last executing test programs: 14m45.614929505s ago: executing program 32 (id=317): r0 = socket$packet(0x11, 0x3, 0x300) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_submit(r1, 0x1, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) 14m7.96318487s ago: executing program 33 (id=505): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)={0x3c, r0, 0x101, 0x0, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_KEYS={0x8, 0x51, 0x0, 0x1, [{0x4}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x3c}}, 0x4004880) 11m30.032155135s ago: executing program 4 (id=1070): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000400)=[{0x6, 0x1, 0x2, 0x7fff7ffc}]}) r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) dup3(r2, r1, 0x80000) close_range(r0, 0xffffffffffffffff, 0x0) 11m28.983243992s ago: executing program 4 (id=1075): r0 = socket(0x40000000015, 0x5, 0x0) r1 = syz_io_uring_setup(0x49b, &(0x7f0000001200)={0x0, 0xe195, 0x8, 0xffffffff, 0x3b5}, &(0x7f00000011c0)=0x0, &(0x7f0000000ec0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="f000000000000000010000005eb7000075177ff3309da1d8c85f82edfed4bb53954223bd9d5ed15e772b9f42bc28de83c35f12ef0e5a50ee1e38bc77ee86a3f8536afe510f411731dd16ccd50ef88788e58b91dcb90a33af1104b199f023b2f1e848bd5ff446f4329d0c647852abf81992adc4ced5ba47f8037ae4306f519b835659f6a0160f94ec6b6265ff069a1950dd0e47a544f92d6fe23183dd00ebcd83cc8940e4e153f0ac7f22c599dc6a4241df91d1b88b78ac2a3b5b8a927325d8fa797bd2a1b20c129daae788155431779e9208e1afc14ac6d27d2124c6db6569a7e89a1df7a849af490ace439998b27e008800"], 0x438}, 0x0, 0x12f4c4729764eade, 0x1}) io_uring_enter(r1, 0x3516, 0xa000fe, 0x20, 0x0, 0x5a) 11m27.543092089s ago: executing program 4 (id=1078): socket$unix(0x1, 0x1, 0x0) r0 = io_uring_setup(0x1ad2, &(0x7f0000000000)={0x0, 0x1100, 0x0, 0xfffffffe, 0x3d0}) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x3) 11m26.625814359s ago: executing program 4 (id=1082): syz_mount_image$ext4(&(0x7f0000000540)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x88, &(0x7f0000000240)={[{@nogrpid}, {@min_batch_time}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@nobarrier}, {@nodiscard}, {@test_dummy_encryption}]}, 0x3, 0x45c, &(0x7f0000000580)="$eJzs282PU1UbAPDndlq+eWdegh98qKNoJH7MMAMiCzcaTVxoYqILdDfODAQpjGHGRAjR0RhcGhIX7ojuTPwLXOnGKCsTt7o3JMSwAVnV3PbeoS1tKbW0YH+/pPSc3nNznod7T++590wDGFmT6T9JxJaI+D0ixmvVxgaTtbdrV87O/33l7HwSlcqbfyXVdlevnJ3Pm+b7bc4rxYjCZ0nsatHv8ukzx+fK5cVTWX165cT708unzzx77MTc0cWjiydnDx06sH/m+YOzz/UlzzSvqzs/Wtq949W3z78+f/j8u798l+T5N+XRJ5OdNj5RqfS5u+HaWldOivHNV0OMhe6N1YZplKrjfzzGqrWa8Xjl06EGB9xRlUqlcn/7zasV4D8siWFHAAxHfqFP73/z14CmHneFyy/WboDSvK9lr9qWYhSyNqWm+9t+moyIw6vXL6SvuDPPIQAAGvyQzn+eaTX/K0T9c6H/ZWsoExHx/4jYFhEHI2J7RNwXUW37QEQ8eJv9Ny+S3Dz/KVzqKbEupfO/F7K1rcb5Xz77i4mxrLa1mn8pOXKsvLgv+z/ZG6X1aX2mQx8/vvzbF+22Ved/payyev1C2n8+F8ziuFRc37jPwtzKXK/5Nrv8ScTOYqv8k7WVgCQidkTEzh77OPbUt7vbbauf/x5umX8HxR4DqlP5OuLJ2vFfjab8c0nn9cnpDVFe3DednxU3u/jruTfa9f+v8u+D9Phvann+r5lI6tdrl2+/j3N/fN72nubW+bc+/9clb1XL+VH6cG5l5dRMxLrktVrQ9Z/P3tg3r+ft0/z37mk9/rdl+6R97IqI9CR+KCIejohHstgfjYjHImJPh/x/funx93rPv8GGDt30JM1/oeXxXzv/m47/jcK6aP6kdWHs+E/fN3Q6cTv5p8f/QLW0N/ukm++/buLq7WwGAACAe08hIrZEUphaKxcKU1O1v+HfHpsK5aXllaePLH1wcqH2G4GJKBXyJ13jdc9DZ7Lb+rw+21Tfnz03/nJsY7U+Nb9UXhh28jDiNrcZ/6k/x4YdHXDH9WEdDbhHGf8wuox/GF3GP4yuFuN/Y/Z+cdCxAIPV6vr/8RDiAAavafxb9oMR4v4fRlc34/+dAcQBDJ7rP4yk5Y1x6x/JKyjcVIhCN42T7Npyd8Ss0H1h2N9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/fFPAAAA//8eWuDl") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f0000020240)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000480)='.\x00', 0x10000, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x8004587d, &(0x7f0000000080)={@id={0x2, 0x0, @a}}) pivot_root(&(0x7f00000000c0)='./file0/file0\x00', 0x0) 11m24.471035472s ago: executing program 4 (id=1088): r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0xfffe, 0xfffffff9, @dev={0xfe, 0x80, '\x00', 0x40}, 0x2}, 0x1c) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000840)={'batadv_slave_0\x00', 0x0}) sendmmsg$inet6(r0, &(0x7f0000001040)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)=[@pktinfo={{0x24, 0x29, 0x32, {@private1={0xfc, 0x1, '\x00', 0x1}, r2}}}], 0x28}}], 0x2, 0x4001c00) 11m23.482807078s ago: executing program 4 (id=1091): set_mempolicy(0x3, &(0x7f0000000040)=0xfff, 0x5) r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'xfrm0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001a00)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0) 11m21.255742473s ago: executing program 34 (id=1091): set_mempolicy(0x3, &(0x7f0000000040)=0xfff, 0x5) r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'xfrm0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001a00)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0) 6m43.160831251s ago: executing program 6 (id=2103): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000012c0)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x1fff, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='batadv0\x00', 0x10) write(r0, &(0x7f0000000140)="8265000000000000", 0x5ac) 6m42.411037894s ago: executing program 6 (id=2106): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000021c0)=0x1, 0x4) setsockopt(r0, 0x1, 0x10000000000009, &(0x7f0000000100)="0100ddff", 0x507b420f2d51f971) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e1d, 0x80000003, @ipv4={'\x00', '\xff\xff', @remote}, 0x2}, 0x1c) close(0x3) 6m41.686461375s ago: executing program 6 (id=2111): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000280)={0x0, 0x7, 0xff, 0x8, 0x8, 0x2, 0x0, 0x4, 0x4, 0x0, 0x0, 0x0, 0xfc}, 0xe) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000040)={r1}, &(0x7f00000000c0)=0x8) 6m41.133479921s ago: executing program 6 (id=2115): syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file0\x00', 0x0, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a1) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0xd2f0, 0x2000, 0x5, 0x2}) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) 6m39.722715209s ago: executing program 6 (id=2123): r0 = syz_open_dev$usbfs(&(0x7f0000000340), 0x206, 0x8401) ioctl$USBDEVFS_ALLOW_SUSPEND(r0, 0x5522) syz_open_dev$usbfs(&(0x7f0000000340), 0x206, 0x8401) ioctl$USBDEVFS_BULK(r0, 0x5523, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) 6m37.526885631s ago: executing program 6 (id=2135): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x1}, 0x28) r1 = bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f0000004440)=@base={0x14, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x2, 0x1}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x208}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000140)={r3, r1}, 0xc) 6m35.343158459s ago: executing program 35 (id=2135): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x1}, 0x28) r1 = bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f0000004440)=@base={0x14, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x2, 0x1}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x208}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000140)={r3, r1}, 0xc) 5m2.34399896s ago: executing program 0 (id=2436): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000083c0)={{0x3}}) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x4, 0x8040000000000000}) close_range(r2, 0xffffffffffffffff, 0x0) 5m1.561988359s ago: executing program 0 (id=2440): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x34) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) syz_mount_image$squashfs(&(0x7f00000002c0), &(0x7f0000000240)='./file1\x00', 0x5, &(0x7f0000000080)=ANY=[], 0x9f, 0x19b, &(0x7f00000004c0)="$eJzs0c9rE0EUwPHvm5lks8HWpnqqhwYMrBElm/jj4Cl4aiELXkWCLjW2pYlok4MtivUgglT7N3jSowh6ErHguXgQPGi8eBNz6Ek8lJXdzv4Vzgfezrxh583bnZXh3aEHHOzfX6JNpsA0nz3BAPNyuMbM4fBO4BHwy67vAEkCl22+LZTS8ZXNy0fyAtVL1ZKdrsX9fm+9irYHsrG5FvfTstnLE6GNfN3XS7HciARhoG5GVDqcfobu+tSfM2emOH4dTRJss6iSRIIOHG2MBncaw43Ns6uDa8u95d7tVuvcxfB8GF5oNW6t9nvhW6T+VFT6aWl4EX79AYUuj/dMGQVZaPGh2GVnT586eWaCqv8mQfgYTPC+m5Vp2zcVWOCY8AIdUevgK0zyMD1oAbmi3kjTfDF/CorSlrZbrir9t+jlBQpBk3gRCGGO2YNdnoypjZnRvBybnz+Yl/f42X/NmK30+dpmJ8pAkXvxaLTeLMInCSJaaVRgill2UVG71kn7/GD35PfxLZ84juM4juM4juM4/4F/AQAA///d2lQs") r1 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x1, 0x0) ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(r1, 0x40044104, &(0x7f0000000040)=0x1) 5m0.560999344s ago: executing program 0 (id=2445): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f000000a380)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000002180)={0x50, 0x0, r1, {0x7, 0x27, 0x5, 0x1dd880, 0xffff, 0x81, 0x0, 0x4, 0x0, 0x0, 0x80, 0x2404}}, 0x50) lsetxattr$system_posix_acl(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f0000000280)={{}, {}, [{}, {}], {0x4, 0x1}, [{}], {0x10, 0x5}, {0x20, 0x1}}, 0x3c, 0x1) 4m59.285348922s ago: executing program 0 (id=2448): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f00000007c0)='./file0/file0\x00', 0x0, 0x1000, 0x0) move_mount(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file0\x00', r0, 0x0, 0x261) 4m58.103596484s ago: executing program 0 (id=2452): r0 = memfd_create(&(0x7f00000001c0)='\x00', 0x5) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) fchown(r0, 0x0, 0xee00) 4m56.745664064s ago: executing program 0 (id=2457): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r0, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000040)='%ps \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r1}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0feffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000801000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x2f08, 0xe, 0x0, &(0x7f0000000380)="a162cef0563a20f5177241ee8f52", 0x0, 0x0, 0x6000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x7}, 0x50) 4m53.233120476s ago: executing program 36 (id=2457): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r0, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000040)='%ps \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r1}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0feffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000801000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x2f08, 0xe, 0x0, &(0x7f0000000380)="a162cef0563a20f5177241ee8f52", 0x0, 0x0, 0x6000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x7}, 0x50) 4m40.451937362s ago: executing program 8 (id=2495): syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001, 0x0, r0}, 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r1}, 0x38) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 4m38.020863163s ago: executing program 8 (id=2503): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @private2, 0x52}]}, &(0x7f0000000440)=0x10) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f00000004c0)={r1, 0x7, 0x268e, 0x1, 0xe2d, 0x20, 0x7, 0x8, {r1, @in={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x2c}}}, 0x6, 0x96, 0xcd, 0x4b, 0xfffffffd}}, &(0x7f0000000240)=0xb0) 4m37.144699764s ago: executing program 8 (id=2507): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @local}], 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @rand_addr=0x64010101}, 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x1) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000240)={0x0, @in={{0x2, 0x4e21, @local}}, 0xcde, 0x9}, &(0x7f0000000000)=0x90) 4m35.628587032s ago: executing program 8 (id=2513): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x20048a, &(0x7f00000001c0)={[{@grpjquota}, {@noinit_itable}, {@abort}, {@bsdgroups}]}, 0x12, 0x51a, &(0x7f0000001200)="$eJzs3U9sI1cZAPBvJsnam6ZNCj0AKnQphQWt1k68bVT1QjlVCFVC9MhhGxInimLHUeyUJuwhe+SORCVOcOLMAYkDUk/ckTjAjUs5IBVYgRokJFx5bGedP06sbGJv499PGvnNvLG/93Y071mfN/MCGFu3ImI/Im5ExLsRMds5nnS2eLO9tc775NGD5YNHD5aTaDbf+WeS1beORc97Wp7pfGY+In7wVsSPkmNB/xRR393bWKpUytudQ8VGdatY3927u15dWiuvlTdLpcWFxfnX771WurS+vlT9zcc3I+L3v/vyR3/c/9ZPWs2a6dT19uMytbs+dRinZTIivncVwUZgotOfGxd584XexGVKI+JzEfFydv/PxkR2NY86epm+PcTWAQBXodmcjeZs7z4AcN2lWQ4sSQudXMBMpGmh0M7hvRDTaaVWb9xZre1srrRzZXMxla6uV8rznVzhXEwlq+uT5YWs3N2vlEvH9u9FxPMR8bPczWy/sFyrrIzyiw8AjLFnjs3//8m1538A4JrLPy7mRtkOAGB48qNuAAAwdOZ/ABg/5n8AGD/mfwAYP+Z/ABg/5n8AGCvff/vt1tY86Dz/euW93Z2N2nt3V8r1jUJ1Z7mwXNveKqzVamvZM3uq531epVbbWng1dt4vNsr1RrG+u3e/WtvZbNzPnut9vzw1lF4BAGd5/qUP/5JExP4bN7Mtep73f+5c/eJVtw64SumoGwCMzMSoGwCMzMnVvoBxIR8P4+v/zWYzetbujYiHh6Weh4H2/S9CHwwUJrVuKDx9bn/xCfL/wGea/D+Mr4vl/32Xh+tA/h/GV7OZWPMfAMaMHD+QnFPf+/v/fLNnZ7Df/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBamsm2JC101gKfiTQtFCKejYi5mEpW1yvl+Yh4LiL+nJvKtfYXIsK6QQDwWZb+Pems/3V79pWZ47U3cv/NZa8R8eNfvPPz95caje2FiBvJvw6PNz7oHC+Nov0AwHm683R3Hu/65NGD5e42zPZ8/J324qKtuAedrV0zGZPZaz7LNUz/O+nst7W+r0xcQvz9hxHxhdP6n2S5kbnOyqfH47diPzvU+OmR+GlW135t/Vt8/hLaAuPmw9b48+Zp918at7LX0+//fDZCPbnu+HdwYvxLD8e/iT7j361BY7z6h++eONicbdc9jPjSZMRB98N7xp9u/KRP/FcGjP/XF7/ycr+65i8jbsdp/U+OxCo2qlvF+u7e3fXq0lp5rbxZKi0uLM6/fu+1UjHLURe7meqT/vHGnef6xW/1f7pP/Pw5/f/6gP3/1f/e/eFXz4j/za+dfv1fOCN+a078xoDxl6Z/m+9X14q/0qf/513/OwPG/+hveysDngoADEF9d29jqVIpbz95IX/mOellhBigkETsX3GIx4Xcr3/61vkn54bWngsWol/VxNPSwmtTyD0dzRigMOqRCbhqj2/6UbcEAAAAAAAAAAAAAADoZxh/TjTqPgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB9fRoAAP//j4/W2A==") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x2000, 0x20) r1 = openat(r0, &(0x7f0000004280)='./file0\x00', 0x80000, 0x0) lseek(r1, 0x100, 0x4) 4m34.194063042s ago: executing program 8 (id=2518): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0) r1 = epoll_create(0x6) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000180)={0x20002009}) r2 = epoll_create(0x3) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000001c0)={0xc0000002}) 4m30.575305663s ago: executing program 8 (id=2525): socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000140)=@updsa={0xf0, 0x10, 0x1, 0x0, 0x200000, {{@in6=@dev={0xfe, 0x80, '\x00', 0x29}, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32}, {@in6=@private1, 0x0, 0x32}, @in=@local, {0xfffffffffffffffd}, {}, {0xfffffffc, 0x0, 0xfffffffe}, 0x200, 0x8000000, 0xa}}, 0xf0}}, 0x0) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="040e07050220"], 0xa) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e1301"], 0x16) 4m28.259875117s ago: executing program 37 (id=2525): socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000140)=@updsa={0xf0, 0x10, 0x1, 0x0, 0x200000, {{@in6=@dev={0xfe, 0x80, '\x00', 0x29}, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32}, {@in6=@private1, 0x0, 0x32}, @in=@local, {0xfffffffffffffffd}, {}, {0xfffffffc, 0x0, 0xfffffffe}, 0x200, 0x8000000, 0xa}}, 0xf0}}, 0x0) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="040e07050220"], 0xa) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e1301"], 0x16) 2m3.887577081s ago: executing program 3 (id=2957): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000040000000c"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000080), &(0x7f0000000240)=r1}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000006c0)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x54}, 0x50) 2m2.668441539s ago: executing program 3 (id=2962): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000002000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/3\x00') read$FUSE(r1, &(0x7f0000001680)={0x2020}, 0x2020) openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) 2m1.416401754s ago: executing program 3 (id=2967): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000200)={0x0, 0x4, 0x2, 0x9, 0x0, 0x0, 0x0, 0xfd, 0x5}, 0xe) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000002300)=[@in={0x2, 0x4e22, @remote}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000080)={r1, 0xff}, &(0x7f00000000c0)=0x8) 2m0.563327188s ago: executing program 3 (id=2972): syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x21008, 0x0, 0x0, 0x0, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2a05004, 0x0) chroot(&(0x7f0000000400)='./file0/file0\x00') pivot_root(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f0000000180)='./file0/../file0\x00') 1m59.68929265s ago: executing program 3 (id=2975): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0xe, 0x3, 0x1, 0x1}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@newqdisc={0x140, 0x24, 0xd0f, 0x200000, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x110, 0x2, [@TCA_GRED_STAB={0x104, 0x2, "abcc61b4e508c02286f1bafc7a22c407a52b0e13291c865d493f15736245f220cd4e40006df455836aa3bd3aaa2c9b95578719c46f89e0179832927deecf7465ea95bd97b018b7afaccdcb28bb42d677b73c44e790f0875fb4b795ca95b7dd712d2c5d69945535f92f74a71236749b077cc85e96554beb53c986a216051bd5979a8cfcfe9f98be58ff7944f6cfda8579dbaedceee578bfd1fb554b6e185e9315425ef0a3fc69d17ede93fc7c46357990604b9f12033688caa0b04adecfc926b3f6ca25bcb5432905e3f30ccbf10cf0f2d00858ba2bbd2702b8d4a7a7c744fbaa2fa35b1c586020d600"}, @TCA_GRED_LIMIT={0x8, 0x5, 0x6}]}}]}, 0x140}}, 0x24008004) 1m58.664724221s ago: executing program 3 (id=2980): r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r1, &(0x7f0000000140)='./file0\x00') unlinkat(r1, &(0x7f00000001c0)='./file0/../file0/file0\x00', 0x0) 1m55.189484923s ago: executing program 38 (id=2980): r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r1, &(0x7f0000000140)='./file0\x00') unlinkat(r1, &(0x7f00000001c0)='./file0/../file0/file0\x00', 0x0) 46.688367072s ago: executing program 9 (id=3189): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00') r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000c40)={0x20002012}) 45.694781971s ago: executing program 9 (id=3194): r0 = syz_open_dev$dri(&(0x7f00000002c0), 0x1, 0x2100) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000300)={&(0x7f00000001c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000200)={r1, r2, r3, 0x5, 0x80000003, 0xfffffffc, 0x0, 0x0, 0x5, 0x7, 0xd, 0x31e}) 44.617513917s ago: executing program 9 (id=3198): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$sock_int(r0, 0x1, 0x2b, &(0x7f0000000000)=0x1, 0x4) r1 = socket(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', 0x0}) sendto$packet(r0, 0x0, 0x0, 0x40008c1, &(0x7f00000000c0)={0x11, 0x0, r2, 0x1, 0x62, 0x6, @broadcast}, 0x14) 41.706212627s ago: executing program 9 (id=3206): syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x4029, 0x0, 0x0, 0x0, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 40.994401312s ago: executing program 9 (id=3209): r0 = socket(0x10, 0x803, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x4}, {0xffff, 0xffff}, {0xb, 0xfff3}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000840)=@newtfilter={0x5c, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x3}, {}, {0x4, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x30, 0x2, [@TCA_U32_CLASSID={0x8}, @TCA_U32_SEL={0x24, 0x5, {0xc, 0x6, 0x1, 0x3d3f, 0x0, 0xfff, 0x3, 0x58f, [{0xebd, 0x1, 0x206, 0x7}]}}]}}]}, 0x5c}}, 0x24040084) 39.31909326s ago: executing program 9 (id=3216): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x3) syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}}}}}}}, 0x0) syz_emit_ethernet(0x84, &(0x7f0000000380)=ANY=[@ANYBLOB="aaaaaaaaaaaa7f9cc904386086dd60199646004e060000000000000000000000000000000000fe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='P'], 0x0) 