUHuwA1Jxmhl0iBBu2ZuaRdd49hwcS6Vl20sQV0iI6uNdnSDzBHFhCjE8TI0xoxXGaMZccjrwpjGpffe53LvubS9Mmd9+XxIe85zf+d57nNPzh/3e+lzbgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRFCWntzYv/t1Vm9849c7TDVe93LfvoxP+Vv+TW1cOHfu5R/5atvJP+1+aN7Jm+MTLWvcl5jbsHbskihKpfolM/7k3fWXG/Jlzpw0IA1Z/Nb2tqOjqKdNd96cb/fIe7OyX/1MTRVFpbICSzHZSWXrbJ2+A7G594YDdGjfozcWDj1a1rKkuq1368NRjhS+dTgN6ewK9JXNdHTx7LVWmfveJHZFt51x6ibxLNN0/fsG9Ly8CAHhXRidTm+zb0cxb3Gy7KV6PtStj7eZYO7xDaM5tnI/0uP26mueIeL2X5lmZjgr9u5xnrJ45/9l2Mt4/1o5FjXcxz/xDM5FmQFfzrIvVe2ueAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8kD2zd9K+bpz13eOJNT0y5bu9rs58/Oelrzy/63rED/x5+8eoD/1mz/6V5I2uGT7ysdV9ibsPesUuiqCLVL5Hunpg5cPLFX/hV1fd/39Ewdd2g5pdLMuOGbd+cg6PXws615VF0R07lYBj2H0OiKJlfSDWjlYWFBamdKaEAAADAR8klqd99su10HCzNaydSaTKR+hekw+K4QW8uHny0qmVNdVnt0oenHjv/8ZJdjFd5zvGy7YqzP4mcYBzib3y8s/VwaH3BON2LjxjP8yUdVy5Pbl/7jR2Pnn7x6r23bxtec881F97VUrv2kxdUHd/x99kF+b+i+/wfzpz8DwAAwP9C/o+P072e8v9FB8p2Ljrz6obrv/zHZ75527a7T/3mx1u+fVfHoSNNY35Qu2TzloL8PyLvKQvyf5hxyP99ovPL/wAAAPBB9v/O/5UF43Svp/xfOfrtZffcW7d26c6tZ8b/4fLWJ9reuHz1tTNGrWiN5j/bfuitgvw/urj83zd32uHBP4cJLyyPotHFn1QAAAAgT/h/97MfLYS8nv7kIJ7X77hlQvnu45d+d9Km2+7fM6zhwJ2n7xxXs3bh5gWfGX3ftMcqDxbk/8ri8n/p+/NyAQAAgCKMWrWj5q1ZV+4e88qe++qf2t06YPX0f75y/faWK5pOHF60ZeftBfk/WVz+7987LwcAAAA4h58+c82Pbm5c/K05VZvGnznx+uAH395zYX3rrgk/W7Fv2zvPrthVkP+ri8v/AzPbzMqHdKcXwl8hLCuPogGdO3XpwotR843ZAgAAAPAeCTl96aixHSvmD/3srP5TaluWr3ro0hGHP5VofnDonMbxpXs2Hrm3IP/XdX///3Cng7D+P+/+fwXr/3MK6bv+fcmNAQAAAPg4KlzPH26Pn/7mgq6+f7/Y9f+rrtv6622JG1+f3nTJvF+OWDRu8uQj+zY2nnyg+vObXh24ft0jBfm/qbj8X5K7fS+//w8AAADOw4ft+/9mF4zTvZ7u/998dePTj+2/+7kXntx8y6kLDp25of2KJ9vX33p/++HhJ6PG7acL8n9zcfk/bMtyX97GcH5+WB5Fwzp3MncT/G2Y7sJYoa00p5A+8bEeM0OPTKGtf04hpS7WY0x5FH26c6cpVvhEKDTHCkeHZAqPxwrbQyFzPWQLT8UKG8OV9vMhmenGC+tDIbPAoi2soCjLLomI9TjRVY/Owjl77Mo+OQAAwMdKCM+ZLFua34ziUbYt0dMBA3s6oE9PB5T0dEDf2AHxA7t6PKrOL4TH23+xoGb+X5bdMHRD+YxZO0u+fnDahC8uX1f9nQ1zJh8feVF5R0H+f7y4/B9ORb/0pqv1/1FY/5/5XsPs+v/qUKiIFdpCIRm/Y0AyPEc67D4UnqMimelxdFi2AAAAAB9p4XOBkl6eBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPyXvTsPk6q6EwZ8uumFbpruNvoIar6EYNh8pGkg4hITUQwkaLSJe4wKQqNIiyiQCEE/XOJuPk38RmNmDIyJWxBxGbfRiKJohESigyOKS6IO7ga3jMsj83RXnaLqVpddCCjtvO8fXafqd9ZbS9e599a5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/w4HvTB63pQZZ6y67JUVr4ehd14+6uKSX2w3fOnSPtf98urrf/XSA88tHd973HYj+sx/tuSomc/sfHYITW3lSlLFSw6oHtlj4OWjf3rL6pn73lpz0WMV6XrT8dCt9U9p+s6ZsdUXuodwW0kIZcnAwJpUoDx9vybW9+WaELYI6wKZEs3VqRLJhsMDVSHMDesCmaruqAqhJitw4KP33XNha+KSqhD6hBAqk208XZlqoyoZ6FuRClQnAyeUpQL/WJuSCdxemgrABotvhsyLfmFTbob69ssVeP2Vb7SOfb6Sw+sSE/WF872+5ybuVJaK5ANNG/S05VXHJpH39ljk3dYJ3m152/kiT1v2F6n0N5S160KVoXRC88RxM1qmx0dKQ0NDl0I1baLneeWa2ePXJ91pXoexA/Ub5XVY3nfYQX16jj7yyhXLFz1Ut3iD/xk8kbVJs9ObWmVIv+Y6zfMYDfd50gnefnlvjF6+dIUQDt1y5ajdRx700qDD6v+1zwU7X9/wq5t/WPrKlFW7HLzbguU/O7Iqb/5f/8nz/8zHUvq2NCd3bPXD2tTcPD5SExNv1qbm5gAAANBpdIa9pv94f8sF7yy5t/n6c4a+d8OcGwYuvq9uSfWYAbcePGzfO9b0bVqRN//vVdzx/3jIvyZ7tItCGN6WOKMuhJ5tj6cC18buHF0XwtfaUk25gT0TgUUhbNOWGJCpKlGiayzRKxFYXZsODE8ElsRAUyLwuxi4KBE4MwYWJgLjY2BRIrBXDIRJuePYoTY9jqIDVTEwNrURF8azEN6uja0lttVTmaoAAAA2kvTssDz3bta5DhuaIU4vF1Z1lCGegV0wQ2WihuQMNjOtKlhDWUc1lHZUQ2bccz55+Hk1l3RUc95pGCW5GUZc++C8Pz92Vp/59b9d/fX/6vnfO15+yHHTzxy65Yw5r75z6MrVPfLm/42fPP+vbKcjJXnH/0MY0/Y35i5NR1oy8bFNORkAAACADTB7h0sefuX42of7TVn0+nn//uP/X/H7W2cdsetri3/x5DM/Kq1ZdXDe/H94cef/x30iXbIyh2VxN8TkuhAacwOpar+ZH0gd9e6WDgAAAEBnkDkenzkWPil9mzpFOzmfzs/ftJ7544H/4e3mP7Bl0ZcOm95/7KPbXvKP+7f//d3zljXsf832V+yy8poRS7b69qiP8+b/TcWd/1+de5vqxJLYi1/WhdA1K/Bg7GVroE2vGHhuj9xAevxL4gY4P1aVPjEhU9X5scTYGGhMBOYWKrE8U6JnbiD9ZGUaPyMzjknpElkBAAAA+MzF3QHxuHw8//+qv/W/eeceF2+9d/3ybd6d/MJPbnj+vv5rSpde+vZ7x5z75Qtv/Hne/H/s+p3/3zYPzju9v6VbCIPKQuiS/GHAsurUwoAxUFOSTtxdnaqrS7Kq06pD2L11YMmq/ppe/78sucbgo1WpqmKgZ+9r1vRtTVxZFcKg7MDjh8/bqTUxPRHINH5QVQhfbR1tsvF/65pqvDzZ+KVdQ/hKViBT1dFdQ2htrCJZ1X2V6esYJKu6oTKELbMCmaqGVYYwMwDQScV/pROyH5w2c9bkcS0tzSdtwkTch18VJk5qaW4Yf0LLhMoCfZqQ6HPOMkan5Y+p2CvfPJVeouij7/SuLyad+Z1gY3Zb6f34eScOpu/H70LlbeMcUp5zd2hyyP23z28iZH2TKjTk0k085OrsStY9iXn1x/wVoVvoOmNa80kNJ4+bPv2kwam/xWYfkvobDzOlttXg5Laqbq9vRbw8Cq6WlfBpt1W/7EoGTT9+6qBpM2cNnHT8uGOaj2meMnhIY+OuuwwdOqRxUOuo0n87GGq/9qpODHXtvCLHtRGHum1ZViWfxaeGhIREZ0t87YRjH5l65VtX7Fe3y1m3DPv+DTce98bBP2nceu3ZNYfvM/m1xbPy5v9TP3n+Hz914id/en2GQsf/6+Nh/tTj6w7zj42BucUe/68vdDQ/c2JAr0RgTgzMcZgfAACAL4a4OzLuzYx7pbc85Nu3r9rjr8+8stuu/+cPdx9a++FVXQ4b9f+m7fjkFo+U//Hwl/bJm//PKe73/xtp/f/M0vWjCy3zPyCWaCy0/n9ymf/M+v9zCq3/n1zmP7P+/9zPYf3/GZlAYpO8bf1/AADgi+CzW/+/w+X9kxcIyMvQ4fL+yQsE5GXocBn/Yi8QsN7r/zesOnrkhT1//dWXv3nIvj+Y8uKUBf2P/NYe1/zwvHvDNXd/Y0W/OXnz/4uKm/9buB8AAAA2HxOe/N3qwcfv+sEjD91eutdPl7/4lTeeOKbp7gfWXvzqHe9cMWKbiXnz/7nFzf8/+/X/QqHz/3sVCjQVWhjQ+n8AAAB0UoXW/3vxT996cGTlTxpPffS3f7hqp8sP3+PUh6+6d6+JV9fuc9MOo3913q558/+Fxc3/42kXpTm5Y28+rE2taReSa9q9WZv5yQAAAAB0DqWhoaG8yLw5K6Pu+enbXJleCvST0tlmXP7uqgmX7D1w3N9eHXDgf9w4+83vn/jEHac/PfvpWUsve3Pvd5blzf8XFTf/z/ldRnnfYQf16Tn6yA+vXLF80UN1iyvWHf8HAAAANp1i90sAAAAAAAAAAAAAAACfvzvXvPfro7a+b9jP77z1xj1Hvdpnu4/3ffGt58/Z7XsPz/7z1Y99sDTv9/9hTFu5Qr//j9f9i78v2Cond2y14/X/0vcP3GfBzLYlC5fVhrB9dmDy6ZO3COlr8/fLDtxzxIAerYnTkyXuemavF1sTRyUD3x34pfdaE7snAmPjIonbJAPxqorvdU8E4vKKjyUDcXssTAYq0oFzu6fGUZLcVi/XpLZVSXJbPVkTQl1WILOtbqtJtVGSHOAliUBmgCcmA3GA+6UDpcleLeiW6lUM1MSiv+mW6hUAAJut+C2wPEyc1NLcGL/Cx9tty3Jvo5wly07Lr7akyOafSi9N9tF3etcXk+6S/C667lrj5aGydQiD876uZmcpaRvlxqmlg023VYEhd7TaW2mBcknru+kqCo+oKjWihvEntEwo73DgQzvOMqSswyyD8yY72VlK2zZpEbUU0ZciRlTktimiy/F+aWho6JLItVsM1occHb0iiv29fvY6f4VeBdl56vcetcfWpTsNOXjns08cM2TJN7ZY/MrbO52y7OQXVvzTbd8be2rPvPl/fXHz/8rscb2XvhjAnHhlvW/WhTC2yBEBAADAF9/1/3f+TYeesOTliYvK/vMvf5lcuv+h5Wtn3zJ71s+evPv8756749UbGr/goVNaRk4sq7jx5t/ude3yc07ft+nQ5mGr7yx9ftmfLm3u/0b++v+9ipv/xz1Y6UPBqb0di+L1/8+oC6Ht0vr1qcC1cbhH14XwtbZUUyyRuqD+6FiiMRW4Nu4wGRBLjG3KraprDCxMBFbXpgOLEoElMZDeS3FNSO/Kubg2hJ3aUmNyS0yNJeoTgf1joFci0BADjYlA9xgYngi81j0daEoElsZAmJS7rW7unt5WAAAA6yM9zyrPvRuS87yFZR1lKOkoQ3VHGUo7ylDZUYZCo4j3b4oZyhMnr5RkZSpP1lqVqCUvQ7wY/nr3Ky9DWJ6bM1kwr+l4/kHmfIOS3AyndLvgrMe/HYYteG23h2e+Nbphu7/vd/9T90+/dPm5Kz8896DlL+TN/xuLm/9X596mWl8S5//rrv+XCjwYu/fLeOp4rxh4bo/cQHrHwJI42T0/U1VTukR60n5+LDE8BnolAlNjYHgiMHZMOjC3R24gPdPONH5GpvFJ6RJZAQAAAPjMxR0EcTdNnP8fu1/vRy+/+bqWxecMuP3da689r9eIZ2+cc9ezFxz2VGh6feWEN/Pm/8OLm//H9rplN3Zm7M0L3UO4rWRdbzKBgTWpQNyPURN/Hv/lmhC2yNrBkSnRXJ0qUZFoODxQlfqFekWyqjuqUmsMxPsHPnrfPRe2Ji6pCqFP1t6XTBtPV6baqEoG+lakAtXJwAllqUDc85MJ3F6aCsAGy+wVjC+o9KkuGfXtlyvw+vuiXBM0Oby8faDt5GvvN1ebSmXygfQ+1Yz1e9ryqmOTyHt7LPJu64zvtnrvtuwvUulvKGvXhSpD6YTmieNmtEyPj2T/kjXPJnqes3+lWkx6I7wO53z63nasMtmBxsTHR2P75dp/HZZkFtrqO+ygPj1HH3nliuWLHqpbXFF0NwqIPxQ+o+7i+ieyNu+mVhnSr7lO93nS5POkM/4b6OVpCyF0feK4poV7f/z02V23fmCbmz96aOdDV1z19rfuOXr3J7cYNeKKhT/Mm/83FTf/L0vctnk/bsxpdSH0z9q4y+LmH1GX+hzMCqQ+JbfMD6QOuT9fW/CTEwAAADa2zO6OzP6CSenb1AnhyXlyfv6m9cwf91cMbzd/sf1++eNVP3p+4bwPTq2bcdabp87d9/2xj1837u8Nu9xXd/Ir/zLvgGPz5v9jP3n+3zXRTcf/Hf9nE3H8v12b+67orskH5mzQrui86tgkHP9v1+b+bnP8v12O/zv+3x7H/zvg+H+7NvenLe9b0lRfukII83+0w13LLxt/y0tNLVefPWvk19/9ftPiU+4aPuXXD7y6ZOaf7+yXN/+fWtz83/p/7S/al1n/b2yh9f+mFlr/b471/wAAgE2qwEJzyXle3up9eRmSq/flZehwgcAOlxi0/t96r/939KpH99/jlt1/80TpvBuv2/+DytuOGLLVDdvPn3j4+688tWb+vb/Pm//PKW7+H18O3bJb7yzr//UaU6Cqi2JgqoUBAQAA2BwV2kEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA56ux/48fm73ghSUf/vjIvd4+f/FFlx6wY8/5Y+5/640eB77z1iEjlz63dHzvcduN6DP/2ZKjZj6z89khTGorV5IqXnJA9cgeAy8f/dNbVs/c99aaix6rTNdbnr7dLid3bPXD2hDmZj1SExNv1rbeWRc4cJ8FM8taE8tqQ9g+OzD59MlbtCZ+VxtCv+zAPUcM6NGaOD1Z4q5n9nqxNXFUMvDdgV96rzWxezpQkuzuP3dPdbck2d0Lu4dQlxXIdPe47rlVZdoYlQ6UJtu4uibVRgzUxKKX1aTaiIGWWGJS1xAGlYXQJVnVHytTVXVJVnVnZaqqLsmqTq0MYfcQQlmyqmcqUlWVJUf+SEWqqhjo2fuaNX1bE3MrQhiUHXj88Hk7tSZOTAQyjf+gIoSvtr5kko3fVJ5qvDzZ+CXlIXwlhFCRLPFOWapERbLEX8tC2DIrkGn82LIQZga+EOKHz4TsB6fNnDV5XEtL80mbMFGRbqsqTJzU0tww/oSWCZWJPhVSkpVee9qnH/tTa2aPb7396Du964tJl6XLlbd1eUh5zt2hm3vvY7+qsytZ93zk1R/zV4RuoeuMac0nNZw8bvr0kwan/habfUjqb5d0NLWtBneWbdUvu5JB04+fOmjazFkDJx0/7pjmY5qnDB7S2LjrLkOHDmkc1Dqq9N+NMdR5n/1Qty3LquSz+ACQkJDobInSnE+3xs39gzzvi/66jpaHyrYP6LxpRXaWkrZRboxB7/kpR/xpvqd0OKLBeROHvCxDOs4yNG8ysS5LVSpL2/e6vMlhdk2lbZs03i8NDQ1dCm2H+ty72Zv39Q3YvCvTm67YNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8DztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCwAAAAAI87cOo2cDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBLAQAA//8d6cf4") ioctl$BTRFS_IOC_DEV_REPLACE(r0, 0xca289435, &(0x7f0000000500)={0x1, 0xe91, @start={0x0, 0x1, "5e9c8f8f78940f512ec220244a46c7b2f6a601017dbb72ea15d936742125983b69573b15d03ce3858c9a335e14c26d4e18c07a4e2e9dfe51266177d25580cb5387ad27134a80d26023071e2b3ef52ba01b55ad47dba340b97e2f376229d0d3381bd8cdfa94a538e26120dbb4766abb516cee9feed4b09810beb3ae7da649fa2cc2c65c66c4388b15889c1d7367155137286a580b81b3b53a9c0cddaf615111813b9a8d890f6a649537286a5d1d80f73a6ec2a48fcf54399a1c606a0c1a5760f70454f832d4b33fff1658647f0cab2a709667469e5b5d536ca3552640204ca085c8f288694de114ab001d1fc31702a0ed9619a5fe17eaf8013fadfdca64f64b41f082e7a7889922a8c69a78aad0235b10c49af64a1035c60f952d62dc41631012ec9467f0e89e95c10c1213acb3bcdbe76d263bcf067d1eba5a1ea6395126b02ad96d1cadd4ed05b94ed2b18d90399df0f19031e4dc434dee9ab6ff13a37ecf951e396d9264baf6e4ad323e067e7758fda397176cff3a3e66b16485af85408d83c44f3953b8e1a9388ea60983416a629b3ae7c678d2ced597b2bd52e10c7625c78d639690bbe533f6646507d94ac03c8de5c58c5c81881da2994a2d91b699cd33abafa64287fe038cd978281434e9cde60c89fd7b309d4c69a5acb5b7fb2841fe7a91c5abc1ccfef64ee6a9b6e6325008963ef662a37cd96898636af8b5168155af6daa82a16a03fc86896da30f0ff08a6851323e2c2f3f167afbf29ada82934b59edef8fff4f7018b093abf9dd8ca442492637c5ad2a4d2d8bad8d5b4c386c85980cbcf21269e274399bca84474c409abf70702e9652297fd10caf60a848bffb8d801fa978eb957bb1bbda49596a31c63c1f3aea4ed6a50bbee3a75f2b17b2c254dface7a9e2c0cb01e5c39a72f28ea6443e9e67f1b732cf9906785f030dbee94961fb10f9a42ef89fd0e990d63716401c3aab7234fc9eb2259cc731a91df95866b2bf2102ba6b7fc274ffa4fc71eb39214a9e7bf3200fc14087f6cf5e2e1690ac68f0c1b4bcb2d505c21f1ccd4c5f6969d29d475e77079a032b950b08f8b48ca323c805cd0712109002c08778ac50f01753fc79d7da05205df09588fb6f07f4de618406f16b2e556fdf7aff4604f22ab2a08c4aec52bb146ed7d4cc467d116c35d29084a7c1d64d4bab71a55dec26029e3e0ad3dc0b6b222236662e7a938d311da618f9c8b9faf01949b680830459849683cb30df3efb2ba913981cad6a7d1d5aa3102389e398b11dd28f5b1b06fe20e890aeb365c79d1ae9a81f14c1221d681361eb7255f67180a24b940998a0feaf797a46d7544693c9ae9ee48d0fa6cc357989cd0f2c2ae04ce564a246a8011b9def7d1fbf5b41211ce3482485e489f5af895a9e565c9c589e674a0a3739c0ca517873e0c2908954659357a42b93f214edcd", "2c926d6b000a05e0cb4586995230804a8eeaa9ab5abe94772146dffb9fbe968478da67de998605ca72c956137edbdcb5a43ed4d4022496752787036cbc784b4d16eb490afa178ebafe9686a7ab2b34330080296eb0b5a326bbdf41d67048c0ac3ee007f2ac90da753d6b1df68350e5442808d075eb0ce49002174fb2728512cb7f4f57abbe550c75a951adc7439269bd4dd611245eab2ddc94888b972ca482c11d473cd6b6b32c666001bddcd8848f82c47f76428d52ab3c51589c8b2f9924bfc3eac2448589e83ef8406c0855b4741ce6d1369f2f8dc3ce5d5bc46f7c9c65c8a11b0c2201a7e39678732f3aee27c2900e8e6cf2a4e0a90e45f7a914b37384da67bf82f3367de87a63aa33302878719754cb449307c83caefec49dec4c12518204f9696c1f5a6290e90c8001463d398aa4879ca8668f5563f98859037b6f9d90715614da97224163c286f16d3e59bfaac41d864c35902397b3b22329cb7331013b1291ba71713c1cd30bd0592a6cc29886430164e24118d5e54560fc570757d6b0565e3f54660b2a95f4420152fecfff1d3b63c583922152f3babee39ad317117e24235ccfd0508ac9ba8b2ad537775fcc886a5e0d1ce2a7f9ee33da83f07d583cbf6f8f8c43d22f40aadc320efbca03febe156c571da695a9765ec7ac65d8feff7f825371bfe8dfd45c7cac002a4fca903f36f5ca20bba4b995db439bd99a18867f0f0f3d38e942ae43a7238ef94bd920fa8930911a0af7212fdfadbaf5889ec235172af7aa0fe4b019628d6a6cd1adc325154db444df471adebc095ce5949527fd2604f370c78e24c3dad1775c322e19c6bca7323b4ed456d674be6ca1b1ec3d328987573a71eedc394c75594bbebfece5beeb7806e95d62b3076f17c1f13a73ee229beae80b8a9e3c58dfd834bdfb15842b6163ebdc33b29961fe7a9e4be6eb67455edd114d20e97a626a0fce071792a892d41172f70b6a0b91fb7396e4b540d47a16efe792201317e4b72b6934a6600c355b9c70d4d4478f5d4fb721c64952556ad4c163934fe7563da15a162226d510a3e1fe9e9b7c6760f4a95183ec6c11cc16eca9f7871ca57672b4c82a5c5f98fdc29c61e9753b9a4aced7bdb2b80fc3e33e0eba7a5802378d3834612f126f70f8d447b7bb796d407488de29cf3473c9cf4717f597da57ba4a18aa311f75a22493f0cae49c7e0c86cdd78d45fb3699ee9bb9f2241ab6b17e89079c37de3906b882c6915093e96fb379269987abcec2b95651dd46da97d269e2b54ead504b96c20f97892b3f4c0413f83fd44e76c42e52295fc383a44f9ebaa306a0573949100371b37bef00a800d30ca32ede40d0422a236203464d8ecb173a64bc68352f6bf942385d5807bd786573133cbe823fe5fdbf4c8ac1a89b6ac98991b04d8721e485b61aed67e3b6860aa539d7757128a14a"}, [0x800, 0x1, 0x461, 0x6, 0x10, 0x200, 0x8, 0x2, 0x4, 0x100000000, 0x2, 0xe87b, 0x826, 0x4, 0x1, 0x3, 0x8000000000000001, 0x1, 0x9, 0xe, 0x1, 0x4, 0x7fffffffffffffff, 0x53, 0x80, 0x80000001, 0x9, 0x10, 0x6, 0x42, 0x3, 0x1000000000003, 0x4, 0x5, 0x7fff, 0x400, 0x5, 0x5, 0x8, 0x5, 0x7fffffff, 0x3b0000000000000, 0x7, 0x100000001, 0x8, 0xfffffffffffffff7, 0xd0, 0x3fffc00, 0x1, 0x10000007f, 0x8000, 0xffffffffffffb083, 0x5, 0x2, 0x6, 0x9, 0x0, 0x2, 0xff, 0x1, 0x2, 0x8000, 0x8, 0x182000000000]}) 0s ago: executing program 3 (id=730): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001300)=@raw={'raw\x00', 0x3c1, 0x3, 0x410, 0x1c0, 0xc8, 0x8, 0x1c0, 0x5803, 0x340, 0x2e8, 0x2e8, 0x340, 0x2e8, 0x3, 0x0, {[{{@ipv6={@remote, @local, [0xffffffff], [0x0, 0x0, 0x0, 0xffffff00], 'vlan0\x00', 'geneve1\x00', {}, {}, 0x33, 0x0, 0x6}, 0x0, 0x190, 