35.950835737s ago: executing program 39 (id=3216): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x3) syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}}}}}}}, 0x0) syz_emit_ethernet(0x84, &(0x7f0000000380)=ANY=[@ANYBLOB="aaaaaaaaaaaa7f9cc904386086dd60199646004e060000000000000000000000000000000000fe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='P'], 0x0) 9.409634094s ago: executing program 5 (id=3303): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)={'#! ', './file0/file0'}, 0x11) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x28011, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) lseek(r0, 0x0, 0x3) 9.33638138s ago: executing program 1 (id=3304): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x50, &(0x7f0000000580)=ANY=[@ANYBLOB="6e6f646973636172642c6e6f636865636b706f696e745f6d657267652c6661756c745f747970653d30303030303030303030303030303033323736372c6d656d6f72793d6c6f772c666c7573685f6d657267652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303030313236322c61636c2c6e6f61636c2c636f6d70726573735f63616368652c646973636172642c6e6f657874656e745f63616368652c6e6f71756f74612c636865636b706f696e743d64697361626c652c00363101be2f2414c1ff59cf0ff87782bcde43f7989389b5df0c89a39b9879753e01c3936df8f39b60655e3609ad58e855a62cde73be8487d7f660b8da7993b53c4bea49f4e3f2d6b81984f7eeaafb913ce47a483219b0f7b60a2b1f30eb272e8137a471ec62a32d98bb77dfeb8bb0c56400"/344], 0x4, 0x5525, &(0x7f00000014c0)="$eJzs3EtvG1UUAODrPNqmLSVCLNh1pAopQbUV51HBLkArHiJVVGDBChzbsdzanih2nJAVC5aIBf8EgcSKJb+BBWt2iAWIHRLIc8eQQEFImcSk+T5pfOZeX58516oqnZnIAbiw5pNffiqFG2EuhDAdQrgeQigdOTLrMTyXH1NHjlI+98fEpRDC1RDCjVHymLOUv/XZ7eGttR/f/Pnrby/PXPv8q+8mt2tg0p4PIXR34vl+N8a0FePDfL42bGexuzrMY3yj+ygfpzHuN7eyDPu18bpaFldacX26s9cfxe1OrT6KrfZ2Nr/TixfsD1vjPNkHHtZ2s3GjuZXFdj/NYusw1nVwGP9vO+wPYp5Gnu/DLH0YDMYxzjcPmnE/O4+yWO8N8vmYN200D0ZxmMf8cqGedhpZHVsn+ab/395q9/YOkmFzt99Oe8lapfpipXqnXN1NG81Bc7Vc6zburCYLrc5oWXnQrHXXW2na6jQr9bS7mCy06vVytZos3G1utWu9pFqtrFSWymuL+dnt5LX77yadmbAwiq+0e3uDdqefbKe7SfzEYrJcWXlpMblVTd7e2Ew2H9y7t7H5zvt337v/8sYbr+aL/lbWC2F5aXm5XF0qL1cXz8H+G0kx+/84LzpZKGz/cCKlSRcAcP48rv+f+5f+/6b+HyjA6fX/uw9COP3+P+j/C3Gu+t9xWQX2vxd9/3Ai+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5uP4Wj7/VD71TD4uhRCmQgi/PcZ0uHQs53SeZ/Yf1s/+pYZvSiHLMLrG5fy4GkJYz49fnz7tbwEAAACeXF9+dPPT2K3Hl/lJF8RZijdtpq5/UFC+Ughhdv6HgrJNjV6eLShZ9u97JhwUlC27gXWloGTxlttMUdn+k+lj4cqRUIph6kzLAQAAzsTxTuBsuxAAAADO0ieTLoDJKIXxo8zxs+DsL+//fCA4d2wEAAAAnEOlSRcAAAAAnLqs//f7fwAAAPBki7//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7lpA1EcgJ8NLvSfiqrue5Xu4Bg9QpddVhygl+AAXdAr5AKcgexyhAgi7IkDEYtIHttK9H2SGRmZH88IFm9GDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCn22q7+v/n+9+uOYdjN3nuBgAAALhmX21XEVEcUgv+MT3/OSIWEfE1nRcRUUbEtd59Eu8uMicpp3q6/t/59dWzGm4i6oTTe8zS8SEifqTj/ssAHwQAAAC8Ubv1Ztl0683DYuyCGFIzaVN++pkpr4iIanGXKa085X3LFFZ/v6fxO1NaPYE1zxTWTLlNc6W9SP1zb2ft5mdD0Qzl1Ze1RWa7dwAAYECTi2HYLgQAAIAh/Rq7AMZRxONSZrsUOGuGtLz3/uIMAAAAeIWKsQsAAAAAelf3/2n/v/bP/z3t/3e0/x8AAACMo9n/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD7tq+1qt94su+Ycjt3kuRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCB/XlHgRAIgzDYu74zmfsfVho0NTWpAuHjbwwGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAN7/7y/+JqXEmmXttLD2PJGunxtapsXduHP1hfP0aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC725yUFQiAIomDO+N9J3/+wkqBnECECGh5V1KIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCLfvfL/4mpcSaZO20sHY8ka1eNravG3oPG0YPx9m8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC527uc1jioOAPibmZ2NqYprlD1ERMGDXux2W1t7Ew9K8OCfIIR0W2O3/mhzsKWIuXiTnHsRPYoISrz1f+i5hV7qrYc9RPAcmdmZ3ckPcDU6s00+H3jzvjsM733fLIR8500CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUBq9O42T7NAZx3Fx7v7O7bWsf7Cvz9zderictSyO6kz6yfBy9UPUnYQ7TSQDAADAyZCU9X0I4VG6vZL1cSev/9Pymqzm//7ZcVzW8/vr/rIva/+s/fbr4xcnE3XG82SDXl4fDs4cTKX1/61yvj33t1e08jufP3tJ8i8k/mDzhVGa38/o23v33mvn4UId2QIA/8bpsi+C8vehrO83mRgAx9piJW5VCu+y/k86zeQFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUKfRZni6jKMQwnJrGmce7NxeO6y/u/VwuWwX7tzZCl9Px8yGSEMIl9eHgzO1rma+3bh56+rqcDi4Xn/wSgihqdnfKZZ/9aMZLg6hkfsj+G+C3YXiy56TfGoK4iOO0+APJQAAjqW0aFld/yjdXsnORUsh7P6wt/5/vRKHGev/xx9fuF+dq1r/92tb4fzrbVz7vHfj5q0316+tXhlcGXz61tn+2/1zF8+fv9jLn5X0PDEBAADgaNpFq9b/8dLB/f9TlTjMWP9/8V3/q+pcifr/UNNNv6YzAQAAONmef/XPP6JDzkftdvhydWPjen98nHw+Oz42kOo/tlC0av2fLDWdFQAAAFCH0Wa0Z///UiUOM+7/P/PjSz9Xx0xCCIvF/v/ptc+Gl+pbzlyr46+Rm14jAAAAzVosWnX/P83f/48nrzzEIYQ3XhvHxb8BnKn+T97/5qfqXNX3/8/Vt8S5FHfH9yPvuyG0uk1nBAAAwHH2VNGyYv/3dHvlk19Ofdj2/j8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3f4KAAD///2uQe0=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r0, &(0x7f0000000040), 0xe09) 8.222489899s ago: executing program 5 (id=3307): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_clone(0x800a0400, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, &(0x7f0000000040)) 7.097435106s ago: executing program 2 (id=3309): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x3a, &(0x7f0000001c00)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x2, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0x7407, 0xfffffffffffffffd}}}}}}, 0x0) munmap(&(0x7f0000001000/0x2000)=nil, 0x2000) readv(r0, &(0x7f0000000240)=[{&(0x7f00000012c0)=""/190, 0xbe}, {0x0}], 0x2) 6.743447877s ago: executing program 1 (id=3311): r0 = socket$unix(0x1, 0x1, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f0000000500)=0x1) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000000)=0x888b, 0x4) connect$unix(r0, &(0x7f00000008c0)=@abs={0x1, 0x0, 0x4e24}, 0x6e) connect$unix(r0, &(0x7f0000000080)=@abs={0x1, 0x0, 0x4e24}, 0x6e) 6.656154258s ago: executing program 5 (id=3312): syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./bus\x00', 0x2000010, &(0x7f0000000200)=ANY=[], 0x1, 0x6ca, &(0x7f0000000500)="$eJzs3c1vHGcdB/DvrNeuN1TBaRMaoSKsRCpIEYkTK4VwwSCEcqhQVQ49W4nTWN0kVeIit0LgAoITEof+AQXJNw4IiXtQuHApt159rITEJeIQ9bJoZmftXXv9lthrBz6faDzPM8/L/OaZZ2a866w2wP+t6xfSfJgi1y+8sVzm11Zn22ursy/Uxe0kZbqRNLurFHeT4lEyV5YXfUv61lt8vHjtrc8er33ezTXrpao/tlO7IYbUXamXTNf9TQ9tOb7XXazU4eXFJDfq9aCJvfY1ULEctPP1Go5cZ4uV/TTfz3ULHDO9p1PRfW5uMZWcSDJZ/x6Q+u7QGF2Eh2NfdzkAAAB4Tn1676gjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOdP/f3/Rb006nWmU/S+/3+it61OH0Nze6758FDjAAAAAAAAAIDR+PqTPMlyTvbynaL6m/+5KnM6X3SSL+X9PMhC7udiljOfpSzlfi4nmerraGJ5fmnp/uX1lqXhLa8MbXllVEcMAAAAAAAAAP+TfpnWxt//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgOCiSse6qWk7X60yl0cxGWVaSfyaZOOp496EYtvHh6OMAAACAZzL5FG2+/CRPspyTvXynqF7zf6V6vTyZ93M3S1nMUtpZyM36NXT5qr+xtjrbXludvVMuZX6w3+//e19hTNQ9jFW5YXs+W9Vo5VYWqy0Xc6MK5mYa3X2fT8724umLq89HZUzF92p7jKxZD2u5s99v9y7CgRh8K6KxQ83WRnDJ+ojM1LGVLU91R6Co3qhJNo/ErmenOZCbqnodX9/T5TTW3/k5fQhjfqJel8fzm0Md8/1aH4lGqpG40pt95TWz80gk3/jrn96+3b777u1bDy4cn0Paxdg22zfPidm+kXjluR6J5j7rz1QjcWY9fz0/yk9yIdN5M/ezmJ9mPktZSKcun6/nc/lzaueRmhvIvblbJBP1eemes73ENJ0fVqn5nKvansxiitzLzSzk9erflVzOt3M1V3Ot7wyf2Tbu6tiqq76x+arvnem/DQ3+/DfrRHl3++3GXW5upyPebnYelO69vxzXU33j2p31j9drneq7Dmb6Ruml3uiMD+38ae6Nza/WiXIfv9rlOTFaU/VIlBdQ7ynRi+7l7kg0q2fR1nn+h07ZLu27nc7t+fe26X9lU/61el1Oq9Wv7Va7Z/ipOFjlfHkpk/WdZHB2lGUvr99l+so6G3O5Wzb4xC3bnanKiqJ3pf4496oJsPVKnah/h9va05Wq7JWhZbNV2dm+soHft3Iv7dwcwfgB8DT+8fZ6cionJlr/an3a+qT169bt1huTP3jhOy+8OpHxv49/tzkz9lrj1eIv+SQ/33j9DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPL0HH3z47ny7vXB/eKKxfdFAopXNW3breVOiqL/QZ3+tjm9iMsnAlup7jkYeRmtzGFsSnV8kIx+f3pcIDq/zuzLR3DKjhiXmBrb8eWuHH+0zwmJv18UhJhoZ7U7HMnwCHOFNCRiJS0t33rv04IMPv7V4Z/6dhXcW7o5fvXpt5trV12cv3VpsL8x0fx51lMBh2HjoH3UkAAAAAAAAAAAAwF4N+2DAuRd3+9DInj7j4X8WAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfi+oU0H6bI5ZmLM2V+bXW2XS699EbNZpJGIyl+lhSPkrl0l0z1dVfkj4/SGbKfjxevvfXZ47XPN/pqdusnjXq9vZ1Lk6zUS6aTjNXrZzDQ341n7q/4T+8YygH7otPpzD1bfHAw/hsAAP//msX1EQ==") mknod$loop(&(0x7f0000000ac0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x20, 0x0) creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) creat(&(0x7f0000000200)='./file0\x00', 0x12e) setxattr$incfs_metadata(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, 0x0, 0x0) 6.381309468s ago: executing program 2 (id=3313): bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff, 0x2b, 0x0, @val=@netkit}, 0x1c) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r1, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001880)=@newtfilter={0x34, 0x2c, 0x1, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x3, 0x3}, {0x9, 0x3}, {0x9, 0xd}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x8890}, 0x40) 5.858582069s ago: executing program 1 (id=3315): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000001740)=[{{&(0x7f0000000480)={0xa, 0x4e23, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000080)="df", 0x1}], 0x1}}], 0x1, 0x24088804) sendto$inet6(r0, &(0x7f0000000ec0)='\n', 0x1, 0x40000, &(0x7f0000000300)={0xa, 0x100, 0x2, @dev={0xfe, 0x80, '\x00', 0x19}, 0x4}, 0x1c) shutdown(r0, 0x1) getsockopt$bt_hci(r0, 0x84, 0x6c, &(0x7f0000003140)=""/4095, &(0x7f0000000000)=0xfff) 5.350252285s ago: executing program 2 (id=3316): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_GET_TARGET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x4}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r0) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), r0) sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)={0x28, r1, 0x1, 0x0, 0x0, {0x1c}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan0\x00'}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}]}, 0x28}}, 0x0) 5.19370837s ago: executing program 5 (id=3317): syz_clone(0x8002011, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) writev(r0, &(0x7f0000000480)=[{&(0x7f0000000040)="c8", 0x1}], 0x1) ioctl$TIOCSBRK(r0, 0x5427) 4.892754823s ago: executing program 7 (id=3318): syz_mount_image$romfs(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00d0867e65d443152ee691a70d225b73c01164645c70ff689f607da7a169dbbfebbeb349b043f54d088bcd11a44f2074aa41532279b5718bc4d89fe5010d6bf465008743337cddaefbc0f0293d06483bec82e15366358709c5d5c0049ff9dcb7ea7e855e3c24bc3b4173720476fb379ce25c0ea42027ba6a7d"], 0x1, 0x13a, &(0x7f0000000280)="$eJzs2r9Kw1AUBvCjFoQ+glOhAauQ/1oHd0Fw8gkMbZIGb7wlEaSdiquD4nAdHV3dRDcfIbNPoC9xJW1q7b2zGvD7Lfej53J6s5zpmBlP3Sg3ibYmt8fvqxlPW11/rxe5UUAzh0TUKkMh5Z1FmpOveiEnlnah/VKdnVgcPUcJCz29BwAAAAAAAAAAAAAAAAAAAADAP9H+qEJzIPhDlLDQ/VbNR+PTgLEwy+e/GFTt6ND2Pd8v7/tL/ToNImO6v5OIg8uy7izVjXmnzYHgK+r/2efp0M5HYzNJgziMwzPP87vOjuPseva0l612NG6qN1Ehn4b6PpHxuNgnenP0fSJqzo7GRiKuL9Tui+9H+KlwRbV4hhrkWi2egVDPoM4P6q/77ddyflg9zvq/OD+0iQbwRz4DAAD//05cOC0=") munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r0, &(0x7f00000000c0)=""/59, 0x3b) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 4.670410893s ago: executing program 1 (id=3319): r0 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) listen(r1, 0x0) accept4$rose(r1, 0x0, 0x0, 0x0) landlock_restrict_self(r0, 0xa) 4.363030085s ago: executing program 2 (id=3320): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x100000d, 0x12, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) 4.055353951s ago: executing program 7 (id=3321): socket$kcm(0xf, 0x3, 0x2) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f00)=@newsa={0x138, 0x10, 0x1, 0x70bd2b, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@private=0xa010100, 0x1, 0x794, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0xc}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x9, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8, 0x3}, {0xffffffffffffffff, 0x0, 0x1f, 0x1ff}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0xfd, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8881}, 0x10) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x18, 0x1, 0xfffffffe, 0x100, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x25}, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0xfffffffc}, 0x80, 0x3500, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) 3.594963217s ago: executing program 2 (id=3322): clock_adjtime(0x17, &(0x7f0000000000)={0xea30, 0x6, 0x4000379ee6, 0x0, 0x8001, 0x7ff, 0x8a, 0x3, 0x100000000000006, 0x82, 0x3, 0x40000000000004, 0x9, 0x80000000000005, 0x2, 0xffffffffffffffff, 0xffffffff, 0x2, 0x9, 0x7, 0x200, 0x3, 0x11cb, 0x4, 0xd, 0x9}) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0e, &(0x7f0000000040)) 3.340863878s ago: executing program 5 (id=3323): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2}) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 3.108413173s ago: executing program 7 (id=3324): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x28011, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) lseek(r0, 0x0, 0x4) 3.018394018s ago: executing program 1 (id=3325): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xa4}, 0x1, 0x0, 0x0, 0x24000154}, 0x20000050) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01080000000000000000010000090900010073797a3100000000d0000000030a030000000000000000000100000a0900010073797a31000000000900030073797a3000000000a4000300627269", @ANYRESHEX, @ANYRES16, @ANYRESOCT], 0x118}, 0x1, 0x0, 0x0, 0x24000144}, 0x30004815) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c000}, 0x20008800) 2.096135277s ago: executing program 7 (id=3326): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188) 1.937968995s ago: executing program 1 (id=3327): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x9, 0x2) r1 = syz_io_uring_setup(0x890, &(0x7f0000000140)={0x0, 0xaee2, 0x10, 0xfffffffd, 0xbfdffffc}, &(0x7f00000000c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r0, 0x0, 0x0, 0x0, {0x85c3}}) io_uring_enter(r1, 0x7323, 0x0, 0x5, 0x0, 0x0) 943.164722ms ago: executing program 7 (id=3328): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000340)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000002100fedbdf253900000008000300", @ANYRES32=r3, @ANYBLOB="10005a800c000480050009"], 0x2c}, 0x1, 0x0, 0x0, 0x200440c1}, 0x4004) 912.850189ms ago: executing program 5 (id=3329): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd) r1 = openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 428.632342ms ago: executing program 2 (id=3330): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000280)={[{@nogrpid}, {@jqfmt_vfsv0}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@debug}, {@nombcache}, {@quota}, {@nolazytime}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x441, 0x108) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000080)=0x34a8) 0s ago: executing program 7 (id=3331): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000180)='./bus\x00', 0x2000804, &(0x7f0000000580)={[{@numtail}, {@iocharset={'iocharset', 0x3d, 'iso8859-5'}}, {@uni_xlate}, {@shortname_win95}, {@rodir}, {@utf8no}, {@fat=@uid}, {@numtail}, {@fat=@umask={'umask', 0x3d, 0x9}}, {@fat=@codepage={'codepage', 0x3d, '866'}}, {@utf8}, {@numtail}, {@iocharset={'iocharset', 0x3d, 'cp852'}}, {@shortname_lower}, {@utf8no}, {@shortname_mixed}]}, 0x1, 0x289, &(0x7f00000001c0)="$eJzs3c1qA1UUAOAzzaRJdJEsXInQAV24Kq1P0CIVxIKgZKEutNgUpAmFFgJVMXblE7hx6/O4EV/AB1Dc2YU4ks7kTyctkbQp+n2bHs69J/fM3KHtZm4+eWVwfnpxdXbz5c/RbCaxdRAHcZtEJ7Zi4uuo9NOv1XkA4Jm7zfP4LS80itT14oz6ksp069GbAwAexfzf/033AgA8jfc/+PCdw+Pjo/eyrBkx+GbYTaL4WYwfnsVn0Y9e7EU7/ojIp4r4rbePjyLNxjrx2mA07I4rBx//UH7+4S8Rd/X70Y5Odf1+VpirHw279XihXP+gH713v492vFRd/8as/jYv66O7Ha+/Otf/brTjx0/jIvpxGsX/OpP6r/az7M3829+/+GicHdcno2G3EacLdyqvPfXeAAAAAAAAAAAAAAAAAAAAAADw37WbTXUWz9+ZHPx/z/g95wON5s7n2cuyLE+K+bP6NF5OI93ktQMAAAAAAAAAAAAAAAAAAMBzcXX9+flJv9+7XGswea2/Yij+XMw0ImLJ56QPr7WzaodRK1vrJxGrXVc9GneVD0+urXjHWuN+epdJGuvbgmSaac0P7USx1jjTKoK5zGpLfPfPjWvGXTB5us5PkmWbOwmaVQ/JGoK84vGrLa3a/numVV5BxeTWPatvv/ives7bS4aSiKhPb2Y51KqeXF/vPXy630EAAAAAAAAAAAAAAAAAAEBh9tJvxeDNBhoCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgA2Yff//CsGoLF42J6+NgzTKzIYvEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP+BvwIAAP//XAxp4w==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x58) fallocate(r0, 0x0, 0x9, 0x10001) copy_file_range(r0, 0x0, r0, &(0x7f00000000c0)=0xae8, 0x863, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x0) kernel console output (not intermixed with test programs): ][ T29] audit: type=1326 audit(1772176542.117:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11867 comm="syz.0.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f088cb9c799 code=0x7ffc0000 [ 838.785274][ T5828] appletouch 2-1:0.85: input: appletouch disconnected [ 838.820891][ T29] audit: type=1326 audit(1772176542.117:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11867 comm="syz.0.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f088cb9c799 code=0x7ffc0000 [ 839.018452][ T29] audit: type=1326 audit(1772176542.117:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11867 comm="syz.0.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f088cb9c799 code=0x7ffc0000 [ 839.188269][ T29] audit: type=1326 audit(1772176542.187:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11867 comm="syz.0.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f088cb9c799 code=0x7ffc0000 [ 839.340938][ T29] audit: type=1326 audit(1772176542.187:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11867 comm="syz.0.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f088cb9c799 code=0x7ffc0000 [ 839.528367][ T29] audit: type=1326 audit(1772176542.187:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11867 comm="syz.0.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f088cb9c799 code=0x7ffc0000 [ 839.598229][T11579] veth0_vlan: entered promiscuous mode [ 839.681048][ T29] audit: type=1326 audit(1772176542.257:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11867 comm="syz.0.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f088cb9c799 code=0x7ffc0000 [ 839.833582][ T29] audit: type=1326 audit(1772176542.257:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11867 comm="syz.0.