0x1c0, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "cfcaf80c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5df11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f35a214e67262c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5", 0x1, 0x2, {0xfffffffffffffffe}}}, @inet=@rpfilter={{0x28}}]}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x98, 0x5df5, 0x800}}}, {{@ipv6={@mcast2, @private0, [0x0, 0x0, 0xff], [], 'batadv_slave_1\x00', 'bridge_slave_0\x00', {}, {}, 0x0, 0x0, 0x0, 0xc}, 0x0, 0x118, 0x180, 0x0, {}, [@common=@hbh={{0x48}, {0x0, 0x0, 0x0, [0x0, 0x1ff, 0xfffd, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5], 0xff}}, @inet=@rpfilter={{0x28, 'rpfilter\x00', 0x2}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x6, 0x6, 0x1, 0x9, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x470) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.2' (ED25519) to the list of known hosts. syzkaller login: [ 60.356277][ T5776] cgroup: Unknown subsys name 'net' [ 60.520024][ T5776] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 61.895137][ T5776] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 63.166318][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 63.174775][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 63.182537][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 63.195291][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 63.203179][ T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 63.210644][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 63.233161][ T5790] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 63.241670][ T5790] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 63.249456][ T5790] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 63.257605][ T5790] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 63.265526][ T5790] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 63.273006][ T5790] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 63.360552][ T5790] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 63.369194][ T5790] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 63.377191][ T5790] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 63.385352][ T5790] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 63.393300][ T5790] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 63.400771][ T5790] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 63.482723][ T5790] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 63.491758][ T5790] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 63.500736][ T5790] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 63.510028][ T5790] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 63.524741][ T5790] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 63.532264][ T5790] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 63.684480][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 63.766375][ T5789] chnl_net:caif_netlink_parms(): no params data found [ 63.888142][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.895407][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.902849][ T5786] bridge_slave_0: entered allmulticast mode [ 63.910781][ T5786] bridge_slave_0: entered promiscuous mode [ 63.919736][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.926934][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.934304][ T5786] bridge_slave_1: entered allmulticast mode [ 63.941578][ T5786] bridge_slave_1: entered promiscuous mode [ 63.968144][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.975484][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.982643][ T5789] bridge_slave_0: entered allmulticast mode [ 63.989919][ T5789] bridge_slave_0: entered promiscuous mode [ 64.032402][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.039652][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.047903][ T5789] bridge_slave_1: entered allmulticast mode [ 64.054873][ T5789] bridge_slave_1: entered promiscuous mode [ 64.089973][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.103159][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.115079][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.127809][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.186106][ T5786] team0: Port device team_slave_0 added [ 64.213447][ T5786] team0: Port device team_slave_1 added [ 64.234218][ T5793] chnl_net:caif_netlink_parms(): no params data found [ 64.247999][ T5789] team0: Port device team_slave_0 added [ 64.256537][ T5789] team0: Port device team_slave_1 added [ 64.291291][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.298387][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.325225][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.368523][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.375675][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.401782][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.421724][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.428906][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.455353][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.490748][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.497811][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.523933][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.593260][ T5796] chnl_net:caif_netlink_parms(): no params data found [ 64.603745][ T5793] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.611278][ T5793] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.618994][ T5793] bridge_slave_0: entered allmulticast mode [ 64.626216][ T5793] bridge_slave_0: entered promiscuous mode [ 64.651052][ T5786] hsr_slave_0: entered promiscuous mode [ 64.657765][ T5786] hsr_slave_1: entered promiscuous mode [ 64.677049][ T5793] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.684559][ T5793] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.691738][ T5793] bridge_slave_1: entered allmulticast mode [ 64.698823][ T5793] bridge_slave_1: entered promiscuous mode [ 64.718089][ T5789] hsr_slave_0: entered promiscuous mode [ 64.725017][ T5789] hsr_slave_1: entered promiscuous mode [ 64.731216][ T5789] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.739230][ T5789] Cannot create hsr debugfs directory [ 64.810844][ T5793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.823050][ T5793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.931233][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.938675][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.946038][ T5796] bridge_slave_0: entered allmulticast mode [ 64.952749][ T5796] bridge_slave_0: entered promiscuous mode [ 64.961237][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.968443][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.975711][ T5796] bridge_slave_1: entered allmulticast mode [ 64.982731][ T5796] bridge_slave_1: entered promiscuous mode [ 64.992344][ T5793] team0: Port device team_slave_0 added [ 65.005584][ T5793] team0: Port device team_slave_1 added [ 65.068382][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 65.075657][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.102193][ T5793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 65.127964][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 65.143429][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.153170][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.161183][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.187408][ T5793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.277535][ T5796] team0: Port device team_slave_0 added [ 65.304905][ T5790] Bluetooth: hci1: command tx timeout [ 65.304916][ T5788] Bluetooth: hci0: command tx timeout [ 65.308742][ T5793] hsr_slave_0: entered promiscuous mode [ 65.322483][ T5793] hsr_slave_1: entered promiscuous mode [ 65.328922][ T5793] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 65.337669][ T5793] Cannot create hsr debugfs directory [ 65.345413][ T5796] team0: Port device team_slave_1 added [ 65.380961][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 65.389815][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.415867][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 65.437367][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.445275][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.471442][ T5790] Bluetooth: hci2: command tx timeout [ 65.477143][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.600923][ T5786] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 65.624076][ T5790] Bluetooth: hci3: command tx timeout [ 65.640447][ T5796] hsr_slave_0: entered promiscuous mode [ 65.647710][ T5796] hsr_slave_1: entered promiscuous mode [ 65.654791][ T5796] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 65.662367][ T5796] Cannot create hsr debugfs directory [ 65.668189][ T5786] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 65.678694][ T5786] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 65.711358][ T5786] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 65.808344][ T5789] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 65.818362][ T5789] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 65.850600][ T5789] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 65.891205][ T5789] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.945222][ T5793] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 65.956215][ T5793] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 65.975818][ T5793] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 65.991137][ T5793] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 66.106573][ T5796] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 66.118804][ T5796] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 66.151789][ T5796] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 66.162349][ T5796] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 66.185613][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.273370][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.305722][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.318552][ T3517] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.325992][ T3517] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.343663][ T5793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.366400][ T5789] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.377035][ T3517] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.384203][ T3517] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.443385][ T3496] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.450538][ T3496] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.461082][ T3496] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.468301][ T3496] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.521576][ T5793] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.566261][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.588399][ T5789] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 66.618172][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.625344][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.655989][ T5796] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.682308][ T3496] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.689502][ T3496] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.737158][ T3517] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.744368][ T3517] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.788633][ T3479] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.795808][ T3479] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.882471][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.005222][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.051854][ T5786] veth0_vlan: entered promiscuous mode [ 67.071927][ T5786] veth1_vlan: entered promiscuous mode [ 67.171552][ T5786] veth0_macvtap: entered promiscuous mode [ 67.193735][ T5789] veth0_vlan: entered promiscuous mode [ 67.217872][ T5786] veth1_macvtap: entered promiscuous mode [ 67.238842][ T5789] veth1_vlan: entered promiscuous mode [ 67.288290][ T5793] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.320546][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.339775][ T5789] veth0_macvtap: entered promiscuous mode [ 67.357999][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.379548][ T5789] veth1_macvtap: entered promiscuous mode [ 67.386131][ T5790] Bluetooth: hci0: command tx timeout [ 67.393519][ T5786] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.405392][ T5790] Bluetooth: hci1: command tx timeout [ 67.407345][ T5786] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.419525][ T5786] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.428420][ T5786] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.463618][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.479419][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.490982][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.503324][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.516246][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.527567][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.544368][ T5790] Bluetooth: hci2: command tx timeout [ 67.580907][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.593260][ T5789] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.604401][ T5789] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.613118][ T5789] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.622922][ T5789] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.682077][ T5793] veth0_vlan: entered promiscuous mode [ 67.694880][ T3447] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.703754][ T3447] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.713629][ T5790] Bluetooth: hci3: command tx timeout [ 67.742197][ T5793] veth1_vlan: entered promiscuous mode [ 67.778749][ T3517] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.794019][ T3517] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.817596][ T5793] veth0_macvtap: entered promiscuous mode [ 67.842182][ T5793] veth1_macvtap: entered promiscuous mode [ 67.873564][ T3517] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.904487][ T3517] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.919691][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.930626][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.941883][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.965942][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.977011][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.990116][ T5796] veth0_vlan: entered promiscuous mode [ 68.007198][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.022438][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.040692][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.052126][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.066473][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.099744][ T5793] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.110269][ T5793] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.110649][ T5866] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 68.121676][ T5793] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.139843][ T5793] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.152067][ T2948] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.153119][ T5796] veth1_vlan: entered promiscuous mode [ 68.163600][ T2948] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.370995][ T5796] veth0_macvtap: entered promiscuous mode [ 68.393759][ T3517] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.420383][ T3517] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.444140][ T5796] veth1_macvtap: entered promiscuous mode [ 68.524482][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.540302][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.564557][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.585592][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.603867][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.618515][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.639744][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.658992][ T3447] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.683956][ T3447] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.698017][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.725696][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.742817][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.755977][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.766552][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.777715][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.808190][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.849433][ T5796] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.855051][ T5881] syz.3.10[5881]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 68.861086][ T5796] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.888735][ T5881] loop3: detected capacity change from 0 to 16 [ 68.899737][ T5796] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.933710][ T5796] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.134921][ T5886] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3'. [ 69.222740][ T3517] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.244512][ T3517] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.251943][ T5891] process 'syz.3.12' launched '/dev/fd/3' with NULL argv: empty string added [ 69.317996][ T3479] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.341078][ T3479] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.472020][ T5790] Bluetooth: hci0: command tx timeout [ 69.478308][ T5788] Bluetooth: hci1: command tx timeout [ 69.625255][ T5788] Bluetooth: hci2: command tx timeout [ 69.784551][ T5788] Bluetooth: hci3: command tx timeout [ 69.889109][ T5912] lo: entered promiscuous mode [ 69.904280][ T5912] lo: entered allmulticast mode [ 69.929697][ T5912] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 70.170047][ T5905] loop2: detected capacity change from 0 to 32768 [ 70.206820][ T5905] (syz.2.18,5905,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 70.273626][ T5905] (syz.2.18,5905,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 70.387022][ T5905] JBD2: Ignoring recovery information on journal [ 70.487147][ T5905] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 70.654245][ T5933] netlink: 'syz.3.28': attribute type 3 has an invalid length. [ 70.698722][ T5933] netlink: 201372 bytes leftover after parsing attributes in process `syz.3.28'. [ 70.835904][ T5938] loop0: detected capacity change from 0 to 1024 [ 70.967948][ T5793] ocfs2: Unmounting device (7,2) on (node local) [ 71.398776][ T5953] loop3: detected capacity change from 0 to 256 [ 71.508976][ T5953] FAT-fs (loop3): Directory bread(block 64) failed [ 71.524289][ T5953] FAT-fs (loop3): Directory bread(block 65) failed [ 71.532951][ T5953] FAT-fs (loop3): Directory bread(block 66) failed [ 71.540638][ T5884] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 71.550057][ T5788] Bluetooth: hci0: command tx timeout [ 71.550273][ T5790] Bluetooth: hci1: command tx timeout [ 71.561210][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.568427][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.578043][ T5953] FAT-fs (loop3): Directory bread(block 67) failed [ 71.588895][ T5953] FAT-fs (loop3): Directory bread(block 68) failed [ 71.595766][ T5953] FAT-fs (loop3): Directory bread(block 69) failed [ 71.602411][ T5953] FAT-fs (loop3): Directory bread(block 70) failed [ 71.610493][ T5953] FAT-fs (loop3): Directory bread(block 71) failed [ 71.617769][ T5953] FAT-fs (loop3): Directory bread(block 72) failed [ 71.625085][ T5953] FAT-fs (loop3): Directory bread(block 73) failed [ 71.704461][ T5790] Bluetooth: hci2: command tx timeout [ 71.782615][ T5884] usb 2-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 71.802549][ T5884] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 71.822843][ T5884] usb 2-1: Product: syz [ 71.828614][ T5884] usb 2-1: Manufacturer: syz [ 71.850540][ T5884] usb 2-1: SerialNumber: syz [ 71.865346][ T5790] Bluetooth: hci3: command tx timeout [ 71.883152][ T5884] r8152-cfgselector 2-1: config 0 descriptor?? [ 71.906928][ T27] audit: type=1800 audit(1763577584.553:2): pid=5953 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.38" name="file1" dev="loop3" ino=1048592 res=0 errno=0 [ 72.034928][ T5847] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 72.262053][ T5847] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 72.293872][ T5847] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 72.310751][ T5847] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 72.320260][ T5847] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67 [ 72.338668][ T5847] usb 1-1: SerialNumber: syz [ 72.353678][ T5884] r8152-cfgselector 2-1: Unknown version 0x0000 [ 72.380992][ T5884] r8152-cfgselector 2-1: USB disconnect, device number 2 [ 72.604979][ T5847] usb 1-1: 0:2 : does not exist [ 72.682437][ T5847] usb 1-1: USB disconnect, device number 2 [ 72.742532][ T5888] udevd[5888]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 72.849788][ T5979] loop3: detected capacity change from 0 to 32768 [ 72.887889][ T5979] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 73.080899][ T5979] XFS (loop3): Ending clean mount [ 73.116980][ T5979] XFS (loop3): Quotacheck needed: Please wait. [ 73.200099][ T5979] XFS (loop3): Quotacheck: Done. [ 73.277345][ T6005] netlink: 44 bytes leftover after parsing attributes in process `syz.1.60'. [ 73.514040][ T5786] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 73.894051][ T6021] netlink: 'syz.2.69': attribute type 16 has an invalid length. [ 73.923945][ T6021] netlink: 'syz.2.69': attribute type 17 has an invalid length. [ 74.439993][ T6015] loop0: detected capacity change from 0 to 32768 [ 74.578240][ T6015] ERROR: (device loop0): dbAlloc: unable to allocate blocks [ 74.578240][ T6015] [ 74.623228][ T6015] ERROR: (device loop0): remounting filesystem as read-only [ 74.649607][ T6015] jfs_create: dtInsert returned -EIO [ 74.677464][ T6015] ERROR: (device loop0): jfs_create: [ 74.677464][ T6015] [ 74.973594][ T6053] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 75.902560][ T6094] netlink: 'syz.3.105': attribute type 3 has an invalid length. [ 76.095273][ T6099] loop1: detected capacity change from 0 to 1024 [ 76.410946][ T23] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 76.599672][ T23] usb 3-1: unable to get BOS descriptor or descriptor too short [ 76.618861][ T23] usb 3-1: not running at top speed; connect to a high speed hub [ 76.628421][ T6123] netlink: 'syz.3.119': attribute type 11 has an invalid length. [ 76.635052][ T23] usb 3-1: config 1 has an invalid interface number: 138 but max is 0 [ 76.654207][ T23] usb 3-1: config 1 has no interface number 0 [ 76.661367][ T6121] loop1: detected capacity change from 0 to 4096 [ 76.676982][ T23] usb 3-1: config 1 interface 138 has no altsetting 0 [ 76.678307][ T6121] ======================================================= [ 76.678307][ T6121] WARNING: The mand mount option has been deprecated and [ 76.678307][ T6121] and is ignored by this kernel. Remove the mand [ 76.678307][ T6121] option from the mount to silence this warning. [ 76.678307][ T6121] ======================================================= [ 76.716061][ T23] usb 3-1: New USB device found, idVendor=0cb8, idProduct=c90b, bcdDevice= d.ae [ 76.743956][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 76.752030][ T23] usb 3-1: Product: syz [ 76.773893][ T23] usb 3-1: Manufacturer: syz [ 76.779275][ T23] usb 3-1: SerialNumber: syz [ 76.779711][ T6121] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 76.805154][ T5847] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 76.926864][ T6127] netlink: 8 bytes leftover after parsing attributes in process `syz.3.121'. [ 76.940279][ T6127] netlink: 8 bytes leftover after parsing attributes in process `syz.3.121'. [ 76.950813][ T6127] netlink: 4 bytes leftover after parsing attributes in process `syz.3.121'. [ 77.013915][ T5847] usb 1-1: Using ep0 maxpacket: 16 [ 77.040064][ T5847] usb 1-1: config 0 has an invalid interface number: 41 but max is 0 [ 77.052513][ T23] usb 3-1: Quirk or no altest; falling back to MIDI 1.0 [ 77.078006][ T5847] usb 1-1: config 0 has no interface number 0 [ 77.082265][ T6121] ntfs3: loop1: failed to convert "c46c" to maccroatian [ 77.101684][ T5847] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 77.141843][ T5847] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 77.186790][ T5847] usb 1-1: config 0 interface 41 has no altsetting 0 [ 77.193919][ T23] usb 3-1: USB disconnect, device number 2 [ 77.275048][ T5847] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 77.301583][ T6132] udevd[6132]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.138/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 77.320752][ T5847] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 77.340819][ T5847] usb 1-1: Product: syz [ 77.345386][ T5847] usb 1-1: Manufacturer: syz [ 77.349999][ T5847] usb 1-1: SerialNumber: syz [ 77.404918][ T5847] usb 1-1: config 0 descriptor?? [ 77.411431][ T6118] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 77.419454][ T6118] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 77.656343][ T6118] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 77.714435][ T6118] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 77.778812][ T6143] No source specified [ 77.965839][ T5847] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): set LINK LED failed : -71 [ 77.967716][ T6147] netlink: 12 bytes leftover after parsing attributes in process `syz.3.129'. [ 77.996753][ T5847] CoreChips: probe of 1-1:0.41 failed with error -71 [ 78.015619][ T6149] xt_TCPMSS: Only works on TCP SYN packets [ 78.026745][ T5847] usb 1-1: USB disconnect, device number 3 [ 78.113012][ T6147] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 78.408295][ T6163] raw_sendmsg: syz.3.137 forgot to set AF_INET. Fix it! [ 78.682904][ T6173] loop1: detected capacity change from 0 to 256 [ 78.724790][ T6175] netlink: 'syz.2.143': attribute type 2 has an invalid length. [ 79.125560][ T6193] loop1: detected capacity change from 0 to 512 [ 79.312803][ T6193] EXT4-fs (loop1): Test dummy encryption mode enabled [ 79.335185][ T6193] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 79.403876][ T6193] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 79.471536][ T6193] EXT4-fs error (device loop1): ext4_orphan_get:1425: comm syz.1.151: bad orphan inode 131083 [ 79.520435][ T6210] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 79.548247][ T6193] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 79.731014][ T5796] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.944433][ T6222] binder: 6219:6222 ioctl c018620c 2000000001c0 returned -22 [ 80.004251][ T8] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 80.038945][ T6196] loop2: detected capacity change from 0 to 32768 [ 80.123158][ T6196] ERROR: (device loop2): dtSearch: DT_GETPAGE: dtree page corrupt [ 80.123158][ T6196] [ 80.163875][ T6196] ERROR: (device loop2): remounting filesystem as read-only [ 80.193424][ T6196] jfs_lookup: dtSearch returned -5 [ 80.207918][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 80.265862][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 80.302525][ T8] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 80.334821][ T8] usb 4-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 80.358996][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 80.365031][ T6230] netlink: 16 bytes leftover after parsing attributes in process `syz.1.168'. [ 80.377097][ T8] usb 4-1: Product: syz [ 80.392838][ T8] usb 4-1: Manufacturer: syz [ 80.407639][ T8] usb 4-1: SerialNumber: syz [ 80.456129][ T8] usb 4-1: config 0 descriptor?? [ 80.771889][ T6243] sctp: [Deprecated]: syz.2.174 (pid 6243) Use of int in max_burst socket option. [ 80.771889][ T6243] Use struct sctp_assoc_value instead [ 80.914456][ T6250] capability: warning: `syz.0.177' uses deprecated v2 capabilities in a way that may be insecure [ 80.919809][ T786] usb 4-1: USB disconnect, device number 2 [ 81.499380][ T6270] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: invalid value (0) [ 81.522299][ T6270] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: allowed values 1 - 65535 [ 81.796165][ T967] cfg80211: failed to load regulatory.db [ 82.123962][ T6290] Non-string source [ 82.781203][ T6315] netlink: 4268 bytes leftover after parsing attributes in process `syz.2.209'. [ 82.798407][ T6317] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 83.034407][ T6329] netlink: 4 bytes leftover after parsing attributes in process `syz.1.216'. [ 83.481603][ T6349] netlink: zone id is out of range [ 83.880609][ T6361] trusted_key: encrypted_key: keylen parameter is missing [ 83.946350][ T6363] nfs: Deprecated parameter 'nointr' [ 84.307257][ T6377] loop2: detected capacity change from 0 to 2048 [ 84.334342][ T6383] kAFS: unable to lookup cell '' [ 84.408455][ T6377] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 85.039085][ T6407] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow [ 85.403314][ T6420] loop3: detected capacity change from 0 to 512 [ 85.495448][ T6420] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.541597][ T6420] ext4 filesystem being mounted at /73/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 85.626113][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.798702][ T6438] netlink: 68 bytes leftover after parsing attributes in process `syz.1.270'. [ 85.820088][ T6438] netlink: 24 bytes leftover after parsing attributes in process `syz.1.270'. [ 86.237711][ T6460] loop2: detected capacity change from 0 to 512 [ 86.266944][ T6460] EXT4-fs: Ignoring removed mblk_io_submit option [ 86.316514][ T6460] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13 [ 86.397491][ T6460] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.279: attempt to clear invalid blocks 2 len 1 [ 86.486618][ T6460] EXT4-fs (loop2): Remounting filesystem read-only [ 86.506621][ T6460] EXT4-fs (loop2): 1 truncate cleaned up [ 86.513511][ T6460] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 86.662298][ T6475] vlan1: entered allmulticast mode [ 86.678563][ T5793] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.684235][ T6475] veth0_vlan: entered allmulticast mode [ 86.773139][ T6479] loop0: detected capacity change from 0 to 1024 [ 86.953189][ T59] hfsplus: b-tree write err: -5, ino 4 [ 86.993306][ T6485] ntfs: (device loop1): ntfs_fill_super(): Unable to determine device size. [ 87.007774][ T6481] loop2: detected capacity change from 0 to 4096 [ 87.063927][ T6481] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 87.239965][ T6481] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 87.548832][ T6499] netlink: 20 bytes leftover after parsing attributes in process `syz.2.299'. [ 87.565298][ T6503] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 87.738848][ T6507] xt_hashlimit: overflow, rate too high: 1125899906842624 [ 87.888887][ T6513] loop0: detected capacity change from 0 to 1764 [ 87.923941][ T786] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 88.144038][ T786] usb 4-1: Using ep0 maxpacket: 16 [ 88.155073][ T786] usb 4-1: config 0 has no interfaces? [ 88.178932][ T786] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 88.204611][ T786] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.212661][ T786] usb 4-1: Product: syz [ 88.227550][ T786] usb 4-1: Manufacturer: syz [ 88.232204][ T786] usb 4-1: SerialNumber: syz [ 88.260932][ T786] r8152-cfgselector 4-1: config 0 descriptor?? [ 88.519539][ T786] usbip-host 4-1: 4-1 is not in match_busid table... skip! [ 88.629292][ T6543] loop2: detected capacity change from 0 to 512 [ 88.641451][ T6543] EXT4-fs: Ignoring removed bh option [ 88.671518][ T6543] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 88.694168][ T6543] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 88.719083][ T6543] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 88.751985][ T6543] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 88.764712][ T5778] usb 4-1: USB disconnect, device number 3 [ 88.766035][ T6543] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 88.891530][ T5793] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.977890][ T6552] netlink: 20 bytes leftover after parsing attributes in process `syz.2.325'. [ 89.011140][ T6554] SET target dimension over the limit! [ 89.011916][ T6552] veth2: entered promiscuous mode [ 89.027747][ T6552] veth2: entered allmulticast mode [ 89.075024][ T6556] loop1: detected capacity change from 0 to 256 [ 89.076128][ T967] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 89.142747][ T6556] FAT-fs (loop1): Directory bread(block 64) failed [ 89.157695][ T6556] FAT-fs (loop1): Directory bread(block 65) failed [ 89.178846][ T6556] FAT-fs (loop1): Directory bread(block 66) failed [ 89.210082][ T6556] FAT-fs (loop1): Directory bread(block 67) failed [ 89.217519][ T6556] FAT-fs (loop1): Directory bread(block 68) failed [ 89.224691][ T6556] FAT-fs (loop1): Directory bread(block 69) failed [ 89.240798][ T6556] FAT-fs (loop1): Directory bread(block 70) failed [ 89.253437][ T6556] FAT-fs (loop1): Directory bread(block 71) failed [ 89.262810][ T27] audit: type=1326 audit(1763577601.903:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6559 comm="syz.2.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfd5f8f749 code=0x7ffc0000 [ 89.285824][ T6556] FAT-fs (loop1): Directory bread(block 72) failed [ 89.285982][ T967] usb 1-1: config 1 has an invalid interface number: 105 but max is 0 [ 89.293125][ T6556] FAT-fs (loop1): Directory bread(block 73) failed [ 89.309575][ T27] audit: type=1326 audit(1763577601.903:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6559 comm="syz.2.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfd5f8f749 code=0x7ffc0000 [ 89.322495][ T967] usb 1-1: config 1 has no interface number 0 [ 89.381159][ T27] audit: type=1326 audit(1763577601.913:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6559 comm="syz.2.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=151 compat=0 ip=0x7fdfd5f8f749 code=0x7ffc0000 [ 89.385203][ T967] usb 1-1: config 1 interface 105 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 89.441471][ T6562] loop2: detected capacity change from 0 to 16 [ 89.468152][ T27] audit: type=1326 audit(1763577601.913:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6559 comm="syz.2.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfd5f8f749 code=0x7ffc0000 [ 89.487662][ T967] usb 1-1: config 1 interface 105 has no altsetting 0 [ 89.506523][ T6562] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 89.538141][ T967] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 89.567902][ T967] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.603924][ T967] usb 1-1: Product: syz [ 89.608148][ T967] usb 1-1: Manufacturer: syz [ 89.612777][ T967] usb 1-1: SerialNumber: syz [ 89.848954][ T967] aqc111: probe of 1-1:1.105 failed with error -22 [ 89.876796][ T6572] netlink: 'syz.1.335': attribute type 1 has an invalid length. [ 89.884799][ T6572] netlink: 161700 bytes leftover after parsing attributes in process `syz.1.335'. [ 89.971712][ T6574] loop2: detected capacity change from 0 to 16 [ 90.012841][ T6574] erofs: (device loop2): mounted with root inode @ nid 36. [ 90.123902][ T5778] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 90.135515][ T23] usb 1-1: USB disconnect, device number 4 [ 90.138855][ T6578] veth1_vlan: mtu greater than device maximum [ 90.307312][ T5778] usb 4-1: config 0 has an invalid interface number: 52 but max is 0 [ 90.321016][ T5778] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 90.333665][ T5778] usb 4-1: config 0 has no interface number 0 [ 90.348727][ T5778] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 90.371515][ T5778] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 90.383673][ T5778] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 90.401250][ T5778] usb 4-1: config 0 interface 52 has no altsetting 0 [ 90.405198][ T786] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 90.409802][ T5778] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 90.427976][ T5778] usb 4-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 90.436255][ T5778] usb 4-1: Manufacturer: syz [ 90.453120][ T5778] usb 4-1: config 0 descriptor?? [ 90.463324][ T5778] hub 4-1:0.52: bad descriptor, ignoring hub [ 90.470215][ T5778] hub: probe of 4-1:0.52 failed with error -5 [ 90.606364][ T786] usb 3-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 90.620722][ T786] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 90.631327][ T786] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 90.648751][ T786] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 90.657984][ T786] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.668418][ T786] usb 3-1: Product: syz [ 90.672632][ T786] usb 3-1: Manufacturer: syz [ 90.672972][ T5778] synaptics_usb 4-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 90.682106][ T786] usb 3-1: SerialNumber: syz [ 90.690336][ T5778] synaptics_usb: probe of 4-1:0.52 failed with error -5 [ 90.894047][ T23] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 90.915086][ T786] cdc_ncm 3-1:1.0: skipping garbage [ 90.934168][ T786] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 90.950585][ T786] cdc_ncm 3-1:1.0: bind() failure [ 90.976509][ T786] usb 3-1: USB disconnect, device number 3 [ 91.074382][ T5778] usb 4-1: USB disconnect, device number 4 [ 91.083896][ T23] usb 2-1: Using ep0 maxpacket: 16 [ 91.109086][ T23] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 91.129334][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.140702][ T23] usb 2-1: Product: syz [ 91.145234][ T23] usb 2-1: Manufacturer: syz [ 91.150725][ T23] usb 2-1: SerialNumber: syz [ 91.174032][ T23] r8152-cfgselector 2-1: config 0 descriptor?? [ 91.610513][ T23] r8152-cfgselector 2-1: Unknown version 0x0000 [ 91.645236][ T23] r8152-cfgselector 2-1: USB disconnect, device number 3 [ 91.690868][ T6619] loop3: detected capacity change from 0 to 256 [ 91.716383][ T6619] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x88000078, utbl_chksum : 0xe619d30d) [ 91.923690][ T6625] loop0: detected capacity change from 0 to 512 [ 91.955287][ T6625] EXT4-fs: Ignoring removed mblk_io_submit option [ 92.003235][ T6625] EXT4-fs (loop0): orphan cleanup on readonly fs [ 92.033403][ T6625] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 92.072119][ T6625] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.361: attempt to clear invalid blocks 2 len 1 [ 92.109692][ T6625] EXT4-fs (loop0): Remounting filesystem read-only [ 92.126780][ T6625] EXT4-fs (loop0): 1 truncate cleaned up [ 92.163465][ T6625] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 92.340778][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.388556][ T6627] loop3: detected capacity change from 0 to 32768 [ 92.411571][ T6627] (syz.3.362,6627,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 92.433309][ T6634] loop1: detected capacity change from 0 to 2048 [ 92.439580][ T6627] (syz.3.362,6627,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 92.480611][ T6634] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 92.515241][ T6627] JBD2: Ignoring recovery information on journal [ 92.551817][ T6643] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 