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f088cb9c799 code=0x7ffc0000 [ 839.850792][T11579] veth1_vlan: entered promiscuous mode [ 840.547519][T11579] veth0_macvtap: entered promiscuous mode [ 840.696743][T11579] veth1_macvtap: entered promiscuous mode [ 841.164115][T11579] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 841.361659][T11579] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 841.576575][ T138] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 841.611963][ T138] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 841.657023][ T138] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 841.718449][ T138] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 842.506833][T11901] io-wq is not configured for unbound workers [ 844.275770][T11921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 844.314814][T11921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 844.389256][T11921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 844.419321][T11921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 844.494025][T11921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 844.549034][T11921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 844.608935][T11921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 844.647580][T11919] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 844.678666][T11919] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 845.464069][T11856] usb 1-1: new full-speed USB device number 23 using dummy_hcd [ 845.743009][T11856] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 845.774492][T11856] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 65535, setting to 64 [ 845.852715][T11856] usb 1-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 845.986805][T11856] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 846.078157][T11856] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 846.164423][T11856] usb 1-1: Product: syz [ 846.174701][T11856] usb 1-1: Manufacturer: syz [ 846.210451][T11856] usb 1-1: SerialNumber: syz [ 846.306461][T11856] cdc_mbim 1-1:1.0: skipping garbage [ 847.352301][T11856] cdc_mbim 1-1:1.0: bind() failure [ 847.479629][T11856] usbtest 1-1:1.1: probe with driver usbtest failed with error -71 [ 847.557194][T11856] usb 1-1: USB disconnect, device number 23 [ 851.203988][T11987] loop2: detected capacity change from 0 to 512 [ 851.488408][T11987] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 851.558700][T11987] ext4 filesystem being mounted at /444/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 851.871437][T11856] hid-generic 0005:4C4A:5505.001B: item fetching failed at offset 0/1 [ 851.912975][T11987] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 851.926249][T11856] hid-generic 0005:4C4A:5505.001B: probe with driver hid-generic failed with error -22 [ 851.971952][T11987] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 852.421468][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 852.927049][T12012] faux_driver vgem: [drm] Unknown color mode 6; guessing buffer size. [ 853.122061][T12015] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 853.199263][T12015] overlayfs: overlapping lowerdir path [ 853.301857][ T4865] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 853.385544][ T4865] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 853.997353][ T4865] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 854.071879][ T4865] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 855.611020][T11856] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 855.900397][T11856] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 855.946342][T11856] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 856.030864][T11856] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 856.091443][T11856] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 856.152059][T11856] usb 3-1: Product: syz [ 856.156482][T11856] usb 3-1: Manufacturer: syz [ 856.206446][T11856] usb 3-1: SerialNumber: syz [ 856.376084][T11856] cdc_mbim 3-1:1.0: skipping garbage [ 856.678513][T12037] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 857.560525][T12037] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 857.690406][T11856] cdc_mbim 3-1:1.0: cdc-wdm0: USB WDM device [ 857.802373][T11856] wwan wwan0: port wwan0mbim0 attached [ 857.953056][T11856] cdc_mbim 3-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.2-1, CDC MBIM, 76:18:50:fc:6d:ac [ 858.141302][T11856] usb 3-1: USB disconnect, device number 20 [ 858.154629][T11856] cdc_mbim 3-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.2-1, CDC MBIM [ 858.290420][T12049] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2281'. [ 858.346493][T11856] wwan wwan0: port wwan0mbim0 disconnected [ 860.175239][T12058] loop8: detected capacity change from 0 to 32768 [ 860.191850][T12058] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.2285 (12058) [ 860.236508][T12058] BTRFS info (device loop8): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 860.247542][T12058] BTRFS info (device loop8): using sha256 checksum algorithm [ 860.666156][T12058] BTRFS info (device loop8): enabling ssd optimizations [ 860.677600][T12058] BTRFS info (device loop8): turning on async discard [ 860.689687][T12058] BTRFS info (device loop8): enabling free space tree [ 860.949349][T12081] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2289'. [ 860.961139][T11579] BTRFS info (device loop8): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 862.598169][ T1038] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 862.743286][ T9051] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 862.772608][T12106] loop2: detected capacity change from 0 to 128 [ 862.841038][T12106] EXT4-fs (loop2): Test dummy encryption mode enabled [ 862.940304][T12106] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a806c018, mo2=0042] [ 862.960417][T12106] System zones: 1-3, 19-19, 35-36 [ 862.985865][ T9051] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 862.999729][T12106] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 863.065930][T12106] ext4 filesystem being mounted at /451/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 863.110282][ T9051] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 863.195761][ T9051] usb 2-1: config 0 descriptor?? [ 863.314548][ T9051] cp210x 2-1:0.0: cp210x converter detected [ 863.786175][ T9051] cp210x 2-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 863.896495][ T5779] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 863.987040][ T9051] usb 2-1: cp210x converter now attached to ttyUSB0 [ 864.139910][ T9051] usb 2-1: USB disconnect, device number 15 [ 864.210803][T12119] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2303'. [ 864.250476][ T9051] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 864.282807][T12119] netlink: 'syz.0.2303': attribute type 6 has an invalid length. [ 864.344347][T12119] netlink: 'syz.0.2303': attribute type 5 has an invalid length. [ 864.391469][T12119] netlink: 'syz.0.2303': attribute type 4 has an invalid length. [ 864.420744][ T9051] cp210x 2-1:0.0: device disconnected [ 865.296229][T12128] netlink: 708 bytes leftover after parsing attributes in process `syz.8.2306'. [ 865.519330][T12132] 9p: Bad value for 'rfdno' [ 866.329852][T12141] 9pnet: p9_errstr2errno: server reported unknown error  [ 872.543533][T12221] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2339'. [ 877.380312][T12267] Invalid argument reading file caps for ./file0 [ 878.518445][T11856] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 878.734677][T11856] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 878.786072][T11856] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 878.953555][T11856] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 879.003445][T11856] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 879.107189][T11856] usb 2-1: Product: syz [ 879.141866][T11856] usb 2-1: Manufacturer: syz [ 879.146762][T11856] usb 2-1: SerialNumber: syz [ 879.245559][T11856] cdc_mbim 2-1:1.0: skipping garbage [ 879.288588][T12291] loop0: detected capacity change from 0 to 128 [ 879.563513][T12291] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 879.587237][T12281] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 879.700084][T12291] ext4 filesystem being mounted at /483/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 879.894354][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 879.903403][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 880.250497][T12281] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 880.304745][T11856] cdc_mbim 2-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 880.338520][T11856] cdc_mbim 2-1:1.0: setting rx_max = 2048 [ 880.520189][T11856] cdc_mbim 2-1:1.0: setting tx_max = 184 [ 880.536767][T12304] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2368'. [ 880.630399][T11856] cdc_mbim 2-1:1.0: cdc-wdm0: USB WDM device [ 880.682994][T11856] wwan wwan0: port wwan0mbim0 attached [ 880.683852][ T5770] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 880.800357][T11856] cdc_mbim 2-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.1-1, CDC MBIM, 4e:c9:ad:e3:30:f9 [ 881.028118][T11856] usb 2-1: USB disconnect, device number 16 [ 881.102370][T11856] cdc_mbim 2-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.1-1, CDC MBIM [ 881.374081][T11856] wwan wwan0: port wwan0mbim0 disconnected [ 881.599946][T12308] loop8: detected capacity change from 0 to 512 [ 881.938818][T12308] EXT4-fs error (device loop8): ext4_orphan_get:1391: inode #15: comm syz.8.2371: inode has both inline data and extents flags [ 881.978225][T12308] loop8: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 881.987907][ C1] EXT4-fs (loop8): error count since last fsck: 1 [ 882.003961][ C1] EXT4-fs (loop8): initial error at time 1772176585: ext4_orphan_get:1391: inode 15 [ 882.013822][ C1] EXT4-fs (loop8): last error at time 1772176585: ext4_orphan_get:1391: inode 15 [ 882.177029][T12308] EXT4-fs error (device loop8): ext4_orphan_get:1396: comm syz.8.2371: couldn't read orphan inode 15 (err -117) [ 882.361210][T12308] loop8: lost filesystem error report for type 5 error -117 [ 882.364599][T12308] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 883.280046][T11579] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 886.228064][T12360] loop0: detected capacity change from 0 to 1024 [ 886.472463][T12360] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 886.499585][T12360] ext4 filesystem being mounted at /488/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 887.094375][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 888.408205][T11856] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 888.646600][T11856] usb 2-1: Using ep0 maxpacket: 8 [ 888.698124][T11856] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 888.706605][T11856] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 888.801795][T11856] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 888.865680][T11856] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 888.961816][T11856] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 889.022618][T12393] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 889.058381][T11856] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 889.060790][T12393] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 889.125116][T11856] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 889.166053][T12393] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 889.450368][T11856] usb 2-1: usb_control_msg returned -32 [ 889.498747][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 889.506417][T11856] usbtmc 2-1:16.0: can't read capabilities [ 889.510930][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 889.525039][T12392] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 889.540487][T12399] loop8: detected capacity change from 0 to 256 [ 889.577689][T12392] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 890.091080][T12399] FAT-fs (loop8): Directory bread(block 64) failed [ 890.109448][T12399] FAT-fs (loop8): Directory bread(block 65) failed [ 890.123363][T12399] FAT-fs (loop8): Directory bread(block 66) failed [ 890.145036][T12399] FAT-fs (loop8): Directory bread(block 67) failed [ 890.192240][T12399] FAT-fs (loop8): Directory bread(block 68) failed [ 890.209802][T12399] FAT-fs (loop8): Directory bread(block 69) failed [ 890.230432][T12399] FAT-fs (loop8): Directory bread(block 70) failed [ 890.246992][T12399] FAT-fs (loop8): Directory bread(block 71) failed [ 890.264360][T12399] FAT-fs (loop8): Directory bread(block 72) failed [ 890.284267][T12399] FAT-fs (loop8): Directory bread(block 73) failed [ 891.320460][T11856] usb 2-1: USB disconnect, device number 17 [ 891.968373][ T5824] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 892.018495][T11856] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 892.190935][ T5824] usb 1-1: Using ep0 maxpacket: 8 [ 892.214330][ T5824] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 892.251175][T11856] usb 2-1: Using ep0 maxpacket: 8 [ 892.268263][ T5824] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 892.301598][T11856] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 892.320058][ T5824] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 892.335786][T11856] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 892.388469][ T5824] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 892.392375][T11856] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 892.436677][ T5824] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 892.494865][ T5824] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 892.503610][T11856] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 892.568099][T11856] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 892.588443][T11856] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 892.971081][T11856] usb 2-1: GET_CAPABILITIES returned 0 [ 893.029055][T11856] usbtmc 2-1:16.0: can't read capabilities [ 893.748672][ T5824] usb 1-1: usb_control_msg returned -32 [ 893.754586][ T5824] usbtmc 1-1:16.0: can't read capabilities [ 893.934463][T12429] loop8: detected capacity change from 0 to 32768 [ 893.944568][T12429] btrfs: Deprecated parameter 'usebackuproot' [ 893.953379][T12429] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 893.967736][T12427] loop2: detected capacity change from 0 to 40427 [ 894.040612][T11856] usb 2-1: USB disconnect, device number 18 [ 894.048813][T12429] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.2414 (12429) [ 894.073060][T12427] F2FS-fs (loop2): invalid crc value [ 894.412844][T12427] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 894.431644][T12429] BTRFS info (device loop8): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 894.442711][T12429] BTRFS info (device loop8): using crc32c checksum algorithm [ 894.450584][T12429] BTRFS warning (device loop8): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 894.471305][T12427] F2FS-fs (loop2): Start checkpoint disabled! [ 894.509095][T12427] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 894.526920][T12427] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 894.589151][ T14] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 894.766677][T12429] BTRFS info (device loop8): rebuilding free space tree [ 894.824169][T12429] BTRFS info (device loop8): disabling free space tree [ 894.837336][T12429] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 894.847590][T12429] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 894.879464][T12429] BTRFS info (device loop8): setting nodatasum [ 894.890240][T12429] BTRFS info (device loop8): setting nodatacow [ 894.896741][T12429] BTRFS info (device loop8): enabling ssd optimizations [ 894.905396][T12429] BTRFS info (device loop8): turning on async discard [ 894.912653][T12429] BTRFS info (device loop8): enabling disk space caching [ 894.920145][T12429] BTRFS info (device loop8): force clearing of disk cache [ 894.927487][T12429] BTRFS info (device loop8): trying to use backup root at mount time [ 894.935858][T12429] BTRFS info (device loop8): max_inline set to 4096 [ 895.136152][T12450] overlayfs: failed to clone upperpath [ 895.356865][ T4865] kworker/u8:10: attempt to access beyond end of device [ 895.356865][ T4865] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 895.473982][T11856] usb 1-1: USB disconnect, device number 24 [ 895.568280][ T4865] CPU: 1 UID: 0 PID: 4865 Comm: kworker/u8:10 Tainted: G L syzkaller #0 PREEMPT(full) [ 895.568470][ T4865] Tainted: [L]=SOFTLOCKUP [ 895.568529][ T4865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 895.568646][ T4865] Workqueue: writeback wb_workfn (flush-7:2) [ 895.568845][ T4865] Call Trace: [ 895.568898][ T4865] [ 895.568953][ T4865] __dump_stack+0x26/0x30 [ 895.569132][ T4865] dump_stack_lvl+0x14c/0x1c0 [ 895.569319][ T4865] dump_stack+0x1e/0x25 [ 895.569492][ T4865] f2fs_handle_critical_error+0xa6f/0xc20 [ 895.569722][ T4865] f2fs_stop_checkpoint+0x65/0x80 [ 895.569913][ T4865] f2fs_write_end_io+0x12e6/0x2560 [ 895.570178][ T4865] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 895.570374][ T4865] bio_endio+0x1006/0x1160 [ 895.570582][ T4865] submit_bio_noacct+0x533/0x2960 [ 895.570849][ T4865] submit_bio+0x57a/0x620 [ 895.571068][ T4865] f2fs_submit_write_bio+0x115/0x350 [ 895.571259][ T4865] __submit_merged_bio+0x16f/0x780 [ 895.571435][ T4865] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 895.571660][ T4865] __submit_merged_write_cond+0x4ba/0xae0 [ 895.571872][ T4865] f2fs_write_data_pages+0x5073/0x5e10 [ 895.572160][ T4865] ? kmsan_get_metadata+0xf1/0x160 [ 895.572416][ T4865] ? kmsan_get_metadata+0xf1/0x160 [ 895.572619][ T4865] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 895.572821][ T4865] ? kmsan_get_metadata+0xf1/0x160 [ 895.573015][ T4865] ? kmsan_get_metadata+0xf1/0x160 [ 895.573226][ T4865] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 895.573435][ T4865] ? kmsan_get_metadata+0xf1/0x160 [ 895.573632][ T4865] ? kmsan_get_metadata+0xf1/0x160 [ 895.573843][ T4865] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 895.574058][ T4865] ? kmsan_get_metadata+0xf1/0x160 [ 895.574262][ T4865] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 895.574474][ T4865] ? kmsan_get_metadata+0xf1/0x160 [ 895.574678][ T4865] ? kmsan_get_metadata+0xf1/0x160 [ 895.574878][ T4865] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 895.575096][ T4865] ? kmsan_get_metadata+0xf1/0x160 [ 895.575296][ T4865] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 895.575500][ T4865] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 895.575692][ T4865] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 895.575883][ T4865] do_writepages+0x3f2/0x860 [ 895.576028][ T4865] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 895.576290][ T4865] ? writeback_sb_inodes+0x11/0x1d90 [ 895.576587][ T4865] ? kmsan_get_metadata+0xf1/0x160 [ 895.576825][ T4865] __writeback_single_inode+0xfc/0x1440 [ 895.577026][ T4865] ? kmsan_get_metadata+0xf1/0x160 [ 895.577313][ T4865] writeback_sb_inodes+0xb3b/0x1d90 [ 895.577651][ T4865] ? kmsan_get_metadata+0xf1/0x160 [ 895.577852][ T4865] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 895.578078][ T4865] wb_writeback+0x4f1/0xcd0 [ 895.578323][ T4865] ? queue_io+0x421/0x800 [ 895.578567][ T4865] wb_workfn+0x3b9/0x19b0 [ 895.578742][ T4865] ? kmsan_get_metadata+0xf1/0x160 [ 895.578993][ T4865] ? __pfx_wb_workfn+0x10/0x10 [ 895.579169][ T4865] process_scheduled_works+0xb21/0x1e30 [ 895.579424][ T4865] worker_thread+0xede/0x1580 [ 895.579644][ T4865] kthread+0x53f/0x600 [ 895.579836][ T4865] ? __pfx_worker_thread+0x10/0x10 [ 895.580022][ T4865] ? __pfx_kthread+0x10/0x10 [ 895.580213][ T4865] ret_from_fork+0x20f/0x910 [ 895.580380][ T4865] ? __switch_to+0x51c/0x750 [ 895.580579][ T4865] ? __pfx_kthread+0x10/0x10 [ 895.580777][ T4865] ret_from_fork_asm+0x1a/0x30 [ 895.581021][ T4865] [ 896.037848][ T4865] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 896.089274][T11579] BTRFS info (device loop8): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 901.022453][T12505] loop0: detected capacity change from 0 to 8 [ 901.184285][T12505] SQUASHFS error: Failed to read block 0x62: -5 [ 901.238446][T12505] squashfs image failed sanity check [ 902.231471][ T5824] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 902.245132][T12521] fuse: Bad value for 'fd' [ 902.481987][ T5824] usb 2-1: Using ep0 maxpacket: 8 [ 902.580895][ T5824] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 