92.558345][ T6634] syz.1.373: attempt to access beyond end of device [ 92.558345][ T6634] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 92.589369][ T6641] 9pnet: Found fid 0 not clunked [ 92.715990][ T6627] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 92.819280][ T6634] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 92.880497][ T6634] Remounting filesystem read-only [ 92.904683][ T6634] NILFS error (device loop1): nilfs_bmap_last_key: broken bmap (inode number=16) [ 92.940958][ T6634] NILFS (loop1): error -5 truncating bmap (ino=16) [ 93.058706][ T5796] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 93.071260][ T6652] warning: `syz.2.371' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 93.084186][ T5796] NILFS (loop1): discard dirty block: blocknr=39, size=1024 [ 93.093203][ T5796] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 93.105843][ T5786] ocfs2: Unmounting device (7,3) on (node local) [ 93.112592][ T5796] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 93.122534][ T5796] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 93.147833][ T5796] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer [ 93.776110][ T6672] netlink: 8 bytes leftover after parsing attributes in process `syz.1.381'. [ 93.833912][ T23] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 93.838262][ T6660] loop2: detected capacity change from 0 to 32768 [ 93.884039][ T6660] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 93.954773][ T786] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 94.018180][ T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 94.063486][ T23] usb 4-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82 [ 94.080810][ T5901] XFS (loop2): Metadata corruption detected at xfs_agf_verify+0x211/0x9b0, xfs_agf block 0x1 [ 94.094818][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.106672][ T5901] XFS (loop2): Unmount and run xfs_repair [ 94.112447][ T5901] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 94.122578][ T23] usb 4-1: config 0 descriptor?? [ 94.127876][ T5901] 00000000: 58 41 47 46 00 00 00 00 00 00 00 00 00 00 20 00 XAGF.......... . [ 94.139759][ T23] smsusb:smsusb_probe: board id=8, interface number 0 [ 94.146887][ T5901] 00000010: 00 00 00 01 00 00 00 02 00 00 00 05 00 00 00 01 ................ [ 94.147531][ T786] usb 1-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 94.156736][ T23] smsusb:smsusb_probe: Device initialized with return code -19 [ 94.173208][ T5901] 00000020: 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 06 ................ [ 94.182512][ T5901] 00000030: 00 00 00 06 00 00 0d cb 00 00 0d b8 00 00 00 00 ................ [ 94.193306][ T5901] 00000040: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 94.206414][ T786] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 94.212552][ T5901] 00000050: 00 00 00 01 00 00 00 01 00 00 00 06 00 00 00 01 ................ [ 94.235408][ T786] usb 1-1: Product: syz [ 94.239759][ T786] usb 1-1: Manufacturer: syz [ 94.243923][ T5901] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 94.249896][ T786] usb 1-1: SerialNumber: syz [ 94.263450][ T5901] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 94.281347][ T786] r8152-cfgselector 1-1: config 0 descriptor?? [ 94.286968][ T6660] XFS (loop2): metadata I/O error in "xfs_read_agf+0x27e/0x590" at daddr 0x1 len 1 error 117 [ 94.302632][ T6660] XFS (loop2): Error -117 reserving per-AG metadata reserve pool. [ 94.315114][ T6660] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_fs_reserve_ag_blocks+0x25e/0x2d0 (fs/xfs/xfs_fsops.c:592). Shutting down filesystem. [ 94.330922][ T6660] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 94.357128][ T6660] XFS (loop2): Ending clean mount [ 94.407583][ T5901] usb 4-1: USB disconnect, device number 5 [ 94.479580][ T5793] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 94.727600][ T786] r8152-cfgselector 1-1: Unknown version 0x0000 [ 94.757383][ T786] r8152-cfgselector 1-1: USB disconnect, device number 5 [ 95.003610][ T6701] MTD: Attempt to mount non-MTD device "./file0" [ 95.021523][ T6701] ./file0: Can't open blockdev [ 95.437655][ T6722] netlink: 84 bytes leftover after parsing attributes in process `syz.2.402'. [ 95.873975][ T5901] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 95.963342][ T6745] netlink: 'syz.0.414': attribute type 16 has an invalid length. [ 95.979293][ T6745] netlink: 'syz.0.414': attribute type 17 has an invalid length. [ 96.022643][ T6749] xt_l2tp: v2 doesn't support IP mode [ 96.063993][ T5901] usb 3-1: Using ep0 maxpacket: 8 [ 96.073660][ T5901] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 96.095265][ T5901] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 96.145970][ T5901] usb 3-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 96.191366][ T5901] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 96.204250][ T5901] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.222623][ T5901] usb 3-1: Product: syz [ 96.230347][ T5901] usb 3-1: Manufacturer: syz [ 96.243867][ T5901] usb 3-1: SerialNumber: syz [ 96.265066][ T5901] cdc_ncm 3-1:1.0: NCM or ECM functional descriptors missing [ 96.285756][ T5901] cdc_ncm 3-1:1.0: bind() failure [ 96.444087][ T5847] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 96.478973][ T5901] cdc_mbim 3-1:1.1: CDC Union missing and no IAD found [ 96.494667][ T5901] cdc_mbim 3-1:1.1: bind() failure [ 96.634392][ T5847] usb 4-1: Using ep0 maxpacket: 16 [ 96.656839][ T5847] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 96.669971][ T5847] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.679155][ T5847] usb 4-1: Product: syz [ 96.683506][ T5847] usb 4-1: Manufacturer: syz [ 96.689143][ T5847] usb 4-1: SerialNumber: syz [ 96.699914][ T5847] r8152-cfgselector 4-1: config 0 descriptor?? [ 96.740489][ T23] usb 3-1: USB disconnect, device number 4 [ 96.823133][ T6755] loop1: detected capacity change from 0 to 40427 [ 96.846468][ T6755] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 96.854592][ T6755] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 96.888421][ T6755] F2FS-fs (loop1): Found nat_bits in checkpoint [ 96.945874][ T5847] usbip-host 4-1: 4-1 is not in match_busid table... skip! [ 96.957699][ T3517] usb 4-1: config 0 descriptor?? [ 96.992740][ T6755] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 96.999980][ T5901] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 97.008161][ T6755] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 97.180588][ T5884] usb 4-1: USB disconnect, device number 6 [ 97.189935][ T3517] usb 4-1: can't set config #0, error -71 [ 97.205865][ T5901] usb 1-1: config 0 has an invalid interface number: 235 but max is 0 [ 97.216640][ T5901] usb 1-1: config 0 has no interface number 0 [ 97.222782][ T5901] usb 1-1: config 0 interface 235 altsetting 16 endpoint 0x5 has an invalid bInterval 0, changing to 10 [ 97.234521][ T5901] usb 1-1: config 0 interface 235 altsetting 16 endpoint 0x5 has invalid wMaxPacketSize 0 [ 97.245246][ T5901] usb 1-1: config 0 interface 235 has no altsetting 0 [ 97.258544][ T5901] usb 1-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice=3e.18 [ 97.267851][ T5901] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.278539][ T5901] usb 1-1: Product: syz [ 97.282742][ T5901] usb 1-1: Manufacturer: syz [ 97.289876][ T5901] usb 1-1: SerialNumber: syz [ 97.300329][ T5901] usb 1-1: config 0 descriptor?? [ 97.312050][ T5901] keyspan 1-1:0.235: Keyspan 1 port adapter converter detected [ 97.336197][ T5901] keyspan 1-1:0.235: found no endpoint descriptor for endpoint 87 [ 97.348699][ T5901] keyspan 1-1:0.235: found no endpoint descriptor for endpoint 7 [ 97.385690][ T5901] keyspan 1-1:0.235: found no endpoint descriptor for endpoint 81 [ 97.399598][ T5901] keyspan 1-1:0.235: found no endpoint descriptor for endpoint 1 [ 97.408013][ T5901] keyspan 1-1:0.235: found no endpoint descriptor for endpoint 85 [ 97.424705][ T5901] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 97.596115][ T5901] usb 1-1: USB disconnect, device number 6 [ 97.615062][ T5901] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 97.644689][ T5901] keyspan 1-1:0.235: device disconnected [ 97.734899][ T6773] netlink: 11 bytes leftover after parsing attributes in process `syz.2.427'. [ 98.098381][ T6790] Illegal XDP return value 4294967282 on prog (id 27) dev N/A, expect packet loss! [ 98.294456][ T6796] xt_TCPMSS: Only works on TCP SYN packets [ 98.860538][ T6823] x_tables: duplicate underflow at hook 2 [ 98.968577][ T6826] loop0: detected capacity change from 0 to 256 [ 99.073937][ T6826] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001034b, chksum : 0x6322ccb6, utbl_chksum : 0xe619d30d) [ 99.646021][ T6818] loop3: detected capacity change from 0 to 40427 [ 99.688700][ T6818] F2FS-fs (loop3): invalid crc value [ 100.024090][ T6818] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 100.316055][ T6842] loop0: detected capacity change from 0 to 32768 [ 100.683768][ T6873] netlink: 104 bytes leftover after parsing attributes in process `syz.1.473'. [ 100.715874][ T6873] netlink: 8 bytes leftover after parsing attributes in process `syz.1.473'. [ 101.719442][ T6910] netlink: 4 bytes leftover after parsing attributes in process `syz.2.488'. [ 101.778114][ T6884] loop1: detected capacity change from 0 to 32768 [ 101.872523][ T6884] JBD2: Invalid start block of journal: 67108866 [ 101.901657][ T6884] (syz.1.479,6884,0):ocfs2_journal_init:973 ERROR: Linux journal layer error [ 101.929951][ T6884] (syz.1.479,6884,1):ocfs2_check_volume:2403 ERROR: Could not initialize journal! [ 101.939773][ T6884] (syz.1.479,6884,1):ocfs2_check_volume:2488 ERROR: status = -22 [ 101.950316][ T6884] (syz.1.479,6884,0):ocfs2_mount_volume:1820 ERROR: status = -22 [ 101.962799][ T6884] (syz.1.479,6884,0):ocfs2_fill_super:1178 ERROR: status = -22 [ 103.020475][ T6954] loop0: detected capacity change from 0 to 4096 [ 103.039359][ T6954] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512). [ 103.206604][ T6954] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 103.849858][ T6976] netlink: 76 bytes leftover after parsing attributes in process `syz.0.518'. [ 103.920154][ T6950] loop2: detected capacity change from 0 to 40427 [ 103.987968][ T6950] F2FS-fs (loop2): invalid crc value [ 104.043349][ T6950] F2FS-fs (loop2): Found nat_bits in checkpoint [ 104.255162][ T6950] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 104.475542][ T6999] vlan1: entered allmulticast mode [ 104.494382][ T6999] veth0_vlan: entered allmulticast mode [ 104.667378][ T7003] nfs: Deprecated parameter 'nointr' [ 104.882384][ T7011] loop0: detected capacity change from 0 to 2048 [ 104.908720][ T7011] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 104.969689][ T7017] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 104.969970][ T7011] syz.0.534: attempt to access beyond end of device [ 104.969970][ T7011] loop0: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 105.044219][ T7018] Invalid ELF header magic: != ELF [ 105.122219][ T7011] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 105.150607][ T7011] Remounting filesystem read-only [ 105.160532][ T7011] NILFS error (device loop0): nilfs_bmap_last_key: broken bmap (inode number=16) [ 105.184058][ T7011] NILFS (loop0): error -5 truncating bmap (ino=16) [ 105.226048][ T7022] netlink: 'syz.3.538': attribute type 10 has an invalid length. [ 105.249048][ T7024] loop1: detected capacity change from 0 to 8 [ 105.368088][ T5789] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 105.381534][ T7022] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 105.382519][ T7028] loop2: detected capacity change from 0 to 1024 [ 105.393831][ T5789] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 105.421271][ T5789] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 105.445451][ T5789] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 105.457154][ T7028] EXT4-fs (loop2): Test dummy encryption mode enabled [ 105.470453][ T5789] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 105.498360][ T5789] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 105.502117][ T7028] EXT4-fs (loop2): stripe (7) is not aligned with cluster size (16), stripe is disabled [ 105.604137][ T7028] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.686675][ T7035] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode [ 105.698083][ T7028] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2249: inode #15: comm syz.2.540: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 105.730120][ T7038] MTD: Attempt to mount non-MTD device "./file0" [ 105.762090][ T7038] ./file0: Can't open blockdev [ 105.853145][ T7043] syz.0.543 uses obsolete (PF_INET,SOCK_PACKET) [ 105.859964][ T5793] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.322639][ T7063] netlink: 28 bytes leftover after parsing attributes in process `syz.2.552'. [ 106.351176][ T7063] netlink: 24 bytes leftover after parsing attributes in process `syz.2.552'. [ 106.830654][ T7075] [U] ^R [ 106.852825][ T7077] netlink: 20 bytes leftover after parsing attributes in process `syz.1.556'. [ 106.869959][ T7077] veth2: entered promiscuous mode [ 106.879505][ T7077] veth2: entered allmulticast mode [ 107.043057][ T7058] loop3: detected capacity change from 0 to 32768 [ 107.079052][ T7058] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop3 scanned by syz.3.549 (7058) [ 107.200162][ T7058] BTRFS info (device loop3): first mount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 107.233474][ T7051] loop0: detected capacity change from 0 to 40427 [ 107.254812][ T7058] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 107.269043][ T7051] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 107.297715][ T7058] BTRFS info (device loop3): turning on flush-on-commit [ 107.307977][ T7051] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 107.324993][ T7058] BTRFS info (device loop3): turning off barriers [ 107.331472][ T7058] BTRFS info (device loop3): turning on sync discard [ 107.366634][ T7058] BTRFS info (device loop3): using free space tree [ 107.393760][ T7051] F2FS-fs (loop0): Found nat_bits in checkpoint [ 107.607047][ T7111] loop2: detected capacity change from 0 to 8 [ 107.621807][ T7111] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 107.649458][ T6132] udevd[6132]: incorrect cramfs checksum on /dev/loop2 [ 107.651504][ T7111] cramfs: Error -5 while decompressing! [ 107.663405][ T7111] cramfs: ffffffff96fe1368(26)->ffff888058159000(4096) [ 107.683732][ T7051] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 107.689202][ T7111] cramfs: Error -3 while decompressing! [ 107.712727][ T7111] cramfs: ffffffff96fe1382(26)->ffff88805815a000(4096) [ 107.716123][ T7051] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 107.739783][ T7111] cramfs: Error -3 while decompressing! [ 107.742606][ T6132] udevd[6132]: incorrect cramfs checksum on /dev/loop2 [ 107.768443][ T7111] cramfs: ffffffff96fe139c(16)->ffff88805815b000(4096) [ 107.824804][ T7111] cramfs: Error -5 while decompressing! [ 107.830403][ T7111] cramfs: ffffffff96fe1368(26)->ffff888058159000(4096) [ 107.909190][ T27] audit: type=1800 audit(1763577620.553:7): pid=7111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.562" name="file2" dev="loop2" ino=348 res=0 errno=0 [ 107.969914][ T5786] BTRFS info (device loop3): last unmount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 108.293739][ T5888] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop3 scanned by udevd (5888) [ 108.320237][ T7127] netlink: 128 bytes leftover after parsing attributes in process `syz.3.564'. [ 108.324385][ T7129] unsupported nlmsg_type 40 [ 108.372545][ T7127] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 108.477843][ T7133] loop2: detected capacity change from 0 to 256 [ 108.633065][ T7133] FAT-fs (loop2): Directory bread(block 64) failed [ 108.673558][ T7133] FAT-fs (loop2): Directory bread(block 65) failed [ 108.700369][ T7133] FAT-fs (loop2): Directory bread(block 66) failed [ 108.717721][ T7133] FAT-fs (loop2): Directory bread(block 67) failed [ 108.732957][ T7133] FAT-fs (loop2): Directory bread(block 68) failed [ 108.775116][ T7133] FAT-fs (loop2): Directory bread(block 69) failed [ 108.802501][ T7133] FAT-fs (loop2): Directory bread(block 70) failed [ 108.818343][ T7133] FAT-fs (loop2): Directory bread(block 71) failed [ 108.854085][ T7133] FAT-fs (loop2): Directory bread(block 72) failed [ 108.879496][ T7133] FAT-fs (loop2): Directory bread(block 73) failed [ 109.173982][ T27] audit: type=1800 audit(1763577621.813:8): pid=7133 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.569" name="file1" dev="loop2" ino=1048596 res=0 errno=0 [ 109.599225][ T7167] netlink: 16 bytes leftover after parsing attributes in process `syz.2.579'. [ 109.954529][ T7171] loop3: detected capacity change from 0 to 4096 [ 109.974050][ T7171] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 110.063571][ T7171] ntfs: volume version 3.1. [ 110.471275][ T7195] loop2: detected capacity change from 0 to 2048 [ 110.514557][ T7195] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 110.594601][ T7198] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 110.605722][ T7195] syz.2.590: attempt to access beyond end of device [ 110.605722][ T7195] loop2: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 110.706145][ T7195] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 110.771993][ T7195] Remounting filesystem read-only [ 110.789945][ T7195] NILFS error (device loop2): nilfs_bmap_last_key: broken bmap (inode number=16) [ 110.822062][ T7195] NILFS (loop2): error -5 truncating bmap (ino=16) [ 110.912397][ T5793] NILFS (loop2): discard dirty page: offset=4096, ino=6 [ 110.955664][ T5793] NILFS (loop2): discard dirty block: blocknr=39, size=1024 [ 110.965569][ T5793] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 110.978392][ T5793] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 110.989262][ T5793] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 111.010146][ T5793] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer [ 111.030660][ T7214] netlink: 4268 bytes leftover after parsing attributes in process `syz.1.601'. [ 111.173980][ T5884] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 111.368780][ T5884] usb 1-1: config 0 has an invalid interface number: 52 but max is 0 [ 111.385055][ T5884] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 111.411785][ T5884] usb 1-1: config 0 has no interface number 0 [ 111.429961][ T5884] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 111.453897][ T5884] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 111.473149][ T5884] usb 1-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 111.490984][ T5884] usb 1-1: config 0 interface 52 has no altsetting 0 [ 111.515530][ T5884] usb 1-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 111.537473][ T5884] usb 1-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 111.559494][ T5884] usb 1-1: Manufacturer: syz [ 111.572741][ T5884] usb 1-1: config 0 descriptor?? [ 111.589970][ T5884] hub 1-1:0.52: bad descriptor, ignoring hub [ 111.603391][ T7232] netlink: 'syz.2.608': attribute type 10 has an invalid length. [ 111.604446][ T5884] hub: probe of 1-1:0.52 failed with error -5 [ 111.629981][ T7232] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.638915][ T7232] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.704198][ T7232] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.712324][ T7232] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.720691][ T7232] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.727909][ T7232] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.745953][ T7232] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 111.757092][ T7234] netlink: 'syz.1.609': attribute type 3 has an invalid length. [ 111.765230][ T7234] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 111.806298][ T5884] synaptics_usb 1-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 111.834145][ T5884] synaptics_usb: probe of 1-1:0.52 failed with error -5 [ 112.119739][ T7225] loop3: detected capacity change from 0 to 40427 [ 112.134608][ T7225] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 112.143119][ T7225] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 112.223643][ T7225] F2FS-fs (loop3): Found nat_bits in checkpoint [ 112.224604][ T5901] usb 1-1: USB disconnect, device number 7 [ 112.305355][ T23] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 112.341715][ T7225] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 112.349537][ T7225] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 112.509238][ T23] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 112.521168][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.543094][ T23] usb 3-1: Product: syz [ 112.549945][ T23] usb 3-1: Manufacturer: syz [ 112.558710][ T23] usb 3-1: SerialNumber: syz [ 112.580122][ T23] usb 3-1: config 0 descriptor?? [ 112.839382][ T23] hso 3-1:0.0: Failed to find BULK IN ep [ 112.874638][ T23] usb-storage 3-1:0.0: USB Mass Storage device detected [ 113.129679][ T5884] usb 3-1: USB disconnect, device number 5 [ 113.143309][ T7269] loop1: detected capacity change from 0 to 1024 [ 113.154279][ T7269] EXT4-fs: Ignoring removed nobh option [ 113.158219][ T7271] loop0: detected capacity change from 0 to 256 [ 113.166650][ T7269] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 113.215598][ T7269] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 113.240504][ T7269] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 113.272564][ T7269] overlay: filesystem on ./file0 is read-only [ 113.321227][ T7271] FAT-fs (loop0): Directory bread(block 64) failed [ 113.346756][ T7271] FAT-fs (loop0): Directory bread(block 65) failed [ 113.355285][ T7271] FAT-fs (loop0): Directory bread(block 66) failed [ 113.361999][ T7271] FAT-fs (loop0): Directory bread(block 67) failed [ 113.373951][ T7271] FAT-fs (loop0): Directory bread(block 68) failed [ 113.380511][ T7271] FAT-fs (loop0): Directory bread(block 69) failed [ 113.388548][ T7271] FAT-fs (loop0): Directory bread(block 70) failed [ 113.395470][ T7271] FAT-fs (loop0): Directory bread(block 71) failed [ 113.402786][ T7271] FAT-fs (loop0): Directory bread(block 72) failed [ 113.410293][ T7271] FAT-fs (loop0): Directory bread(block 73) failed [ 113.425582][ T5796] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.680061][ T7285] loop1: detected capacity change from 0 to 64 [ 113.759615][ T27] audit: type=1800 audit(1763577626.403:9): pid=7285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.631" name="file1" dev="loop1" ino=5 res=0 errno=0 [ 113.919620][ T7291] loop3: detected capacity change from 0 to 2048 [ 113.940926][ T7291] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 113.950955][ T7293] netlink: 666 bytes leftover after parsing attributes in process `syz.1.634'. [ 113.982860][ T7297] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 113.995311][ T7291] syz.3.633: attempt to access beyond end of device [ 113.995311][ T7291] loop3: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 114.081301][ T7291] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 114.118981][ T7291] Remounting filesystem read-only [ 114.136467][ T7291] NILFS error (device loop3): nilfs_bmap_last_key: broken bmap (inode number=16) [ 114.166128][ T7291] NILFS (loop3): error -5 truncating bmap (ino=16) [ 114.286751][ T5786] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 114.299729][ T5786] NILFS (loop3): discard dirty block: blocknr=39, size=1024 [ 114.330502][ T5786] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 114.352479][ T5786] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 114.370235][ T5786] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 114.380704][ T5786] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 115.044064][ T7334] netlink: 'syz.0.653': attribute type 10 has an invalid length. [ 115.079767][ T7334] netlink: 40 bytes leftover after parsing attributes in process `syz.0.653'. [ 115.099608][ T7336] loop2: detected capacity change from 0 to 512 [ 115.113979][ T7334] netlink: 'syz.0.653': attribute type 10 has an invalid length. [ 115.121752][ T7334] netlink: 40 bytes leftover after parsing attributes in process `syz.0.653'. [ 115.262775][ T7336] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.336124][ T7336] ext4 filesystem being mounted at /164/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 115.447880][ T7336] EXT4-fs error (device loop2): ext4_empty_dir:3136: inode #12: comm syz.2.654: invalid size [ 115.516837][ T27] audit: type=1400 audit(1763577628.163:10): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=3A273A02 pid=7354 comm="syz.3.662" [ 115.622454][ T7357] binder: 7356:7357 ioctl c018620c 2000000002c0 returned -1 [ 115.623573][ T5793] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.927875][ T27] audit: type=1326 audit(1763577628.573:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7370 comm="syz.2.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfd5f8f749 code=0x7ffc0000 [ 116.029691][ T27] audit: type=1326 audit(1763577628.573:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7370 comm="syz.2.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfd5f8f749 code=0x7ffc0000 [ 116.131758][ T27] audit: type=1326 audit(1763577628.603:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7370 comm="syz.2.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7fdfd5f8f749 code=0x7ffc0000 [ 116.190791][ T27] audit: type=1326 audit(1763577628.603:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7370 comm="syz.2.