902.660365][ T5824] usb 2-1: config 179 has no interface number 0 [ 902.716531][ T5824] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 902.856966][ T5824] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 902.998061][ T5824] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 903.033326][T12519] loop2: detected capacity change from 0 to 32768 [ 903.153040][ T5824] usb 2-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 903.258152][ T5824] usb 2-1: config 179 interface 65 has no altsetting 0 [ 903.332393][ T5824] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 903.409835][ T5824] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 903.618818][ T5824] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input23 [ 903.811590][ T5116] input input23: unable to receive magic message: -110 [ 903.928735][ T5116] input input23: unable to receive magic message: -32 [ 904.062196][ C0] raw-gadget.0 gadget.1: ignoring, device is not running [ 904.101542][ T5116] input input23: unable to receive magic message: -32 [ 904.235054][ T5824] usb 2-1: USB disconnect, device number 19 [ 904.241519][ C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 904.241755][ C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 905.716642][ T4865] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 906.092176][T12542] bond0: entered promiscuous mode [ 906.132293][T12542] bond_slave_0: entered promiscuous mode [ 906.185522][T12542] bond_slave_1: entered promiscuous mode [ 906.314401][T12542] batadv0: entered promiscuous mode [ 906.510921][ T4865] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 906.875143][ T4865] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 907.103143][ T4865] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 907.727138][ T4865] bridge_slave_1: left allmulticast mode [ 907.739887][ T4865] bridge_slave_1: left promiscuous mode [ 907.746610][ T4865] bridge0: port 2(bridge_slave_1) entered disabled state [ 907.802904][ T4865] bridge_slave_0: left allmulticast mode [ 907.815529][ T4865] bridge_slave_0: left promiscuous mode [ 907.839270][ T4865] bridge0: port 1(bridge_slave_0) entered disabled state [ 908.618170][ T4865] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 908.643214][ T4865] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 908.674408][ T4865] bond0 (unregistering): Released all slaves [ 908.900265][ T4865] tipc: Left network mode [ 909.631142][ T9051] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 909.835423][ T9051] usb 3-1: Using ep0 maxpacket: 8 [ 909.908440][ T9051] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 909.960764][ T9051] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 910.018638][ T9051] usb 3-1: Product: syz [ 910.023065][ T9051] usb 3-1: Manufacturer: syz [ 910.119692][ T9051] usb 3-1: SerialNumber: syz [ 910.158078][ T4865] hsr_slave_0: left promiscuous mode [ 910.180973][ T9051] usb 3-1: config 0 descriptor?? [ 910.218375][ T4865] hsr_slave_1: left promiscuous mode [ 910.226609][ T4865] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 910.305049][ T4865] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 910.380524][T11856] usb 2-1: new full-speed USB device number 20 using dummy_hcd [ 910.406596][ T4865] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 910.484759][ T4865] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 910.528837][ T9051] usb 3-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 910.618191][T11856] usb 2-1: config 0 interface 0 has no altsetting 0 [ 910.625203][T11856] usb 2-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00 [ 910.720435][ T4865] veth1_macvtap: left promiscuous mode [ 910.735407][T11856] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 910.774073][ T4865] veth0_macvtap: left promiscuous mode [ 910.795236][ T4865] veth1_vlan: left promiscuous mode [ 910.809218][T11856] usb 2-1: config 0 descriptor?? [ 910.832038][ T4865] veth0_vlan: left promiscuous mode [ 911.392207][ T9051] usb write operation failed. (-71) [ 911.427512][ T9051] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 911.451578][T11856] glorious 0003:258A:0036.001C: item fetching failed at offset 0/4 [ 911.509996][ T9051] dvbdev: DVB: registering new adapter (Terratec H7) [ 911.516985][ T9051] usb 3-1: media controller created [ 911.685952][ T9051] usb read operation failed. (-71) [ 911.809298][ T9051] usb write operation failed. (-71) [ 912.023135][ T9051] dvb_usb_az6007 3-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 912.268679][ T9051] usb 3-1: USB disconnect, device number 21 [ 912.411423][T11856] glorious 0003:258A:0036.001C: probe with driver glorious failed with error -22 [ 912.489352][T11856] usb 2-1: USB disconnect, device number 20 [ 912.620274][ T49] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 912.651702][ T49] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 912.662120][ T49] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 912.683286][ T49] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 912.708515][ T49] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 914.844163][ T49] Bluetooth: hci0: command tx timeout [ 916.597587][ T4865] team0 (unregistering): Port device team_slave_1 removed [ 916.751828][ T4865] team0 (unregistering): Port device team_slave_0 removed [ 916.969412][ T49] Bluetooth: hci0: command tx timeout [ 917.111926][T12611] loop2: detected capacity change from 0 to 40427 [ 917.129420][T12611] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 917.137488][T12611] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 917.159763][T12611] F2FS-fs (loop2): invalid crc value [ 917.550371][T12611] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 917.570831][T12611] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 917.578252][T12611] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 918.999964][ T49] Bluetooth: hci0: command tx timeout [ 919.044728][T12627] fuse: Bad value for 'fd' [ 919.206412][ T4865] IPVS: stop unused estimator thread 0... [ 921.083822][ T49] Bluetooth: hci0: command tx timeout [ 921.243944][T12576] chnl_net:caif_netlink_parms(): no params data found [ 923.209354][T12681] kernel read not supported for file /file1 (pid: 12681 comm: syz.2.2482) [ 923.274037][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 923.274117][ T29] audit: type=1800 audit(1772176627.007:74): pid=12681 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2482" name="file1" dev="mqueue" ino=32720 res=0 errno=0 [ 923.912940][T12576] bridge0: port 1(bridge_slave_0) entered blocking state [ 923.942242][T12576] bridge0: port 1(bridge_slave_0) entered disabled state [ 923.993920][T12576] bridge_slave_0: entered allmulticast mode [ 924.051117][T12576] bridge_slave_0: entered promiscuous mode [ 924.172779][T12576] bridge0: port 2(bridge_slave_1) entered blocking state [ 924.199047][T12576] bridge0: port 2(bridge_slave_1) entered disabled state [ 924.206897][T12576] bridge_slave_1: entered allmulticast mode [ 924.279801][T12576] bridge_slave_1: entered promiscuous mode [ 925.150746][T12576] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 925.366781][T12576] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 926.027014][T12576] team0: Port device team_slave_0 added [ 926.122127][T12576] team0: Port device team_slave_1 added [ 926.592792][T12576] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 926.602417][ T1038] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 926.678472][T12576] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 926.818351][T12576] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 926.927083][T12576] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 926.954208][T12576] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 927.103068][T12576] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 927.134145][T12721] loop8: detected capacity change from 0 to 512 [ 927.254844][T12721] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 927.396932][T12721] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 927.561016][T12721] ext4 filesystem being mounted at /50/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 927.628363][T11856] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 927.848301][T11856] usb 3-1: Using ep0 maxpacket: 32 [ 927.883554][T11856] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 927.908554][T11856] usb 3-1: config 0 has no interface number 0 [ 927.974527][T11856] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 928.016149][T11856] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 928.063879][T11856] usb 3-1: Product: syz [ 928.097261][T11856] usb 3-1: Manufacturer: syz [ 928.110985][T11856] usb 3-1: SerialNumber: syz [ 928.130458][T11856] usb 3-1: config 0 descriptor?? [ 928.188837][T12576] hsr_slave_0: entered promiscuous mode [ 928.235152][T11579] Quota error (device loop8): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8 [ 928.276631][T11579] Quota error (device loop8): qtree_write_dquot: Error -117 occurred while creating quota [ 928.318439][T11579] EXT4-fs error (device loop8): ext4_acquire_dquot:7001: comm syz-executor: Failed to acquire dquot type 0 [ 928.363203][T12576] hsr_slave_1: entered promiscuous mode [ 928.408645][T11856] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 928.433592][T12576] debugfs: 'hsr0' already exists in 'hsr' [ 928.479794][T12576] Cannot create hsr debugfs directory [ 928.855886][ C1] usb-serial (null): qt2_process_read_urb - port change to invalid port: 128 [ 928.892999][T11856] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 928.956046][T11856] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 929.099857][ C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 929.142710][T11856] usb 3-1: USB disconnect, device number 22 [ 929.194037][T11856] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 929.311796][T11856] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 929.387340][T11856] quatech2 3-1:0.51: device disconnected [ 930.419122][ T9051] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 930.608314][ T9051] usb 3-1: Using ep0 maxpacket: 16 [ 930.642263][ T9051] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 930.712056][ T9051] usb 3-1: config 0 has no interface number 0 [ 930.787120][ T9051] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 930.797093][T12749] overlayfs: failed to clone upperpath [ 930.806068][ T9051] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 930.822406][T12750] overlayfs: failed to clone upperpath [ 930.866265][ T9051] usb 3-1: Product: syz [ 930.900688][ T9051] usb 3-1: Manufacturer: syz [ 930.905583][ T9051] usb 3-1: SerialNumber: syz [ 930.941021][ T9051] usb 3-1: config 0 descriptor?? [ 931.062754][ T9051] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 931.513673][T11579] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 931.703882][ T34] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 932.020396][ T34] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 932.083188][ T9051] gspca_spca1528: reg_w err -71 [ 932.105674][ T9051] spca1528 3-1:0.1: probe with driver spca1528 failed with error -71 [ 932.190057][ T9051] usb 3-1: USB disconnect, device number 23 [ 932.576183][ T34] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 932.818741][ T34] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 933.703507][T12576] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 933.778909][ T34] bridge_slave_1: left allmulticast mode [ 933.784811][ T34] bridge_slave_1: left promiscuous mode [ 933.809639][ T34] bridge0: port 2(bridge_slave_1) entered disabled state [ 933.834562][ T34] bridge_slave_0: left allmulticast mode [ 933.841107][ T34] bridge_slave_0: left promiscuous mode [ 933.847962][ T34] bridge0: port 1(bridge_slave_0) entered disabled state [ 935.799115][ T34] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 935.939404][ T34] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 936.059719][ T34] bond0 (unregistering): Released all slaves [ 936.179185][T12576] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 936.328803][T12576] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 936.568476][ T9968] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 936.591593][ T9968] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 936.615144][ T9968] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 936.637604][ T9968] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 936.651919][ T9968] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 936.854957][T12576] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 937.164345][ T29] audit: type=1326 audit(1772176640.897:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12786 comm="syz.2.2535" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd66f39c799 code=0x0 [ 937.414296][ T34] hsr_slave_0: left promiscuous mode [ 937.454098][ T34] hsr_slave_1: left promiscuous mode [ 937.472339][ T34] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 937.511145][ T34] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 937.544623][ T34] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 937.562931][ T34] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 937.625914][ T34] veth1_macvtap: left promiscuous mode [ 937.646221][ T34] veth0_macvtap: left promiscuous mode [ 937.652641][ T34] veth1_vlan: left promiscuous mode [ 937.660022][ T34] veth0_vlan: left promiscuous mode [ 938.554837][T12797] loop2: detected capacity change from 0 to 1024 [ 938.755371][ T9968] Bluetooth: hci2: command tx timeout [ 938.799326][T12797] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 938.953995][ T29] audit: type=1800 audit(1772176642.687:76): pid=12797 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2539" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 939.659782][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 940.839764][ T49] Bluetooth: hci2: command tx timeout [ 940.956235][ T34] team0 (unregistering): Port device team_slave_1 removed [ 941.081744][ T34] team0 (unregistering): Port device team_slave_0 removed [ 941.336397][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 941.344094][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 942.926062][ T49] Bluetooth: hci2: command tx timeout [ 943.096209][T12819] loop2: detected capacity change from 0 to 32768 [ 943.173311][T12819] read_mapping_page failed! [ 943.178230][T12819] ERROR: (device loop2): txAbort: [ 943.178230][T12819] [ 943.356642][ T110] ERROR: (device loop2): diUpdatePMap: the inode is not allocated in the working map [ 943.356642][ T110] [ 944.870937][T12576] 8021q: adding VLAN 0 to HW filter on device bond0 [ 944.989014][ T49] Bluetooth: hci2: command tx timeout [ 945.036326][T12781] chnl_net:caif_netlink_parms(): no params data found [ 945.286753][T12846] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 945.973676][T12576] 8021q: adding VLAN 0 to HW filter on device team0 [ 946.168041][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 946.175606][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 946.465853][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 946.473592][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 946.559107][T12856] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2557'. [ 948.399986][T12781] bridge0: port 1(bridge_slave_0) entered blocking state [ 948.443245][T12781] bridge0: port 1(bridge_slave_0) entered disabled state [ 948.463544][T12781] bridge_slave_0: entered allmulticast mode [ 948.506166][T12781] bridge_slave_0: entered promiscuous mode [ 948.626640][T12781] bridge0: port 2(bridge_slave_1) entered blocking state [ 948.669685][T12781] bridge0: port 2(bridge_slave_1) entered disabled state [ 948.677613][T12781] bridge_slave_1: entered allmulticast mode [ 948.726814][T12781] bridge_slave_1: entered promiscuous mode [ 949.409279][T12781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 949.587023][T12781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 950.098568][T12781] team0: Port device team_slave_0 added [ 950.193722][T12781] team0: Port device team_slave_1 added [ 950.542458][T12781] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 950.556144][T12781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 950.583051][ T5830] usb 2-1: new full-speed USB device number 21 using dummy_hcd [ 950.603874][T12781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 950.650567][T12781] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 950.658178][ T5824] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 950.684365][T12781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 950.733625][T12781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 950.818012][ T5824] usb 3-1: Using ep0 maxpacket: 8 [ 950.818321][ T5830] usb 2-1: config 0 has no interfaces? [ 950.850898][ T5830] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 950.884087][ T5830] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 950.903995][ T5824] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 950.957443][ T5824] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 950.985789][ T5830] usb 2-1: config 0 descriptor?? [ 950.989487][ T5824] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 951.052649][ T5824] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 951.118216][ T5824] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 951.132799][ T5824] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 951.488376][ T5824] usb 3-1: GET_CAPABILITIES returned 0 [ 951.507158][ T5824] usbtmc 3-1:16.0: can't read capabilities [ 951.638926][T12576] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 951.752679][T12781] hsr_slave_0: entered promiscuous mode [ 951.760512][ T5824] usb 3-1: USB disconnect, device number 24 [ 951.852483][T12781] hsr_slave_1: entered promiscuous mode [ 951.914829][T12781] debugfs: 'hsr0' already exists in 'hsr' [ 951.946374][T12781] Cannot create hsr debugfs directory [ 952.285393][ T5830] usb 2-1: USB disconnect, device number 21 [ 953.578901][T12925] loop2: detected capacity change from 0 to 512 [ 953.769924][T12925] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.2576: invalid indirect mapped block 256 (level 2) [ 953.888113][T12925] loop2: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 953.890723][T12925] EXT4-fs (loop2): Remounting filesystem read-only [ 953.900228][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 953.900333][ C1] EXT4-fs (loop2): initial error at time 1772176657: ext4_free_branches:1023: inode 11 [ 953.900505][ C1] EXT4-fs (loop2): last error at time 1772176657: ext4_free_branches:1023: inode 11 [ 954.066360][T12781] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 954.122819][T12925] EXT4-fs (loop2): 2 truncates cleaned up [ 954.163768][T12925] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 954.181438][T12781] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 954.381323][T12925] EXT4-fs (loop2): shut down requested (0) [ 954.492639][T12781] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 954.568053][T12781] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 954.744153][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 954.825347][T12781] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 954.884025][T12781] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 955.216387][T12781] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 955.308308][T12781] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 955.568967][ T5830] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 955.758445][ T5830] usb 2-1: Using ep0 maxpacket: 16 [ 955.851754][ T5830] usb 2-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 955.879575][ T5830] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 955.890372][ T5830] usb 2-1: Product: syz [ 955.895035][ T5830] usb 2-1: Manufacturer: syz [ 955.901865][ T5830] usb 2-1: SerialNumber: syz [ 955.957011][ T5830] usb 2-1: config 0 descriptor?? [ 956.039478][T12953] loop2: detected capacity change from 0 to 1024 [ 956.062097][T12953] EXT4-fs: Ignoring removed orlov option [ 956.223201][T12953] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 956.398611][T12576] veth0_vlan: entered promiscuous mode [ 956.530628][ T5830] usb 2-1: USB disconnect, device number 22 [ 956.644836][T12781] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 956.821989][T12576] veth1_vlan: entered promiscuous mode [ 956.889089][ T6539] udevd[6539]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 956.929318][T12781] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 957.035412][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 957.132399][T12781] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 957.242123][T12781] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 957.949942][T12576] veth0_macvtap: entered promiscuous mode [ 958.209874][T12576] veth1_macvtap: entered promiscuous mode [ 958.609889][ T1038] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 958.898144][T12576] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 959.042341][T12576] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 959.529554][ T8004] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 959.541691][ T8004] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 959.557129][T12978] netlink: 'syz.7.2591': attribute type 3 has an invalid length. [ 959.622439][ T8004] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 959.658466][ T12] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 960.223741][T12781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 960.477203][T12781] 8021q: adding VLAN 0 to HW filter on device team0 [ 960.683341][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state [ 960.691016][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 960.883292][ T138] bridge0: port 2(bridge_slave_1) entered blocking state [ 960.891008][ T138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 960.983830][T12994] input: syz1 as /devices/virtual/input/input24 [ 961.715192][T12998] loop2: detected capacity change from 0 to 512 [ 961.924876][T12998] EXT4-fs error (device loop2): ext4_iget_extra_inode:5025: inode #15: comm syz.2.2599: corrupted in-inode xattr: bad e_name length [ 962.067219][T12998] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 962.067921][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 962.083906][ C0] EXT4-fs (loop2): initial error at time 1772176665: ext4_iget_extra_inode:5025: inode 15 [ 962.094347][ C0] EXT4-fs (loop2): last error at time 1772176665: ext4_iget_extra_inode:5025: inode 15 [ 962.139374][T12998] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.2599: couldn't read orphan inode 15 (err -117) [ 962.197982][T12998] loop2: lost filesystem error report for type 5 error -117 [ 962.201553][T12998] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 962.754682][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 964.688067][T12781] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 965.726747][T12781] veth0_vlan: entered promiscuous mode [ 965.971065][T12781] veth1_vlan: entered promiscuous mode [ 966.634740][T12781] veth0_macvtap: entered promiscuous mode [ 966.786470][T12781] veth1_macvtap: entered promiscuous mode [ 967.223345][T12781] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 967.435766][T12781] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 967.471473][T13069] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 967.533681][T13069] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 967.596963][T13069] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 967.610906][T13069] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 967.620730][T13069] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 967.660978][T13069] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 967.674885][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 967.726017][T13069] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 967.742240][T13069] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 967.753299][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 967.764313][T13067] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 967.808108][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 967.850158][T13067] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 967.853852][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 971.393400][T13099] loop2: detected capacity change from 0 to 40427 [ 971.459841][T13099] F2FS-fs (loop2): invalid crc value [ 971.842919][T13099] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 971.853748][T13099] F2FS-fs (loop2): Start checkpoint disabled! [ 971.898964][T13099] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 971.907904][T13099] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 973.181694][T13121] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2630'. [ 973.205596][ T9968] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 973.231564][ T9968] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 973.241449][ T9968] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 973.255787][ T9968] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 973.268160][ T9968] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 975.311121][ T49] Bluetooth: hci5: command tx timeout [ 976.312302][ T12] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 976.650662][ T12] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 977.000016][ T12] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 977.157920][T13117] chnl_net:caif_netlink_parms(): no params data found [ 977.391435][ T49] Bluetooth: hci5: command tx timeout [ 977.450097][ T12] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 978.370363][T13168] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2642'. [ 978.808872][ T12] bridge_slave_1: left allmulticast mode [ 978.814774][ T12] bridge_slave_1: left promiscuous mode [ 978.878955][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 979.026307][ T12] bridge_slave_0: left allmulticast mode [ 979.063229][ T12] bridge_slave_0: left promiscuous mode [ 979.119128][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 979.470823][ T49] Bluetooth: hci5: command tx timeout [ 979.558281][T12622] usb 2-1: new full-speed USB device number 23 using dummy_hcd [ 979.800852][T12622] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 979.829931][T12622] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 979.845346][T12622] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 979.880180][T12622] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 979.949708][T12622] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 980.071573][T12622] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 980.095450][T12622] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 980.125079][T12622] usb 2-1: Product: syz [ 980.137976][T12622] usb 2-1: Manufacturer: syz [ 980.152245][T12622] usb 2-1: SerialNumber: syz [ 980.218568][T12622] usb 2-1: config 0 descriptor?? [ 980.478549][T12622] radio-si470x 2-1:0.0: DeviceID=0x6465 ChipID=0x7669 [ 980.575935][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 980.711561][T12622] radio-si470x 2-1:0.0: software version 100, hardware version 101 [ 980.891373][T13190] net_ratelimit: 2 callbacks suppressed [ 980.891458][T13190] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 980.906996][T13190] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 980.916801][T13190] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 980.920779][T12622] radio-si470x 2-1:0.0: submitting int urb failed (-90) [ 980.928658][T13190] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 980.942083][T13190] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 980.951851][T13190] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 980.961668][T13190] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 980.971452][T13190] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 980.981424][T13190] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 980.991259][T13190] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 981.333669][T12622] radio-si470x 2-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 981.372728][T12622] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -22 [ 981.442096][T12622] usb 2-1: USB disconnect, device number 23 [ 981.550627][ T49] Bluetooth: hci5: command tx timeout [ 982.930437][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 983.130138][ T12] bond0 (unregistering): Released all slaves [ 983.828314][ T12] hsr_slave_0: left promiscuous mode [ 983.877475][ T12] hsr_slave_1: left promiscuous mode [ 983.895702][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 983.927330][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 984.007338][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 984.037905][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 984.173840][ T12] veth1_macvtap: left promiscuous mode [ 984.205475][ T12] veth0_macvtap: left promiscuous mode [ 984.223818][ T12] veth1_vlan: left promiscuous mode [ 984.248405][ T12] veth0_vlan: left promiscuous mode [ 984.391177][T13208] gfs2: gfs2 mount does not exist [ 985.326807][T13222] fuse: Bad value for 'fd' [ 985.747067][T13224] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2660'. [ 986.140409][T13226] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 986.246089][ T12] team0 (unregistering): Port device team_slave_1 removed [ 986.279207][ T12] team0 (unregistering): Port device team_slave_0 removed [ 986.881112][ T138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 986.915705][ T138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 987.116704][T13228] net_ratelimit: 1417 callbacks suppressed [ 987.116791][T13228] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 987.736806][T13117] bridge0: port 1(bridge_slave_0) entered blocking state [ 987.756754][T13117] bridge0: port 1(bridge_slave_0) entered disabled state [ 987.783558][T13117] bridge_slave_0: entered allmulticast mode [ 987.804280][T13117] bridge_slave_0: entered promiscuous mode [ 987.878615][ T1038] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 987.886678][ T1038] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 987.888355][T13117] bridge0: port 2(bridge_slave_1) entered blocking state [ 987.943528][T13117] bridge0: port 2(bridge_slave_1) entered disabled state [ 988.014867][T13117] bridge_slave_1: entered allmulticast mode [ 988.073157][T13117] bridge_slave_1: entered promiscuous mode [ 988.427482][T13117] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 988.505570][T13117] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 988.883646][T13117] team0: Port device team_slave_0 added [ 988.994946][T13117] team0: Port device team_slave_1 added [ 989.571101][T13117] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 989.648864][T13117] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 989.773600][T13117] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 989.816890][T13117] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 989.918453][T13117] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 990.044899][T13117] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 990.301960][T13258] pim6reg: entered allmulticast mode [ 990.371132][T13262] pim6reg: left allmulticast mode [ 990.597974][ T34] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 991.073195][T13117] hsr_slave_0: entered promiscuous mode [ 991.154853][T13117] hsr_slave_1: entered promiscuous mode [ 991.203824][T13117] debugfs: 'hsr0' already exists in 'hsr' [ 991.238083][T13117] Cannot create hsr debugfs directory [ 994.508925][T13304] netlink: 277 bytes leftover after parsing attributes in process `syz.7.2688'. [ 995.488156][ T5828] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 995.698480][ T5828] usb 3-1: Using ep0 maxpacket: 8 [ 995.765705][ T5828] usb 3-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 995.807099][ T5828] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=239 [ 995.830561][ T5828] usb 3-1: Product: syz [ 995.834980][ T5828] usb 3-1: Manufacturer: syz [ 995.881687][ T5828] usb 3-1: SerialNumber: syz [ 995.927523][ T5828] usb 3-1: config 0 descriptor?? [ 996.006919][ T5828] gspca_main: sq905-2.14.0 probing 2770:9120 [ 996.389097][T13117] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 996.504006][T13117] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 996.660273][T13117] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 996.834392][T13117] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 997.120439][ T5828] gspca_sq905: sq905_read_data: usb_control_msg failed (-71) [ 997.168431][ T5828] sq905 3-1:0.0: probe with driver sq905 failed with error -71 [ 997.252039][ T5828] usb 3-1: USB disconnect, device number 25 [ 1000.210383][T13337] loop2: detected capacity change from 0 to 40427 [ 1000.344346][T13117] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1000.389344][T13337] F2FS-fs (loop2): invalid crc value [ 1000.781033][T13337] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 1000.828272][T13337] F2FS-fs (loop2): Start checkpoint disabled! [ 1000.861907][T13337] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 1000.892953][T13337] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 1001.125951][T13117] 8021q: adding VLAN 0 to HW filter on device team0 [ 1001.452488][ T8004] bridge0: port 1(bridge_slave_0) entered blocking state [ 1001.460252][ T8004] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1001.502271][ T34] kworker/u8:2: attempt to access beyond end of device [ 1001.502271][ T34] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 1001.537718][ T34] CPU: 0 UID: 0 PID: 34 Comm: kworker/u8:2 Tainted: G L syzkaller #0 PREEMPT(full) [ 1001.537905][ T34] Tainted: [L]=SOFTLOCKUP [ 1001.537964][ T34] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1001.538080][ T34] Workqueue: writeback wb_workfn (flush-7:2) [ 1001.538276][ T34] Call Trace: [ 1001.538330][ T34] [ 1001.538385][ T34] __dump_stack+0x26/0x30 [ 1001.538558][ T34] dump_stack_lvl+0x14c/0x1c0 [ 1001.538738][ T34] dump_stack+0x1e/0x25 [ 1001.538896][ T34] f2fs_handle_critical_error+0xa6f/0xc20 [ 1001.539121][ T34] f2fs_stop_checkpoint+0x65/0x80 [ 1001.539313][ T34] f2fs_write_end_io+0x12e6/0x2560 [ 1001.539588][ T34] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 1001.539779][ T34] bio_endio+0x1006/0x1160 [ 1001.539987][ T34] submit_bio_noacct+0x533/0x2960 [ 1001.540256][ T34] submit_bio+0x57a/0x620 [ 1001.540469][ T34] f2fs_submit_write_bio+0x115/0x350 [ 1001.540663][ T34] __submit_merged_bio+0x16f/0x780 [ 1001.540841][ T34] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1001.541066][ T34] __submit_merged_write_cond+0x924/0xae0 [ 1001.541233][ T34] ? filemap_get_folios_tag+0xb69/0xce0 [ 1001.541477][ T34] f2fs_submit_merged_write+0x2e/0x40 [ 1001.541643][ T34] f2fs_sync_node_pages+0x1fd7/0x20c0 [ 1001.541801][ T34] ? __ocfs2_dx_dir_new_cluster+0x10/0xf80 [ 1001.541963][ T34] ? kmsan_get_metadata+0xf1/0x160 [ 1001.542271][ T34] f2fs_write_node_pages+0x3ca/0xc30 [ 1001.542431][ T34] ? kmsan_get_metadata+0xf1/0x160 [ 1001.542622][ T34] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1001.542840][ T34] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1001.543050][ T34] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 1001.543215][ T34] do_writepages+0x3f2/0x860 [ 1001.543368][ T34] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1001.543580][ T34] ? writeback_sb_inodes+0x11/0x1d90 [ 1001.543766][ T34] ? kmsan_get_metadata+0xf1/0x160 [ 1001.543995][ T34] __writeback_single_inode+0xfc/0x1440 [ 1001.544192][ T34] ? kmsan_get_metadata+0xf1/0x160 [ 1001.544410][ T34] writeback_sb_inodes+0xb3b/0x1d90 [ 1001.544728][ T34] ? kmsan_get_metadata+0xf1/0x160 [ 1001.544926][ T34] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1001.545145][ T34] wb_writeback+0x4f1/0xcd0 [ 1001.545367][ T34] ? queue_io+0x421/0x800 [ 1001.545556][ T34] wb_workfn+0x3b9/0x19b0 [ 1001.545711][ T34] ? kmsan_get_metadata+0xf1/0x160 [ 1001.545939][ T34] ? __pfx_wb_workfn+0x10/0x10 [ 1001.546100][ T34] process_scheduled_works+0xb21/0x1e30 [ 1001.546347][ T34] worker_thread+0xede/0x1580 [ 1001.546559][ T34] kthread+0x53f/0x600 [ 1001.546749][ T34] ? __pfx_worker_thread+0x10/0x10 [ 1001.546934][ T34] ? __pfx_kthread+0x10/0x10 [ 1001.547113][ T34] ret_from_fork+0x20f/0x910 [ 1001.547266][ T34] ? __switch_to+0x51c/0x750 [ 1001.547468][ T34] ? __pfx_kthread+0x10/0x10 [ 1001.547654][ T34] ret_from_fork_asm+0x1a/0x30 [ 1001.547872][ T34] [ 1001.874888][ T8004] bridge0: port 2(bridge_slave_1) entered blocking state [ 1001.882651][ T8004] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1001.942338][ T34] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 1001.952412][ T34] CPU: 0 UID: 0 PID: 34 Comm: kworker/u8:2 Tainted: G L syzkaller #0 PREEMPT(full) [ 1001.952603][ T34] Tainted: [L]=SOFTLOCKUP [ 1001.952659][ T34] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1001.952778][ T34] Workqueue: writeback wb_workfn (flush-7:2) [ 1001.952975][ T34] Call Trace: [ 1001.953038][ T34] [ 1001.953092][ T34] __dump_stack+0x26/0x30 [ 1001.953269][ T34] dump_stack_lvl+0x14c/0x1c0 [ 1001.953450][ T34] dump_stack+0x1e/0x25 [ 1001.953612][ T34] f2fs_handle_critical_error+0xa6f/0xc20 [ 1001.953837][ T34] f2fs_stop_checkpoint+0x65/0x80 [ 1001.954034][ T34] f2fs_write_end_io+0x12e6/0x2560 [ 1001.954298][ T34] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 1001.954492][ T34] bio_endio+0x1006/0x1160 [ 1001.954702][ T34] submit_bio_noacct+0x533/0x2960 [ 1001.954966][ T34] submit_bio+0x57a/0x620 [ 1001.955189][ T34] f2fs_submit_write_bio+0x115/0x350 [ 1001.955384][ T34] __submit_merged_bio+0x16f/0x780 [ 1001.955566][ T34] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1001.955792][ T34] __submit_merged_write_cond+0x924/0xae0 [ 1001.955957][ T34] ? filemap_get_folios_tag+0xb69/0xce0 [ 1001.956204][ T34] f2fs_submit_merged_write+0x2e/0x40 [ 1001.956376][ T34] f2fs_sync_node_pages+0x1fd7/0x20c0 [ 1001.956532][ T34] ? __ocfs2_dx_dir_new_cluster+0x10/0xf80 [ 1001.956701][ T34] ? kmsan_get_metadata+0xf1/0x160 [ 1001.956998][ T34] f2fs_write_node_pages+0x3ca/0xc30 [ 1001.957227][ T34] ? kmsan_get_metadata+0xf1/0x160 [ 1001.957432][ T34] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1001.957650][ T34] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1001.957858][ T34] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 1001.958012][ T34] do_writepages+0x3f2/0x860 [ 1001.958159][ T34] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1001.958378][ T34] ? writeback_sb_inodes+0x11/0x1d90 [ 1001.958568][ T34] ? kmsan_get_metadata+0xf1/0x160 [ 1001.958803][ T34] __writeback_single_inode+0xfc/0x1440 [ 1001.959005][ T34] ? kmsan_get_metadata+0xf1/0x160 [ 1001.959235][ T34] writeback_sb_inodes+0xb3b/0x1d90 [ 1001.959559][ T34] ? kmsan_get_metadata+0xf1/0x160 [ 1001.959766][ T34] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1001.959998][ T34] wb_writeback+0x4f1/0xcd0 [ 1001.960220][ T34] ? queue_io+0x421/0x800 [ 1001.960405][ T34] wb_workfn+0x3b9/0x19b0 [ 1001.960567][ T34] ? kmsan_get_metadata+0xf1/0x160 [ 1001.960801][ T34] ? __pfx_wb_workfn+0x10/0x10 [ 1001.960958][ T34] process_scheduled_works+0xb21/0x1e30 [ 1001.961215][ T34] worker_thread+0xede/0x1580 [ 1001.961428][ T34] kthread+0x53f/0x600 [ 1001.961621][ T34] ? __pfx_worker_thread+0x10/0x10 [ 1001.961807][ T34] ? __pfx_kthread+0x10/0x10 [ 1001.961991][ T34] ret_from_fork+0x20f/0x910 [ 1001.962165][ T34] ? __switch_to+0x51c/0x750 [ 1001.962366][ T34] ? __pfx_kthread+0x10/0x10 [ 1001.962560][ T34] ret_from_fork_asm+0x1a/0x30 [ 1001.962783][ T34] [ 1002.361063][ T34] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 1002.773155][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 1002.780354][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 1002.866416][T13363] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2707'. [ 1006.243724][T13117] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1007.008571][ T9051] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 1007.253297][ T9051] usb 2-1: Using ep0 maxpacket: 8 [ 1007.300615][ T9051] usb 2-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 1007.361725][ T9051] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1007.436714][ T9051] usb 2-1: Product: syz [ 1007.467570][ T9051] usb 2-1: Manufacturer: syz [ 1007.505624][ T9051] usb 2-1: SerialNumber: syz [ 1007.559938][ T9051] usb 2-1: config 0 descriptor?? [ 1007.661892][ T9051] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 1008.527496][T13431] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2724'. [ 1008.579654][T13431] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2724'. [ 1008.795356][T11856] usb 2-1: USB disconnect, device number 24 [ 1008.820289][T13431] geneve2: entered promiscuous mode [ 1008.825779][T13431] geneve2: entered allmulticast mode [ 1010.450679][T13117] veth0_vlan: entered promiscuous mode [ 1010.702416][T13117] veth1_vlan: entered promiscuous mode [ 1010.916946][T13454] loop2: detected capacity change from 0 to 2048 [ 1011.090496][T13454] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1011.186238][ T29] audit: type=1800 audit(1772176714.917:77): pid=13454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2731" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 1011.540306][T13117] veth0_macvtap: entered promiscuous mode [ 1011.664933][T13117] veth1_macvtap: entered promiscuous mode [ 1011.863861][ T126] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1315: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1011.982930][ T126] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 192 with error 28 [ 1012.082086][ T126] EXT4-fs (loop2): This should not happen!! Data will be lost [ 1012.082086][ T126] [ 1012.101809][T13468] loop3: detected capacity change from 0 to 2048 [ 1012.126594][ T126] EXT4-fs (loop2): Total free blocks count 0 [ 1012.161107][ T126] EXT4-fs (loop2): Free/Dirty block details [ 1012.174103][T13117] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1012.183123][ T126] EXT4-fs (loop2): free_blocks=2415919104 [ 1012.226774][ T126] EXT4-fs (loop2): dirty_blocks=192 [ 1012.310432][ T126] EXT4-fs (loop2): Block reservation details [ 1012.386450][ T126] EXT4-fs (loop2): i_reserved_data_blocks=12 [ 1012.451606][T13468] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1012.502934][T13117] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1012.597421][T13468] gfs2: gfs2 mount does not exist [ 1012.655220][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1012.800071][ T57] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1012.859617][ T57] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1012.937328][ T57] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1013.033419][ T57] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1014.788349][ T9051] usb 3-1: new full-speed USB device number 26 using dummy_hcd [ 1015.981568][ T9051] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1016.009307][ T9051] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1016.397639][ T9051] usb 3-1: config 0 descriptor?? [ 1016.714181][ T9051] udl 3-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 1017.042814][ T9051] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2 [ 1017.137944][ T9051] [drm] Initialized udl on minor 2 [ 1017.399029][ T9051] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 1 failed err ffffffb9 [ 1017.461132][ T9051] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 1017.572729][ T5824] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1017.611754][ T5824] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 1017.642071][ T9051] usb 3-1: USB disconnect, device number 26 [ 1018.467348][T13531] netlink: 'syz.3.2752': attribute type 29 has an invalid length. [ 1018.554850][T13532] netlink: 'syz.3.2752': attribute type 29 has an invalid length. [ 1018.605435][T13531] netlink: 500 bytes leftover after parsing attributes in process `syz.3.2752'. [ 1018.655387][T13531] unsupported nla_type 58 [ 1018.767562][T13537] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2754'. [ 1021.468197][ T9051] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 1021.680397][ T9051] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1021.734601][ T9051] usb 3-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x77, changing to 0x7 [ 1021.798130][ T9051] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 7 [ 1021.924631][ T9051] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1021.988030][ T9051] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1022.007600][T13581] SQUASHFS error: Failed to read block 0x0: -5 [ 1022.030218][ T9051] usb 3-1: Product: syz [ 1022.034835][ T9051] usb 3-1: Manufacturer: syz [ 1022.078862][ T9051] usb 3-1: SerialNumber: syz [ 1023.121958][T13594] vxcan1: tx drop: invalid sa for name 0x0000000000000001 [ 1023.308021][ T9051] cdc_ncm 3-1:1.0: bind() failure [ 1023.454876][ T9051] usbtest 3-1:1.1: probe with driver usbtest failed with error -71 [ 1023.536706][ T9051] usb 3-1: USB disconnect, device number 27 [ 1024.689446][T13608] vxcan0: tx address claim with different name [ 1025.036438][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1025.117615][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1025.538407][T13510] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1025.621047][T13510] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1027.960011][T13646] loop9: detected capacity change from 0 to 256 [ 1028.610350][T13646] FAT-fs (loop9): Directory bread(block 64) failed [ 1028.658770][T13646] FAT-fs (loop9): Directory bread(block 65) failed [ 1028.665784][T13646] FAT-fs (loop9): Directory bread(block 66) failed [ 1028.775798][T13646] FAT-fs (loop9): Directory bread(block 67) failed [ 1028.855870][T13646] FAT-fs (loop9): Directory bread(block 68) failed [ 1028.894754][T13646] FAT-fs (loop9): Directory bread(block 69) failed [ 1028.935359][T13646] FAT-fs (loop9): Directory bread(block 70) failed [ 1029.008275][T13646] FAT-fs (loop9): Directory bread(block 71) failed [ 1029.043334][T13646] FAT-fs (loop9): Directory bread(block 72) failed [ 1029.078498][T13646] FAT-fs (loop9): Directory bread(block 73) failed [ 1029.901410][T13664] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1029.965584][T13664] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1030.029067][T13664] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1030.039928][T13666] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1030.091698][T13666] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1030.493367][T13666] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1030.560040][T13666] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1030.678970][T13666] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1030.689514][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1030.748301][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1033.042381][ T5824] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 1033.288225][ T5824] usb 4-1: config 0 has an invalid interface number: 249 but max is 0 [ 1033.296709][ T5824] usb 4-1: config 0 has no interface number 0 [ 1033.359260][ T5824] usb 4-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=be.87 [ 1033.403412][ T5824] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1033.476500][ T5824] usb 4-1: config 0 descriptor?? [ 1033.543540][ T5824] port100 4-1:0.249: NFC: Could not find bulk-in or bulk-out endpoint [ 1034.119413][T13674] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1034.186159][T13674] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1034.275500][ T5824] usb 4-1: USB disconnect, device number 2 [ 1036.361990][T13716] overlayfs: statfs failed on './file0' [ 1038.826128][T13726] loop3: detected capacity change from 0 to 4096 [ 1038.945187][T13726] EXT4-fs: Ignoring removed mblk_io_submit option [ 1039.033017][T13726] EXT4-fs (loop3): Test dummy encryption mode enabled [ 1039.232909][T13726] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1040.722629][T13749] loop2: detected capacity change from 0 to 32768 [ 1040.734807][T13749] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.2823 (13749) [ 1040.809697][T13749] BTRFS info (device loop2): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 1040.827522][T13749] BTRFS info (device loop2): using crc32c checksum algorithm [ 1040.835520][T13749] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 1040.945671][T12781] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1041.095414][T13749] BTRFS info (device loop2): rebuilding free space tree [ 1041.144837][T13749] BTRFS info (device loop2): disabling free space tree [ 1041.153699][T13749] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1041.163921][T13749] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1041.307245][T13749] BTRFS info (device loop2): enabling ssd optimizations [ 1041.318431][T13749] BTRFS info (device loop2): turning on async discard [ 1041.325469][T13749] BTRFS info (device loop2): enabling disk space caching [ 1041.334333][T13749] BTRFS info (device loop2): force clearing of disk cache [ 1041.341906][T13749] BTRFS info (device loop2): use zstd compression, level 3 [ 1042.575569][T13771] loop3: detected capacity change from 0 to 32768 [ 1042.588366][T13771] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2826 (13771) [ 1042.701368][T13771] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1042.711981][T13771] BTRFS info (device loop3): using sha256 checksum algorithm [ 1042.822916][ T5779] BTRFS info (device loop2): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 1043.020232][T13771] BTRFS info (device loop3): enabling ssd optimizations [ 1043.030663][T13771] BTRFS info (device loop3): turning on async discard [ 1043.037855][T13771] BTRFS info (device loop3): enabling free space tree [ 1044.538391][T12781] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1047.680676][T13842] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2847'. [ 1052.205824][T13894] loop2: detected capacity change from 0 to 512 [ 1052.539280][T13894] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 1052.655372][T13894] ext4 filesystem being mounted at /565/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 1052.970515][T13905] Quota error (device loop2): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8 [ 1053.044310][T13905] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 1053.155113][T13905] EXT4-fs error (device loop2): ext4_acquire_dquot:7001: comm syz.2.2866: Failed to acquire dquot type 0 [ 1054.578372][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 1055.898709][T13921] loop3: detected capacity change from 0 to 32768 [ 1056.068737][T13921] [ 1056.068737][T13921] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1056.068737][T13921] [ 1056.140616][T13921] ERROR: (device loop3): diWrite: ixpxd invalid [ 1056.140616][T13921] [ 1056.154579][T13921] ERROR: (device loop3): remounting filesystem as read-only [ 1056.169117][T13921] ERROR: (device loop3): txAbort: [ 1056.169117][T13921] [ 1057.413609][T13930] loop9: detected capacity change from 0 to 40427 [ 1057.549457][T13930] F2FS-fs (loop9): invalid crc value [ 1057.966751][T13930] F2FS-fs (loop9): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 1057.991626][T13930] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5 [ 1058.288685][T13117] syz-executor: attempt to access beyond end of device [ 1058.288685][T13117] loop9: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 1058.391806][T13117] CPU: 1 UID: 0 PID: 13117 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 1058.392006][T13117] Tainted: [L]=SOFTLOCKUP [ 1058.392064][T13117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1058.392153][T13117] Call Trace: [ 1058.392206][T13117] [ 1058.392258][T13117] __dump_stack+0x26/0x30 [ 1058.392442][T13117] dump_stack_lvl+0x14c/0x1c0 [ 1058.392630][T13117] dump_stack+0x1e/0x25 [ 1058.392796][T13117] f2fs_handle_critical_error+0xa6f/0xc20 [ 1058.393026][T13117] f2fs_stop_checkpoint+0x65/0x80 [ 1058.393220][T13117] f2fs_write_end_io+0x12e6/0x2560 [ 1058.393474][T13117] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 1058.393665][T13117] bio_endio+0x1006/0x1160 [ 1058.393874][T13117] submit_bio_noacct+0x533/0x2960 [ 1058.394142][T13117] submit_bio+0x57a/0x620 [ 1058.394354][T13117] f2fs_submit_write_bio+0x115/0x350 [ 1058.394537][T13117] __submit_merged_bio+0x16f/0x780 [ 1058.394713][T13117] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1058.394928][T13117] __submit_merged_write_cond+0x4ba/0xae0 [ 1058.395205][T13117] f2fs_write_data_pages+0x5073/0x5e10 [ 1058.395550][T13117] ? kmsan_get_metadata+0xf1/0x160 [ 1058.395761][T13117] ? folio_batch_move_lru+0x6a2/0x6d0 [ 1058.395973][T13117] ? __msan_warning+0x1b/0x30 [ 1058.396148][T13117] ? filter_irq_stacks+0x13f/0x190 [ 1058.396356][T13117] ? stack_depot_save_flags+0x35/0x790 [ 1058.396574][T13117] ? kmsan_get_metadata+0xf1/0x160 [ 1058.396793][T13117] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 1058.397002][T13117] ? kmsan_get_metadata+0xf1/0x160 [ 1058.397202][T13117] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1058.397409][T13117] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 1058.397604][T13117] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 1058.397784][T13117] do_writepages+0x3f2/0x860 [ 1058.397931][T13117] ? _raw_spin_unlock+0x30/0x50 [ 1058.398116][T13117] ? wbc_attach_and_unlock_inode+0x131/0x660 [ 1058.398316][T13117] filemap_fdatawrite+0x207/0x260 [ 1058.398571][T13117] f2fs_sync_dirty_inodes+0x2aa/0xaa0 [ 1058.398805][T13117] f2fs_write_checkpoint+0x10e1/0x3d20 [ 1058.399180][T13117] kill_f2fs_super+0x320/0x990 [ 1058.399438][T13117] ? __pfx_kill_f2fs_super+0x10/0x10 [ 1058.399638][T13117] deactivate_locked_super+0xcb/0x3c0 [ 1058.399834][T13117] deactivate_super+0x12f/0x140 [ 1058.400007][T13117] cleanup_mnt+0x7eb/0x870 [ 1058.400182][T13117] ? __pfx___cleanup_mnt+0x10/0x10 [ 1058.400343][T13117] __cleanup_mnt+0x22/0x30 [ 1058.400501][T13117] task_work_run+0x208/0x2b0 [ 1058.400720][T13117] exit_to_user_mode_loop+0x306/0x1b60 [ 1058.400937][T13117] ? user_path_at+0x1fc/0x330 [ 1058.401125][T13117] ? __x64_sys_umount+0x1dc/0x250 [ 1058.401333][T13117] do_syscall_64+0x24d/0xf80 [ 1058.401540][T13117] ? clear_bhb_loop+0x50/0xa0 [ 1058.401707][T13117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1058.401867][T13117] RIP: 0033:0x7f894259d9d7 [ 1058.401992][T13117] Code: a2 c7 05 1c ed 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 1058.402124][T13117] RSP: 002b:00007ffdf7d325d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1058.402266][T13117] RAX: 0000000000000000 RBX: 00007f8942631f90 RCX: 00007f894259d9d7 [ 1058.402366][T13117] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdf7d32690 [ 1058.402460][T13117] RBP: 00007ffdf7d32690 R08: 00007ffdf7d33690 R09: 00000000ffffffff [ 1058.402569][T13117] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdf7d33720 [ 1058.402667][T13117] R13: 00007f8942631f90 R14: 0000000000102551 R15: 00007ffdf7d33760 [ 1058.402811][T13117] [ 1059.497527][T13117] F2FS-fs (loop9): Stopped filesystem due to reason: 3 [ 1059.661298][T13954] random: crng reseeded on system resumption [ 1061.390765][ T9968] Bluetooth: hci2: command 0x0406 tx timeout [ 1064.241014][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 1064.249933][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 1065.387190][T13997] net_ratelimit: 1 callbacks suppressed [ 1065.387277][T13997] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1065.403536][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1066.755475][T14007] loop3: detected capacity change from 0 to 4096 [ 1067.209310][ T5830] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 1067.464973][ T5830] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1067.512274][T14007] ntfs3(loop3): ino=5, "/" mi_enum_attr [ 1067.545652][ T5830] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1067.563512][T14007] ntfs3(loop3): ino=5, "/" ntfs_readdir [ 1067.612265][ T5830] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1067.698238][ T5830] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1067.813905][ T5830] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1067.858664][ T5830] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1067.896667][ T5830] usb 3-1: Manufacturer: syz [ 1068.060040][ T5830] usb 3-1: config 0 descriptor?? [ 1068.211010][T14026] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2910'. [ 1068.597032][ T5830] appleir 0003:05AC:8243.001D: unknown main item tag 0x0 [ 1068.770698][ T5830] appleir 0003:05AC:8243.001D: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 1068.910609][ T5824] usb 3-1: USB disconnect, device number 28 [ 1070.532138][T14040] fido_id[14040]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 1072.502859][T14074] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1073.358825][T14085] loop2: detected capacity change from 0 to 256 [ 1073.423621][T14085] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 1073.632931][T14085] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1074.563269][T14099] loop3: detected capacity change from 0 to 512 [ 1074.677015][T14099] EXT4-fs (loop3): Test dummy encryption mode enabled [ 1074.820895][T14099] EXT4-fs (loop3): 1 truncate cleaned up [ 1074.909376][T14099] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1075.435169][T14099] EXT4-fs error (device loop3): __ext4_remount:6804: comm syz.3.2937: Abort forced by user [ 1075.491918][T14099] EXT4-fs (loop3): Remounting filesystem read-only [ 1075.548326][T14099] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. [ 1076.039972][T12781] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1077.021953][T14130] loop9: detected capacity change from 0 to 256 [ 1078.351573][T14151] loop2: detected capacity change from 0 to 64 [ 1078.505484][T14150] loop9: detected capacity change from 0 to 736 [ 1080.428758][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1080.438141][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1080.684007][T14162] loop2: detected capacity change from 0 to 4096 [ 1080.929358][T14174] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1083.748548][ T57] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1084.043554][ T57] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1084.432169][ T57] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1084.699201][ T57] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1084.922281][T14217] loop9: detected capacity change from 0 to 4096 [ 1085.098458][T14220] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1085.214130][T14217] NILFS (loop9): error -2 reading inode: ino=35184372089024 [ 1085.500020][ T57] bridge_slave_1: left allmulticast mode [ 1085.505930][ T57] bridge_slave_1: left promiscuous mode [ 1085.579217][ T57] bridge0: port 2(bridge_slave_1) entered disabled state [ 1085.669092][ T57] bridge_slave_0: left allmulticast mode [ 1085.674996][ T57] bridge_slave_0: left promiscuous mode [ 1085.711051][ T57] bridge0: port 1(bridge_slave_0) entered disabled state [ 1086.945891][ T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1087.027965][ T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1087.080292][ T57] bond0 (unregistering): Released all slaves [ 1088.688652][ T57] hsr_slave_0: left promiscuous mode [ 1088.741066][ T57] hsr_slave_1: left promiscuous mode [ 1088.797079][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1088.872009][ T57] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1088.973332][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1089.023501][ T57] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1089.108294][ T9968] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1089.133551][ T9968] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1089.158306][ T9968] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1089.190205][ T9968] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1089.205932][ T9968] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1089.360257][ T57] veth1_macvtap: left promiscuous mode [ 1089.398367][ T57] veth0_macvtap: left promiscuous mode [ 1089.404357][ T57] veth1_vlan: left promiscuous mode [ 1089.463081][ T57] veth0_vlan: left promiscuous mode [ 1091.320943][ T9968] Bluetooth: hci0: command tx timeout [ 1092.270181][ T57] team0 (unregistering): Port device team_slave_1 removed [ 1092.378135][T14282] loop2: detected capacity change from 0 to 1024 [ 1092.461832][ T57] team0 (unregistering): Port device team_slave_0 removed [ 1093.388030][ T9968] Bluetooth: hci0: command tx timeout [ 1094.315972][T14298] loop2: detected capacity change from 0 to 128 [ 1094.324246][T14294] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3002'. [ 1094.422248][T14298] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 1094.570718][T14298] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 1095.468349][ T49] Bluetooth: hci0: command tx timeout [ 1095.599013][T14307] loop2: detected capacity change from 0 to 24 [ 1095.705467][T14307] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 1096.974706][T14250] chnl_net:caif_netlink_parms(): no params data found [ 1096.987997][ T49] Bluetooth: hci5: command 0x0406 tx timeout [ 1097.548035][ T9968] Bluetooth: hci0: command tx timeout [ 1099.849980][T14250] bridge0: port 1(bridge_slave_0) entered blocking state [ 1099.896954][T14250] bridge0: port 1(bridge_slave_0) entered disabled state [ 1099.926526][T14250] bridge_slave_0: entered allmulticast mode [ 1099.970394][T14250] bridge_slave_0: entered promiscuous mode [ 1100.068039][T14250] bridge0: port 2(bridge_slave_1) entered blocking state [ 1100.115293][T14250] bridge0: port 2(bridge_slave_1) entered disabled state [ 1100.138810][T14250] bridge_slave_1: entered allmulticast mode [ 1100.162492][T14250] bridge_slave_1: entered promiscuous mode [ 1100.695808][T14250] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1100.860416][T14250] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1101.515216][T14250] team0: Port device team_slave_0 added [ 1101.625714][T14250] team0: Port device team_slave_1 added [ 1102.480471][T14376] loop9: detected capacity change from 0 to 32768 [ 1102.499804][T14376] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.3030 (14376) [ 1102.591673][T14376] BTRFS info (device loop9): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 1102.602269][T14376] BTRFS info (device loop9): using blake2b checksum algorithm [ 1102.916212][T14376] BTRFS info (device loop9): enabling ssd optimizations [ 1102.923697][T14376] BTRFS info (device loop9): turning on async discard [ 1102.931038][T14376] BTRFS info (device loop9): enabling free space tree [ 1102.938172][T14376] BTRFS info (device loop9): use zstd compression, level 3 [ 1103.354427][T14250] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1103.402821][T14250] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1103.438435][T13117] BTRFS info (device loop9): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 1103.517820][T14250] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1103.633267][T14250] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1103.692961][T14250] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1103.834502][T14250] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1103.972755][T14404] loop2: detected capacity change from 0 to 128 [ 1104.060875][T14404] EXT4-fs: Ignoring removed nobh option [ 1104.129285][T14408] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3037'. [ 1104.219576][T14404] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1104.329357][T14404] ext4 filesystem being mounted at /600/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1104.944736][T14250] hsr_slave_0: entered promiscuous mode [ 1104.996183][ T5779] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1105.023307][T14250] hsr_slave_1: entered promiscuous mode [ 1105.092061][T14250] debugfs: 'hsr0' already exists in 'hsr' [ 1105.124930][T14250] Cannot create hsr debugfs directory [ 1106.527474][T14434] netlink: 27 bytes leftover after parsing attributes in process `syz.7.3043'. [ 1107.234504][T14430] loop9: detected capacity change from 0 to 4096 [ 1107.336848][T14430] ntfs3(loop9): Different NTFS sector size (1024) and media sector size (512). [ 1107.993556][T14430] ntfs3(loop9): Mark volume as dirty due to NTFS errors [ 1108.103990][T14430] ntfs3(loop9): Failed to load $Extend (-22). [ 1108.208098][T14430] ntfs3(loop9): Failed to initialize $Extend. [ 1108.312867][T14430] ntfs3(loop9): ino=0, attr_set_size_ex [ 1108.410607][T14430] ntfs3(loop9): ino=0, attr_set_size_ex [ 1108.444451][T14430] ntfs3(loop9): ino=0, attr_set_size_ex [ 1108.496657][T14445] ntfs3(loop9): no free space to extend mft [ 1111.753643][T14461] loop2: detected capacity change from 0 to 32768 [ 1111.781167][T14461] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.3053 (14461) [ 1111.825398][T14461] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1111.835995][T14461] BTRFS info (device loop2): using crc32c checksum algorithm [ 1112.130484][T14461] BTRFS info (device loop2): setting nodatasum [ 1112.140058][T14461] BTRFS info (device loop2): setting nodatacow [ 1112.148110][T14461] BTRFS info (device loop2): turning on async discard [ 1112.157988][T14461] BTRFS info (device loop2): enabling free space tree [ 1112.169235][T14461] BTRFS info (device loop2): enabling auto defrag [ 1112.185448][T14461] BTRFS info (device loop2): max_inline set to 0 [ 1112.430803][ T29] audit: type=1800 audit(1772176816.157:78): pid=14461 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3053" name="file1" dev="loop2" ino=260 res=0 errno=0 [ 1113.038904][ T5779] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1113.280662][T14250] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1113.466233][T14250] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1113.703412][T14250] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1113.930119][T14250] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1114.091051][T11856] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0 [ 1114.205021][T11856] hid-generic 0000:0000:0000.001E: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1114.991328][T14505] loop9: detected capacity change from 0 to 1024 [ 1115.067400][T14505] EXT4-fs: Ignoring removed orlov option [ 1115.335954][T14505] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1115.414641][T14503] fido_id[14503]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1116.353253][T13117] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1116.774856][T14250] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1117.162090][T14250] 8021q: adding VLAN 0 to HW filter on device team0 [ 1117.205909][T14525] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1117.414491][T11856] usb 10-1: new full-speed USB device number 2 using dummy_hcd [ 1117.426866][ T126] bridge0: port 1(bridge_slave_0) entered blocking state [ 1117.434517][ T126] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1117.639921][T11856] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1117.652246][ T126] bridge0: port 2(bridge_slave_1) entered blocking state [ 1117.659822][ T126] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1117.764136][T11856] usb 10-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 1117.813538][T11856] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1117.863919][T11856] usb 10-1: Product: syz [ 1117.905157][T11856] usb 10-1: Manufacturer: syz [ 1117.963533][T11856] usb 10-1: SerialNumber: syz [ 1118.049773][T11856] usb 10-1: config 0 descriptor?? [ 1118.135228][T11856] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 1118.343325][T14538] loop2: detected capacity change from 0 to 1024 [ 1118.600602][T14538] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1118.926926][T11856] gspca_pac7302: reg_w() failed i: 78 v: 40 error -71 [ 1119.022708][T11856] gspca_pac7302 10-1:0.0: probe with driver gspca_pac7302 failed with error -71 [ 1119.125161][T11856] usb 10-1: USB disconnect, device number 2 [ 1119.637505][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1120.183075][T14555] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1120.446753][T14560] loop2: detected capacity change from 0 to 512 [ 1120.557336][T14560] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 1122.188769][T14250] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1123.419399][T14594] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1123.496725][T14594] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1123.550165][T14594] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1123.560305][T14596] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1123.626641][T14596] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1124.603757][T14607] loop2: detected capacity change from 0 to 1024 [ 1125.523374][ T138] hfsplus: b-tree write err: -5, ino 25 [ 1125.617518][ T138] hfsplus: b-tree write err: -5, ino 4 [ 1125.679335][ T138] hfsplus: b-tree write err: -5, ino 2 [ 1125.683579][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 1125.722991][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 1125.760049][ T138] hfsplus: b-tree write err: -5, ino 17 [ 1126.666201][T14250] veth0_vlan: entered promiscuous mode [ 1126.891067][T14250] veth1_vlan: entered promiscuous mode [ 1127.865757][T14648] loop2: detected capacity change from 0 to 512 [ 1128.788514][T14648] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1128.966371][T14648] ext4 filesystem being mounted at /616/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1129.032974][T14250] veth0_macvtap: entered promiscuous mode [ 1129.241778][T14250] veth1_macvtap: entered promiscuous mode [ 1129.664161][T14250] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1129.691028][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1129.844443][T14250] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1130.981191][T14671] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3115'. [ 1131.150026][ T126] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1131.567954][ T126] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1131.649685][ T126] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1131.714558][ T4865] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1136.963458][T14742] loop2: detected capacity change from 0 to 128 [ 1137.060261][T14742] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 1137.242437][T14742] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1137.370102][T14742] ext2 filesystem being mounted at /622/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1137.535150][T14742] overlayfs: upper fs needs to support d_type. [ 1137.609371][T14750] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1138.197211][ T5779] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1139.164897][T14765] loop9: detected capacity change from 0 to 1024 [ 1139.727484][T14771] hfsplus: b-tree write err: -5, ino 3 [ 1139.764712][T14773] input: syz0 as /devices/virtual/input/input26 [ 1141.098874][ T5830] kernel read not supported for file /input/event1 (pid: 5830 comm: kworker/1:5) [ 1142.267271][T14791] loop2: detected capacity change from 0 to 40427 [ 1142.289475][T14791] F2FS-fs: inline encryption not supported [ 1142.317992][T14791] F2FS-fs (loop2): Image doesn't support compression [ 1142.324944][T14791] F2FS-fs (loop2): build fault injection rate: 6 [ 1142.335909][T14791] F2FS-fs (loop2): build fault injection type: 0x3bf [ 1142.366920][T14791] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of get_checkpoint_version+0x4a/0x9b0 [ 1142.380109][T14791] F2FS-fs (loop2): invalid crc value [ 1142.493889][T14791] F2FS-fs (loop2): inject kmalloc in f2fs_kmalloc of f2fs_fill_super+0x85cf/0xb2e0 [ 1142.504960][T14791] F2FS-fs (loop2): Failed to initialize F2FS segment manager (-12) [ 1143.405397][T14808] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1143.412770][T14808] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1144.356581][T14805] loop2: detected capacity change from 0 to 2048 [ 1144.645742][T13510] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1144.824484][T14805] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1144.843636][T13510] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1145.300114][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1145.335967][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1147.976667][T14843] netlink: 824 bytes leftover after parsing attributes in process `syz.5.3163'. [ 1148.060762][T14843] netlink: 824 bytes leftover after parsing attributes in process `syz.5.3163'. [ 1148.143925][T14843] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3163'. [ 1148.611864][T14852] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1149.165286][T14858] loop5: detected capacity change from 0 to 128 [ 1149.362076][T14858] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1149.525866][T14858] ext4 filesystem being mounted at /2/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1149.874990][T14864] loop2: detected capacity change from 0 to 512 [ 1150.085986][T14864] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1150.301918][T14250] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1150.428887][ T9968] Bluetooth: hci4: command 0x0405 tx timeout [ 1150.982979][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1151.798804][T14881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1151.889659][T14881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1151.947234][T14881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1151.973569][T14883] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1152.089754][T14883] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 1152.362397][T14885] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1152.450540][T14885] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1152.526483][T14885] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1152.535757][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1152.608185][T14885] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1153.503272][T14899] sctp: [Deprecated]: syz.1.3183 (pid 14899) Use of int in max_burst socket option deprecated. [ 1153.503272][T14899] Use struct sctp_assoc_value instead [ 1154.874038][T14901] loop2: detected capacity change from 0 to 40427 [ 1154.982538][T14901] F2FS-fs (loop2): invalid crc value [ 1155.320136][T14901] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 1155.338630][T14901] F2FS-fs (loop2): Start checkpoint disabled! [ 1155.403268][T14901] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 1155.428481][T14901] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 1158.577842][T14943] vlan2: entered promiscuous mode [ 1158.604671][T14943] gretap0: entered promiscuous mode [ 1158.633300][T14943] vlan2: entered allmulticast mode [ 1158.668072][T14943] gretap0: entered allmulticast mode [ 1158.990058][T14948] loop7: detected capacity change from 0 to 7 [ 1159.044568][ C0] blk_print_req_error: 138 callbacks suppressed [ 1159.044657][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1159.061297][ C0] buffer_io_error: 138 callbacks suppressed [ 1159.061380][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1159.095550][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1159.105688][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1159.159186][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1159.169413][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1159.188096][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1159.200468][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1159.210620][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 1159.227890][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1159.237983][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 1159.248334][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1159.258507][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1159.277824][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1159.287958][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1159.296772][ T5961] ldm_validate_partition_table(): Disk read failed. [ 1159.341076][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1159.351230][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 