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfd5f8f749 code=0x7ffc0000 [ 116.913350][ T7413] loop0: detected capacity change from 0 to 4096 [ 116.963473][ T7413] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512). [ 117.534413][ T7441] loop2: detected capacity change from 0 to 8 [ 117.625164][ T7441] SQUASHFS error: xz decompression failed, data probably corrupt [ 117.640633][ T7441] SQUASHFS error: Failed to read block 0x108: -5 [ 117.681189][ T7441] SQUASHFS error: Unable to read metadata cache entry [106] [ 117.684961][ T7447] netlink: 'syz.3.708': attribute type 10 has an invalid length. [ 117.701927][ T7441] SQUASHFS error: Unable to read inode 0x11f [ 117.702552][ T7447] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.715876][ T7447] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.770311][ T7447] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.777609][ T7447] bridge0: port 2(bridge_slave_1) entered listening state [ 117.785064][ T7447] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.792232][ T7447] bridge0: port 1(bridge_slave_0) entered listening state [ 117.839498][ T7447] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 117.903670][ T7451] loop0: detected capacity change from 0 to 4096 [ 117.997556][ T7451] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 118.077427][ T7451] ntfs3: loop0: Failed to initialize $Extend/$Reparse. [ 118.091735][ T7455] mmap: syz.1.712 (7455): VmData 175878144 exceed data ulimit 10. Update limits or use boot option ignore_rlimit_data. [ 118.163464][ T7451] ntfs3: loop0: ino=5, "/" directory corrupted [ 118.213946][ T23] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 118.390433][ T7465] loop0: detected capacity change from 0 to 16 [ 118.402949][ T7465] erofs: (device loop0): mounted with root inode @ nid 36. [ 118.416333][ T23] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 118.432407][ T23] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 118.443212][ T23] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 33119, setting to 1024 [ 118.455750][ T23] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 118.485239][ T23] usb 3-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 118.498932][ T23] usb 3-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 118.523992][ T5901] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 118.533880][ T23] usb 3-1: Manufacturer: syz [ 118.556394][ T23] usb 3-1: config 0 descriptor?? [ 118.562938][ T7441] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 118.590120][ T23] smsusb:smsusb_probe: board id=9, interface number 0 [ 118.621859][ T23] smsusb:siano_media_device_register: media controller created [ 118.637714][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.645193][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.652525][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.659906][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.667244][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.676406][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.685034][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.693051][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.700367][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.707649][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.714949][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.722239][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.731070][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.738385][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.745662][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.752897][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.760127][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.767824][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.775149][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.782436][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.789744][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.797035][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.805139][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.812455][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.819710][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.827043][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.834281][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.841852][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.849167][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.856475][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.863786][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.871085][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.879122][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.886429][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.893716][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.901000][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.908787][ T23] smsmdtv:smscore_sendrequest_and_wait: sendrequest returned error -22 [ 118.918321][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.918414][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.918501][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.918585][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.918675][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.918757][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.918840][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.918922][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.919004][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.919090][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 118.993389][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.000694][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.007984][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.015268][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.022653][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.029933][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.037228][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.044521][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.051812][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.060881][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.068164][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.075429][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.082680][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.089917][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.097153][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.104389][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.111618][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.119864][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.127156][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.134441][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.141741][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.149547][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.156825][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.164110][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.171389][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.178682][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.187640][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.194948][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.202264][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.209581][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.217509][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.224833][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.232155][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.239515][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.246830][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.254774][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.262086][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.269386][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.272986][ T7480] netlink: 'syz.0.725': attribute type 1 has an invalid length. [ 119.276759][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.276817][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.299285][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.306560][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.314651][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.321963][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.329289][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.337140][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.344436][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.351715][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.358983][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.366274][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.373552][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.380839][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.395704][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.403015][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.410305][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.417851][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.425138][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.432425][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.439714][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.446997][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.454276][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.461548][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.468827][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.476107][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.483398][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.490801][ T5901] usb 2-1: config 0 has an invalid interface number: 120 but max is 0 [ 119.500074][ T5901] usb 2-1: config 0 has no interface number 0 [ 119.506849][ T5901] usb 2-1: config 0 interface 120 has no altsetting 0 [ 119.514089][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.521404][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.528713][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.536020][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.543312][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.550603][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.557904][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.565183][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.572838][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.580362][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.587645][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.594924][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.602285][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.609564][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.616834][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.624163][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.631393][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.642349][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.649758][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.657052][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.664347][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.671637][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.678930][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.686238][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.693536][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.700830][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.709252][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.716552][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.723835][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.731128][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.738430][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.745717][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.752972][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.760216][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.768630][ T23] smsmdtv:smscore_set_device_mode: mode detect failed -22 [ 119.779914][ T23] smsmdtv:smscore_start_device: set device mode failed , rc -22 [ 119.789612][ T23] smsusb:smsusb_init_device: smscore_start_device(...) failed [ 119.799370][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.806682][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.813972][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.822039][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.829361][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.836647][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.844356][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.851650][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.858938][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.867149][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.874543][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.881844][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.889450][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.896755][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.904062][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.911447][ T5901] usb 2-1: New USB device found, idVendor=13d8, idProduct=0010, bcdDevice=8f.72 [ 119.922328][ T5901] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.931058][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.938406][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.945742][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.953216][ T5901] usb 2-1: Product: syz [ 119.958234][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.958313][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.973484][ T5901] usb 2-1: Manufacturer: syz [ 119.978231][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 119.978318][ C1] smsusb:smsusb_onresponse: error, urb status -2, 0 bytes [ 119.994261][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 120.004913][ T23] ------------[ cut here ]------------ [ 120.011237][ T23] ODEBUG: free active (active state 0) object: ffff888059968b08 object type: work_struct hint: do_submit_urb+0x0/0x360 [ 120.024768][ T5778] ================================================================== [ 120.032837][ T5778] BUG: KASAN: slab-use-after-free in __lock_acquire+0xff/0x7c80 [ 120.040463][ T5778] Read of size 8 at addr ffff88805bee1098 by task kworker/1:3/5778 [ 120.048342][ T5778] [ 120.050669][ T5778] CPU: 1 PID: 5778 Comm: kworker/1:3 Not tainted syzkaller #0 [ 120.058192][ T5778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 120.068231][ T5778] Workqueue: events do_submit_urb [ 120.073366][ T5778] Call Trace: [ 120.076639][ T5778] [ 120.079577][ T5778] dump_stack_lvl+0x16c/0x230 [ 120.084253][ T5778] ? __lock_acquire+0x7c80/0x7c80 [ 120.089266][ T5778] ? show_regs_print_info+0x20/0x20 [ 120.094454][ T5778] ? load_image+0x3b0/0x3b0 [ 120.098947][ T5778] ? __virt_addr_valid+0x469/0x540 [ 120.104055][ T5778] print_report+0xac/0x220 [ 120.108457][ T5778] ? __lock_acquire+0xff/0x7c80 [ 120.113292][ T5778] kasan_report+0x117/0x150 [ 120.117782][ T5778] ? __lock_acquire+0xff/0x7c80 [ 120.122622][ T5778] __lock_acquire+0xff/0x7c80 [ 120.127288][ T5778] ? mark_lock+0x94/0x320 [ 120.131609][ T5778] ? __lock_acquire+0x1334/0x7c80 [ 120.136649][ T5778] ? mark_lock+0x94/0x320 [ 120.140967][ T5778] ? look_up_lock_class+0x75/0x140 [ 120.146071][ T5778] ? verify_lock_unused+0x140/0x140 [ 120.151255][ T5778] ? register_lock_class+0xb5/0x890 [ 120.156527][ T5778] ? is_dynamic_key+0x260/0x260 [ 120.161370][ T5778] ? mark_lock+0x94/0x320 [ 120.165689][ T5778] ? __lock_acquire+0x1334/0x7c80 [ 120.170697][ T5778] lock_acquire+0x197/0x410 [ 120.175185][ T5778] ? smscore_getbuffer+0xa9/0x440 [ 120.180197][ T5778] ? read_lock_is_recursive+0x20/0x20 [ 120.185645][ T5778] _raw_spin_lock_irqsave+0xa8/0xf0 [ 120.190831][ T5778] ? smscore_getbuffer+0xa9/0x440 [ 120.195839][ T5778] ? _raw_spin_lock+0x40/0x40 [ 120.200501][ T5778] smscore_getbuffer+0xa9/0x440 [ 120.205424][ T5778] ? smscore_onresponse+0xf10/0xf10 [ 120.210619][ T5778] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 120.216586][ T5778] ? read_lock_is_recursive+0x20/0x20 [ 120.221951][ T5778] do_submit_urb+0x98/0x360 [ 120.226443][ T5778] ? process_scheduled_works+0x957/0x15b0 [ 120.232150][ T5778] ? process_scheduled_works+0x957/0x15b0 [ 120.237851][ T5778] process_scheduled_works+0xa45/0x15b0 [ 120.243394][ T5778] ? assign_work+0x400/0x400 [ 120.247971][ T5778] ? assign_work+0x39e/0x400 [ 120.252552][ T5778] worker_thread+0xa55/0xfc0 [ 120.257128][ T5778] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 120.263004][ T5778] ? _raw_spin_unlock+0x40/0x40 [ 120.267838][ T5778] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 120.273723][ T5778] kthread+0x2fa/0x390 [ 120.277778][ T5778] ? pr_cont_work+0x560/0x560 [ 120.282439][ T5778] ? kthread_blkcg+0xd0/0xd0 [ 120.287016][ T5778] ret_from_fork+0x48/0x80 [ 120.291429][ T5778] ? kthread_blkcg+0xd0/0xd0 [ 120.296025][ T5778] ret_from_fork_asm+0x11/0x20 [ 120.300799][ T5778] [ 120.303855][ T5778] [ 120.306184][ T5778] Allocated by task 23: [ 120.310327][ T5778] kasan_set_track+0x4e/0x70 [ 120.314929][ T5778] __kasan_kmalloc+0x8f/0xa0 [ 120.319507][ T5778] smscore_register_device+0x63/0x10f0 [ 120.325056][ T5778] smsusb_probe+0x1362/0x1da0 [ 120.329726][ T5778] usb_probe_interface+0x5a4/0xb00 [ 120.334828][ T5778] really_probe+0x25b/0xb40 [ 120.339315][ T5778] __driver_probe_device+0x18c/0x330 [ 120.344583][ T5778] driver_probe_device+0x4f/0x420 [ 120.349603][ T5778] __device_attach_driver+0x2ca/0x520 [ 120.354961][ T5778] bus_for_each_drv+0x24b/0x2d0 [ 120.359795][ T5778] __device_attach+0x2b5/0x400 [ 120.364541][ T5778] bus_probe_device+0x180/0x260 [ 120.369370][ T5778] device_add+0x85b/0xc20 [ 120.373771][ T5778] usb_set_configuration+0x1a79/0x20c0 [ 120.379223][ T5778] usb_generic_driver_probe+0x8d/0x150 [ 120.384666][ T5778] usb_probe_device+0x13d/0x280 [ 120.389505][ T5778] really_probe+0x25b/0xb40 [ 120.393993][ T5778] __driver_probe_device+0x18c/0x330 [ 120.399257][ T5778] driver_probe_device+0x4f/0x420 [ 120.404263][ T5778] __device_attach_driver+0x2ca/0x520 [ 120.409615][ T5778] bus_for_each_drv+0x24b/0x2d0 [ 120.414447][ T5778] __device_attach+0x2b5/0x400 [ 120.419198][ T5778] bus_probe_device+0x180/0x260 [ 120.424031][ T5778] device_add+0x85b/0xc20 [ 120.428348][ T5778] usb_new_device+0xa31/0x1630 [ 120.433091][ T5778] hub_event+0x2962/0x49c0 [ 120.437489][ T5778] process_scheduled_works+0xa45/0x15b0 [ 120.443365][ T5778] worker_thread+0xa55/0xfc0 [ 120.447936][ T5778] kthread+0x2fa/0x390 [ 120.451989][ T5778] ret_from_fork+0x48/0x80 [ 120.456398][ T5778] ret_from_fork_asm+0x11/0x20 [ 120.461148][ T5778] [ 120.463456][ T5778] Freed by task 23: [ 120.467242][ T5778] kasan_set_track+0x4e/0x70 [ 120.471816][ T5778] kasan_save_free_info+0x2e/0x50 [ 120.476826][ T5778] ____kasan_slab_free+0x126/0x1e0 [ 120.481920][ T5778] slab_free_freelist_hook+0x130/0x1b0 [ 120.487371][ T5778] __kmem_cache_free+0xba/0x1f0 [ 120.492212][ T5778] smscore_unregister_device+0x603/0x6e0 [ 120.497828][ T5778] smsusb_term_device+0x18f/0x220 [ 120.502838][ T5778] smsusb_probe+0x1708/0x1da0 [ 120.507501][ T5778] usb_probe_interface+0x5a4/0xb00 [ 120.512603][ T5778] really_probe+0x25b/0xb40 [ 120.517089][ T5778] __driver_probe_device+0x18c/0x330 [ 120.522369][ T5778] driver_probe_device+0x4f/0x420 [ 120.527380][ T5778] __device_attach_driver+0x2ca/0x520 [ 120.532737][ T5778] bus_for_each_drv+0x24b/0x2d0 [ 120.537573][ T5778] __device_attach+0x2b5/0x400 [ 120.542325][ T5778] bus_probe_device+0x180/0x260 [ 120.547169][ T5778] device_add+0x85b/0xc20 [ 120.551511][ T5778] usb_set_configuration+0x1a79/0x20c0 [ 120.556960][ T5778] usb_generic_driver_probe+0x8d/0x150 [ 120.562405][ T5778] usb_probe_device+0x13d/0x280 [ 120.567247][ T5778] really_probe+0x25b/0xb40 [ 120.571734][ T5778] __driver_probe_device+0x18c/0x330 [ 120.577005][ T5778] driver_probe_device+0x4f/0x420 [ 120.582013][ T5778] __device_attach_driver+0x2ca/0x520 [ 120.587803][ T5778] bus_for_each_drv+0x24b/0x2d0 [ 120.592637][ T5778] __device_attach+0x2b5/0x400 [ 120.597385][ T5778] bus_probe_device+0x180/0x260 [ 120.602216][ T5778] device_add+0x85b/0xc20 [ 120.606531][ T5778] usb_new_device+0xa31/0x1630 [ 120.611275][ T5778] hub_event+0x2962/0x49c0 [ 120.615673][ T5778] process_scheduled_works+0xa45/0x15b0 [ 120.621203][ T5778] worker_thread+0xa55/0xfc0 [ 120.625779][ T5778] kthread+0x2fa/0x390 [ 120.629846][ T5778] ret_from_fork+0x48/0x80 [ 120.634273][ T5778] ret_from_fork_asm+0x11/0x20 [ 120.639371][ T5778] [ 120.641678][ T5778] The buggy address belongs to the object at ffff88805bee1000 [ 120.641678][ T5778] which belongs to the cache kmalloc-2k of size 2048 [ 120.655725][ T5778] The buggy address is located 152 bytes inside of [ 120.655725][ T5778] freed 2048-byte region [ffff88805bee1000, ffff88805bee1800) [ 120.669677][ T5778] [ 120.671984][ T5778] The buggy address belongs to the physical page: [ 120.678384][ T5778] page:ffffea00016fb800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5bee0 [ 120.688521][ T5778] head:ffffea00016fb800 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 120.697438][ T5778] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 120.705407][ T5778] page_type: 0xffffffff() [ 120.709717][ T5778] raw: 00fff00000000840 ffff888017842000 dead000000000100 dead000000000122 [ 120.718280][ T5778] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 120.726843][ T5778] page dumped because: kasan: bad access detected [ 120.733244][ T5778] page_owner tracks the page as allocated [ 120.738949][ T5778] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5938, tgid 5937 (syz.0.31), ts 70988697022, free_ts 15521456276 [ 120.761335][ T5778] post_alloc_hook+0x1cd/0x210 [ 120.766091][ T5778] get_page_from_freelist+0x195c/0x19f0 [ 120.771634][ T5778] __alloc_pages+0x1e3/0x460 [ 120.776210][ T5778] alloc_slab_page+0x5d/0x170 [ 120.780872][ T5778] new_slab+0x87/0x2e0 [ 120.784924][ T5778] ___slab_alloc+0xc6d/0x1300 [ 120.789585][ T5778] __kmem_cache_alloc_node+0x1a2/0x260 [ 120.795029][ T5778] __kmalloc+0xa4/0x240 [ 120.799170][ T5778] hfsplus_find_init+0x89/0x1d0 [ 120.804003][ T5778] hfsplus_iget+0x3cb/0x800 [ 120.808486][ T5778] hfsplus_lookup+0x778/0x890 [ 120.813144][ T5778] __lookup_slow+0x281/0x3b0 [ 120.817721][ T5778] lookup_slow+0x53/0x70 [ 120.821946][ T5778] walk_component+0x2be/0x3f0 [ 120.826604][ T5778] path_lookupat+0x169/0x440 [ 120.831187][ T5778] filename_lookup+0x1f4/0x510 [ 120.835937][ T5778] page last free stack trace: [ 120.840588][ T5778] free_unref_page_prepare+0x7ce/0x8e0 [ 120.846031][ T5778] free_unref_page+0x32/0x2e0 [ 120.850705][ T5778] free_contig_range+0xa1/0x160 [ 120.855537][ T5778] destroy_args+0x80/0x850 [ 120.859943][ T5778] debug_vm_pgtable+0x3cc/0x410 [ 120.864790][ T5778] do_one_initcall+0x1fd/0x750 [ 120.869543][ T5778] do_initcall_level+0x137/0x1f0 [ 120.874474][ T5778] do_initcalls+0x69/0xd0 [ 120.878874][ T5778] kernel_init_freeable+0x3d2/0x570 [ 120.884055][ T5778] kernel_init+0x1d/0x1c0 [ 120.888368][ T5778] ret_from_fork+0x48/0x80 [ 120.892764][ T5778] ret_from_fork_asm+0x11/0x20 [ 120.897516][ T5778] [ 120.899822][ T5778] Memory state around the buggy address: [ 120.905447][ T5778] ffff88805bee0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 120.913512][ T5778] ffff88805bee1000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 120.921560][ T5778] >ffff88805bee1080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 120.929601][ T5778] ^ [ 120.934436][ T5778] ffff88805bee1100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 120.942504][ T5778] ffff88805bee1180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 120.950557][ T5778] ================================================================== [ 120.958644][ T5778] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 120.965824][ T5778] CPU: 1 PID: 5778 Comm: kworker/1:3 Not tainted syzkaller #0 [ 120.973270][ T5778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 120.983310][ T5778] Workqueue: events do_submit_urb [ 120.988330][ T5778] Call Trace: [ 120.991590][ T5778] [ 120.994509][ T5778] dump_stack_lvl+0x16c/0x230 [ 120.999182][ T5778] ? show_regs_print_info+0x20/0x20 [ 121.004369][ T5778] ? load_image+0x3b0/0x3b0 [ 121.008860][ T5778] panic+0x2c0/0x710 [ 121.012738][ T5778] ? bpf_jit_dump+0xd0/0xd0 [ 121.017222][ T5778] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 121.023096][ T5778] ? _raw_spin_unlock+0x40/0x40 [ 121.027928][ T5778] ? print_memory_metadata+0x314/0x400 [ 121.033372][ T5778] ? __lock_acquire+0xff/0x7c80 [ 121.038206][ T5778] check_panic_on_warn+0x84/0xa0 [ 121.043130][ T5778] ? __lock_acquire+0xff/0x7c80 [ 121.047964][ T5778] end_report+0x6f/0x140 [ 121.052193][ T5778] kasan_report+0x128/0x150 [ 121.056681][ T5778] ? __lock_acquire+0xff/0x7c80 [ 121.061516][ T5778] __lock_acquire+0xff/0x7c80 [ 121.066177][ T5778] ? mark_lock+0x94/0x320 [ 121.070494][ T5778] ? __lock_acquire+0x1334/0x7c80 [ 121.075507][ T5778] ? mark_lock+0x94/0x320 [ 121.079820][ T5778] ? look_up_lock_class+0x75/0x140 [ 121.084919][ T5778] ? verify_lock_unused+0x140/0x140 [ 121.090101][ T5778] ? register_lock_class+0xb5/0x890 [ 121.095285][ T5778] ? is_dynamic_key+0x260/0x260 [ 121.100120][ T5778] ? mark_lock+0x94/0x320 [ 121.104432][ T5778] ? __lock_acquire+0x1334/0x7c80 [ 121.109440][ T5778] lock_acquire+0x197/0x410 [ 121.113926][ T5778] ? smscore_getbuffer+0xa9/0x440 [ 121.118935][ T5778] ? read_lock_is_recursive+0x20/0x20 [ 121.124293][ T5778] _raw_spin_lock_irqsave+0xa8/0xf0 [ 121.129472][ T5778] ? smscore_getbuffer+0xa9/0x440 [ 121.134488][ T5778] ? _raw_spin_lock+0x40/0x40 [ 121.139153][ T5778] smscore_getbuffer+0xa9/0x440 [ 121.143993][ T5778] ? smscore_onresponse+0xf10/0xf10 [ 121.149178][ T5778] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 121.155142][ T5778] ? read_lock_is_recursive+0x20/0x20 [ 121.160529][ T5778] do_submit_urb+0x98/0x360 [ 121.165035][ T5778] ? process_scheduled_works+0x957/0x15b0 [ 121.170748][ T5778] ? process_scheduled_works+0x957/0x15b0 [ 121.176469][ T5778] process_scheduled_works+0xa45/0x15b0 [ 121.182291][ T5778] ? assign_work+0x400/0x400 [ 121.186884][ T5778] ? assign_work+0x39e/0x400 [ 121.191470][ T5778] worker_thread+0xa55/0xfc0 [ 121.196050][ T5778] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 121.201928][ T5778] ? _raw_spin_unlock+0x40/0x40 [ 121.206764][ T5778] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 121.212643][ T5778] kthread+0x2fa/0x390 [ 121.216695][ T5778] ? pr_cont_work+0x560/0x560 [ 121.221364][ T5778] ? kthread_blkcg+0xd0/0xd0 [ 121.225949][ T5778] ret_from_fork+0x48/0x80 [ 121.230368][ T5778] ? kthread_blkcg+0xd0/0xd0 [ 121.234944][ T5778] ret_from_fork_asm+0x11/0x20 [ 121.239703][ T5778] [ 121.242942][ T5778] Kernel Offset: disabled [ 121.247253][ T5778] Rebooting in 86400 seconds..