1159.369459][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1159.379625][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1159.393774][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1159.448155][ T5961] Dev loop7: unable to read RDB block 0 [ 1159.463940][ T5961] loop7: unable to read partition table [ 1159.502076][ T5961] loop7: partition table beyond EOD, truncated [ 1159.578419][T14948] ldm_validate_partition_table(): Disk read failed. [ 1159.639725][T14948] Dev loop7: unable to read RDB block 0 [ 1159.678925][T14948] loop7: unable to read partition table [ 1159.705212][T14948] loop7: partition table beyond EOD, truncated [ 1159.724494][T14948] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 1160.907500][T14961] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3204'. [ 1163.024057][ T1038] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1163.403431][ T1038] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1163.772509][T14989] loop5: detected capacity change from 0 to 512 [ 1163.941548][ T1038] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1163.970835][T14989] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1164.370694][ T1038] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1164.596407][T14250] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1165.160436][ T1038] bridge_slave_1: left allmulticast mode [ 1165.166348][ T1038] bridge_slave_1: left promiscuous mode [ 1165.208508][ T1038] bridge0: port 2(bridge_slave_1) entered disabled state [ 1165.234201][ T1038] bridge_slave_0: left allmulticast mode [ 1165.241100][ T1038] bridge_slave_0: left promiscuous mode [ 1165.248734][ T1038] bridge0: port 1(bridge_slave_0) entered disabled state [ 1166.363894][ T1038] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1166.484045][ T1038] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1166.544995][ T1038] bond0 (unregistering): Released all slaves [ 1166.668598][T15005] input input28: cannot allocate more than FF_MAX_EFFECTS effects [ 1168.420328][ T9968] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1168.445448][ T9968] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1168.455627][ T9968] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1168.472397][ T9968] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1168.543139][ T9968] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1168.707138][ T1038] hsr_slave_0: left promiscuous mode [ 1168.775203][ T1038] hsr_slave_1: left promiscuous mode [ 1168.854326][ T1038] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1168.874652][ T1038] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1168.964441][ T1038] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1169.025987][ T1038] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1169.191899][ T1038] veth1_macvtap: left promiscuous mode [ 1169.208520][ T1038] veth0_macvtap: left promiscuous mode [ 1169.243427][ T1038] veth1_vlan: left promiscuous mode [ 1169.284244][ T1038] veth0_vlan: left promiscuous mode [ 1170.091129][T15037] loop5: detected capacity change from 0 to 8192 [ 1170.588085][ T9968] Bluetooth: hci2: command tx timeout [ 1172.668223][ T9968] Bluetooth: hci2: command tx timeout [ 1172.685566][ T1038] team0 (unregistering): Port device team_slave_1 removed [ 1172.804573][ T1038] team0 (unregistering): Port device team_slave_0 removed [ 1173.370489][T15079] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3244'. [ 1173.839623][T15074] netlink: 'syz.5.3243': attribute type 2 has an invalid length. [ 1174.753898][ T9968] Bluetooth: hci2: command tx timeout [ 1175.421419][T15098] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1176.521534][T15111] loop2: detected capacity change from 0 to 512 [ 1176.783920][T15111] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1176.838338][ T9968] Bluetooth: hci2: command tx timeout [ 1176.954214][T15111] ext4 filesystem being mounted at /647/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1177.555784][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1177.556682][T15026] chnl_net:caif_netlink_parms(): no params data found [ 1179.953482][T15130] loop5: detected capacity change from 0 to 32768 [ 1179.971273][T15130] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.3259 (15130) [ 1179.996397][T15130] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1180.006998][T15130] BTRFS info (device loop5): using crc32c checksum algorithm [ 1180.507066][T15130] BTRFS info (device loop5): enabling ssd optimizations [ 1180.514486][T15130] BTRFS info (device loop5): turning on async discard [ 1180.521858][T15130] BTRFS info (device loop5): enabling free space tree [ 1180.678816][T14250] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1181.935843][T15026] bridge0: port 1(bridge_slave_0) entered blocking state [ 1181.993470][T15026] bridge0: port 1(bridge_slave_0) entered disabled state [ 1182.069396][T15026] bridge_slave_0: entered allmulticast mode [ 1182.166840][T15026] bridge_slave_0: entered promiscuous mode [ 1182.241371][T15026] bridge0: port 2(bridge_slave_1) entered blocking state [ 1182.279449][T15026] bridge0: port 2(bridge_slave_1) entered disabled state [ 1182.309379][T15026] bridge_slave_1: entered allmulticast mode [ 1182.356860][T15026] bridge_slave_1: entered promiscuous mode [ 1183.092084][T15026] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1183.231077][T15026] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1183.992227][T15026] team0: Port device team_slave_0 added [ 1184.122315][T15026] team0: Port device team_slave_1 added [ 1184.504041][T15196] batadv_slave_1: entered promiscuous mode [ 1184.729541][T15194] batadv_slave_1: left promiscuous mode [ 1184.783187][T15026] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1184.828444][T15026] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1185.047496][T15026] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1185.152100][T15026] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1185.212937][T15026] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1185.398289][T15026] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1185.599164][T12621] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 1185.808101][T12621] usb 3-1: Using ep0 maxpacket: 16 [ 1185.822156][T12621] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1185.878150][T12621] usb 3-1: config 0 has no interfaces? [ 1185.932010][T12621] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1185.984003][T12621] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1186.052008][T12621] usb 3-1: SerialNumber: syz [ 1186.099652][T12621] usb 3-1: config 0 descriptor?? [ 1186.255462][T15026] hsr_slave_0: entered promiscuous mode [ 1186.283081][T15026] hsr_slave_1: entered promiscuous mode [ 1186.385145][T15026] debugfs: 'hsr0' already exists in 'hsr' [ 1186.428115][T15026] Cannot create hsr debugfs directory [ 1186.435759][T15216] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3284'. [ 1186.488093][T11856] usb 3-1: USB disconnect, device number 29 [ 1186.557922][T15216] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1186.808284][T15216] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1187.092261][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 1187.099671][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 1187.328063][T11856] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 1187.558807][T11856] usb 6-1: Using ep0 maxpacket: 32 [ 1187.621475][T11856] usb 6-1: config 0 has an invalid interface number: 119 but max is 0 [ 1187.666639][T11856] usb 6-1: config 0 has no interface number 0 [ 1187.677856][T11856] usb 6-1: config 0 interface 119 has no altsetting 0 [ 1187.830839][T11856] usb 6-1: New USB device found, idVendor=0856, idProduct=ac30, bcdDevice=da.f9 [ 1187.852747][ T29] audit: type=1326 audit(1772176891.577:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15222 comm="syz.7.3287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f5459c799 code=0x7ffc0000 [ 1187.923160][T11856] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1187.977991][T11856] usb 6-1: Product: syz [ 1187.982422][T11856] usb 6-1: Manufacturer: syz [ 1187.987237][T11856] usb 6-1: SerialNumber: syz [ 1188.019913][ T29] audit: type=1326 audit(1772176891.577:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15222 comm="syz.7.3287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f5459c799 code=0x7ffc0000 [ 1188.106892][T11856] usb 6-1: config 0 descriptor?? [ 1188.168011][ T29] audit: type=1326 audit(1772176891.637:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15222 comm="syz.7.3287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f5f5459c799 code=0x7ffc0000 [ 1188.300931][ T29] audit: type=1326 audit(1772176891.637:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15222 comm="syz.7.3287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f5459c799 code=0x7ffc0000 [ 1188.504928][ T29] audit: type=1326 audit(1772176891.637:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15222 comm="syz.7.3287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f5459c799 code=0x7ffc0000 [ 1188.644988][ T29] audit: type=1326 audit(1772176891.577:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15222 comm="syz.7.3287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f5459c799 code=0x7ffc0000 [ 1188.752111][ T29] audit: type=1326 audit(1772176891.637:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15222 comm="syz.7.3287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f5459c799 code=0x7ffc0000 [ 1188.900316][T11856] mos7840 6-1:0.119: required endpoints missing [ 1188.998273][ T29] audit: type=1326 audit(1772176891.647:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15222 comm="syz.7.3287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f5459c799 code=0x7ffc0000 [ 1189.074197][T11856] usb 6-1: USB disconnect, device number 2 [ 1189.188354][ T29] audit: type=1326 audit(1772176891.647:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15222 comm="syz.7.3287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f5459c799 code=0x7ffc0000 [ 1189.340526][ T29] audit: type=1326 audit(1772176891.647:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15222 comm="syz.7.3287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7f5f5459c799 code=0x7ffc0000 [ 1190.912476][T15026] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1191.593122][T15026] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1191.966591][T15026] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1192.243895][T15267] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3298'. [ 1192.306010][T15268] overlayfs: failed to clone upperpath [ 1192.468409][T15026] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1192.634905][T15275] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1192.646321][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1194.955846][T15026] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1195.234819][T15026] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1195.519771][T15026] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1195.718926][T15026] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1196.126259][T15304] loop5: detected capacity change from 0 to 1024 [ 1196.571828][T15304] hfsplus: catalog searching failed [ 1197.110451][ T14] hfsplus: b-tree write err: -5, ino 3 [ 1197.239067][T14250] hfsplus: node 4:3 still has 1 user(s)! [ 1197.378641][T15317] netlink: 'syz.2.3316': attribute type 4 has an invalid length. [ 1198.391820][T15026] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1198.585325][T15333] netlink: 64 bytes leftover after parsing attributes in process `syz.7.3321'. [ 1198.859060][T15026] 8021q: adding VLAN 0 to HW filter on device team0 [ 1199.066101][ T34] bridge0: port 1(bridge_slave_0) entered blocking state [ 1199.073796][ T34] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1199.334570][ T34] bridge0: port 2(bridge_slave_1) entered blocking state [ 1199.342341][ T34] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1199.433807][T12621] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 1199.649053][T12621] usb 3-1: Using ep0 maxpacket: 8 [ 1199.701883][T12621] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1199.763594][T12621] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1199.855276][T12621] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1199.899802][T12621] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1199.998704][T12621] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1200.050977][T12621] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1200.468208][T12621] usb 3-1: GET_CAPABILITIES returned 2f [ 1200.514762][T12621] usbtmc 3-1:16.0: can't read capabilities [ 1200.729444][T12621] usb 3-1: USB disconnect, device number 30 [ 1202.265776][ T57] ===================================================== [ 1202.273669][ T57] BUG: KMSAN: uninit-value in n_tty_receive_buf_standard+0xe7b/0xc820 [ 1202.282306][ T57] n_tty_receive_buf_standard+0xe7b/0xc820 [ 1202.292499][ T57] n_tty_receive_buf_common+0x1a59/0x2610 [ 1202.300023][ T57] n_tty_receive_buf2+0x4c/0x60 [ 1202.305169][ T57] tty_ldisc_receive_buf+0xc6/0x2c0 [ 1202.310708][ T57] tty_port_default_receive_buf+0xd7/0x1a0 [ 1202.316760][ T57] flush_to_ldisc+0x43e/0xe40 [ 1202.321832][ T57] process_scheduled_works+0xb21/0x1e30 [ 1202.327607][ T57] worker_thread+0xede/0x1580 [ 1202.333114][ T57] kthread+0x53f/0x600 [ 1202.337410][ T57] ret_from_fork+0x20f/0x910 [ 1202.342354][ T57] ret_from_fork_asm+0x1a/0x30 [ 1202.347431][ T57] [ 1202.350045][ T57] Uninit was stored to memory at: [ 1202.355373][ T57] n_tty_receive_buf_standard+0xe74/0xc820 [ 1202.361906][ T57] n_tty_receive_buf_common+0x1a59/0x2610 [ 1202.368037][ T57] n_tty_receive_buf2+0x4c/0x60 [ 1202.373167][ T57] tty_ldisc_receive_buf+0xc6/0x2c0 [ 1202.380259][ T57] tty_port_default_receive_buf+0xd7/0x1a0 [ 1202.386312][ T57] flush_to_ldisc+0x43e/0xe40 [ 1202.396129][ T57] process_scheduled_works+0xb21/0x1e30 [ 1202.403186][ T57] worker_thread+0xede/0x1580 [ 1202.408198][ T57] kthread+0x53f/0x600 [ 1202.412479][ T57] ret_from_fork+0x20f/0x910 [ 1202.417256][ T57] ret_from_fork_asm+0x1a/0x30 [ 1202.422401][ T57] [ 1202.424829][ T57] Uninit was created at: [ 1202.435507][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1202.464232][ T57] __kmalloc_noprof+0x486/0x1680 [ 1202.469513][ T57] __tty_buffer_request_room+0x3d4/0x7a0 [ 1202.475376][ T57] __tty_insert_flip_string_flags+0x157/0x6e0 [ 1202.481813][ T57] uart_insert_char+0x368/0x930 [ 1202.486873][ T57] serial8250_read_char+0x1ba/0x670 [ 1202.497996][ T57] serial8250_handle_irq+0x930/0x1110 [ 1202.503613][ T57] serial8250_default_handle_irq+0x116/0x370 [ 1202.511187][ T57] serial8250_interrupt+0xcb/0x420 [ 1202.516571][ T57] __handle_irq_event_percpu+0x13c/0xf90 [ 1202.522501][ T57] handle_irq_event+0xe0/0x2a0 [ 1202.527448][ T57] handle_edge_irq+0x2a9/0xb30 [ 1202.532572][ T57] __common_interrupt+0x9d/0x180 [ 1202.537828][ T57] common_interrupt+0x94/0xb0 [ 1202.542721][ T57] asm_common_interrupt+0x2b/0x40 [ 1202.548107][ T57] [ 1202.550562][ T57] CPU: 1 UID: 0 PID: 57 Comm: kworker/u8:4 Tainted: G L syzkaller #0 PREEMPT(full) [ 1202.561739][ T57] Tainted: [L]=SOFTLOCKUP [ 1202.566210][ T57] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1202.576618][ T57] Workqueue: events_unbound flush_to_ldisc [ 1202.582823][ T57] ===================================================== [ 1202.590016][ T57] Disabling lock debugging due to kernel taint [ 1202.735851][T15363] loop2: detected capacity change from 0 to 512 [ 1202.748107][ T57] Kernel panic - not syncing: kmsan.panic set ... [ 1202.754727][ T57] CPU: 1 UID: 0 PID: 57 Comm: kworker/u8:4 Tainted: G B L syzkaller #0 PREEMPT(full) [ 1202.765900][ T57] Tainted: [B]=BAD_PAGE, [L]=SOFTLOCKUP [ 1202.771580][ T57] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1202.781814][ T57] Workqueue: events_unbound flush_to_ldisc [ 1202.787869][ T57] Call Trace: [ 1202.791280][ T57] [ 1202.794347][ T57] __dump_stack+0x26/0x30 [ 1202.798904][ T57] dump_stack_lvl+0x50/0x1c0 [ 1202.803710][ T57] ? dump_stack+0x12/0x25 [ 1202.808263][ T57] dump_stack+0x1e/0x25 [ 1202.812639][ T57] vpanic+0x7b4/0x1430 [ 1202.816960][ T57] panic+0x15d/0x160 [ 1202.821140][ T57] kmsan_report+0x31a/0x320 [ 1202.825931][ T57] ? __msan_warning+0x1b/0x30 [ 1202.830830][ T57] ? n_tty_receive_buf_standard+0xe7b/0xc820 [ 1202.837077][ T57] ? n_tty_receive_buf_common+0x1a59/0x2610 [ 1202.843246][ T57] ? n_tty_receive_buf2+0x4c/0x60 [ 1202.848534][ T57] ? tty_ldisc_receive_buf+0xc6/0x2c0 [ 1202.854138][ T57] ? tty_port_default_receive_buf+0xd7/0x1a0 [ 1202.860382][ T57] ? flush_to_ldisc+0x43e/0xe40 [ 1202.865456][ T57] ? process_scheduled_works+0xb21/0x1e30 [ 1202.871398][ T57] ? worker_thread+0xede/0x1580 [ 1202.876477][ T57] ? kthread+0x53f/0x600 [ 1202.880952][ T57] ? ret_from_fork+0x20f/0x910 [ 1202.885928][ T57] ? ret_from_fork_asm+0x1a/0x30 [ 1202.891139][ T57] ? ret_from_fork_asm+0x1a/0x30 [ 1202.896321][ T57] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1202.902420][ T57] ? update_load_avg+0x14eb/0x25d0 [ 1202.907828][ T57] ? kmsan_get_metadata+0x146/0x160 [ 1202.913273][ T57] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 1202.919860][ T57] ? kmsan_get_metadata+0x146/0x160 [ 1202.925305][ T57] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1202.931386][ T57] ? n_tty_receive_char+0x1223/0x14f0 [ 1202.937116][ T57] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 1202.943695][ T57] ? kmsan_get_metadata+0xf1/0x160 [ 1202.949065][ T57] __msan_warning+0x1b/0x30 [ 1202.953795][ T57] n_tty_receive_buf_standard+0xe7b/0xc820 [ 1202.959921][ T57] ? kmsan_get_metadata+0xf1/0x160 [ 1202.965284][ T57] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 1202.971951][ T57] ? kmsan_get_metadata+0xf1/0x160 [ 1202.977343][ T57] ? __mod_timer+0x1531/0x1e70 [ 1202.982336][ T57] ? kmsan_get_metadata+0xf1/0x160 [ 1202.987700][ T57] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 1202.994042][ T57] n_tty_receive_buf_common+0x1a59/0x2610 [ 1203.000162][ T57] n_tty_receive_buf2+0x4c/0x60 [ 1203.005280][ T57] ? __pfx_n_tty_receive_buf2+0x10/0x10 [ 1203.011090][ T57] tty_ldisc_receive_buf+0xc6/0x2c0 [ 1203.016539][ T57] tty_port_default_receive_buf+0xd7/0x1a0 [ 1203.022611][ T57] flush_to_ldisc+0x43e/0xe40 [ 1203.027531][ T57] ? __pfx_tty_port_default_receive_buf+0x10/0x10 [ 1203.034196][ T57] ? __pfx_flush_to_ldisc+0x10/0x10 [ 1203.039643][ T57] process_scheduled_works+0xb21/0x1e30 [ 1203.045508][ T57] worker_thread+0xede/0x1580 [ 1203.050444][ T57] kthread+0x53f/0x600 [ 1203.054753][ T57] ? __pfx_worker_thread+0x10/0x10 [ 1203.060102][ T57] ? __pfx_kthread+0x10/0x10 [ 1203.064937][ T57] ret_from_fork+0x20f/0x910 [ 1203.069749][ T57] ? __switch_to+0x51c/0x750 [ 1203.074631][ T57] ? __pfx_kthread+0x10/0x10 [ 1203.079471][ T57] ret_from_fork_asm+0x1a/0x30 [ 1203.084524][ T57] [ 1203.088395][ T57] Kernel Offset: disabled [ 1203.092799][ T57] Rebooting in 86400 seconds..